Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UBXgYZB4-90Q6_IV21DG6-3D6tw.roa
File:                     UBXgYZB4-90Q6_IV21DG6-3D6tw.roa (raw, json)
Hash identifier:          jikxslqBoUjSyv1iduKMlatl0ld7IuMh4Wb98Kw55lo=
Subject key identifier:   50:15:E0:61:90:78:FB:DD:10:EB:F2:15:DB:50:C6:EB:ED:C3:EA:DC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192DF01AB3ED333E99D47D311C2C6736D69
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UBXgYZB4-90Q6_IV21DG6-3D6tw.roa
Signing time:             Wed 30 Oct 2024 19:58:01 +0000
ROA not before:           Wed 30 Oct 2024 19:58:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203462
IP address blocks:        31.59.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:df:01:ab:3e:d3:33:e9:9d:47:d3:11:c2:c6:73:6d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 30 19:58:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5015e0619078fbdd10ebf215db50c6ebedc3eadc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:77:4e:09:24:23:60:99:bf:b3:01:d4:35:68:
                    80:00:b1:5f:00:c1:9b:09:c5:d1:da:d7:ea:a4:74:
                    58:ff:07:94:ca:35:30:13:dd:2e:a4:bb:7a:36:e3:
                    31:38:3d:03:76:62:b2:8d:ee:3b:ad:cf:bf:5b:31:
                    db:df:82:89:15:04:4d:7a:bf:91:b2:5a:86:9b:16:
                    db:2e:69:8c:a1:2f:90:1a:9f:ee:85:b6:d7:0d:f3:
                    60:e5:c6:89:06:e6:54:10:c3:ac:ec:c6:39:18:13:
                    9f:32:8f:c0:cf:a0:40:b5:cf:e0:98:09:5f:b5:f6:
                    45:3c:79:7f:6e:d4:30:a9:6b:ae:39:bb:57:74:17:
                    38:c0:4f:1b:62:e4:4e:53:a0:db:36:2f:20:14:74:
                    3a:5d:da:52:6d:76:99:3c:fb:43:26:d8:2e:89:80:
                    12:ff:7a:8f:9e:ea:cc:0d:4b:be:ec:d6:05:6f:cc:
                    eb:c9:37:62:28:69:a8:f3:eb:da:ee:48:ec:75:db:
                    7e:ea:ea:32:7a:4b:60:23:f4:78:24:a3:77:9e:59:
                    8a:bf:7e:cd:1c:93:18:59:4b:fd:61:d7:97:82:a1:
                    f1:47:ff:70:cd:30:f5:58:72:8e:09:cd:c5:6d:d9:
                    a6:25:a1:bd:f2:0c:58:f5:8b:60:9b:dc:e9:08:b7:
                    a3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:15:E0:61:90:78:FB:DD:10:EB:F2:15:DB:50:C6:EB:ED:C3:EA:DC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UBXgYZB4-90Q6_IV21DG6-3D6tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:77:b4:53:9a:d4:f7:64:14:12:0d:ce:ac:ec:90:d0:80:c8:
         d9:74:87:d6:b3:8e:86:a1:37:d9:8e:3e:20:f9:b0:22:28:68:
         81:8d:3c:c4:34:75:46:5e:25:d0:59:ff:df:6e:39:63:98:12:
         b5:f9:5f:db:42:f2:6e:aa:08:0d:22:56:56:8f:3d:58:22:44:
         61:1b:fb:11:d8:45:bc:55:7a:41:95:b3:b9:89:c2:f9:6f:22:
         4c:d5:43:9a:be:9f:a2:7b:ae:c6:98:5f:bf:fc:29:21:02:0e:
         21:5b:5d:c8:ef:f4:08:c2:62:e2:ec:f9:f4:6f:1e:ec:cd:db:
         90:ad:fc:0c:2c:53:ad:bc:8c:43:6b:18:c1:16:6d:c7:f4:25:
         ab:fa:f0:ec:26:af:f0:86:ee:79:23:b6:d7:bf:7f:59:8b:d2:
         30:fc:ca:82:31:e2:2a:6f:f1:27:05:71:14:3c:22:b1:0e:da:
         9c:e3:c3:f1:ad:29:eb:56:f9:9a:89:ff:14:18:4f:47:64:22:
         83:fd:10:ee:31:4f:08:c6:21:6f:1d:3f:bf:1a:f6:73:e5:7e:
         61:0e:e4:1a:fe:54:d9:28:3d:b6:30:87:91:44:d3:3b:4a:98:
         f2:9f:16:d0:94:0d:16:6c:4d:01:11:1e:b3:0c:41:25:0b:9c:
         1b:23:81:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLfAas+0zPpnUfTEcLGc21pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDMwMTk1ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDE1ZTA2MTkwNzhmYmRkMTBlYmYyMTVkYjUwYzZlYmVkYzNlYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3dOCSQjYJm/swHUNWiAALFfAMGb
CcXR2tfqpHRY/weUyjUwE90upLt6NuMxOD0DdmKyje47rc+/WzHb34KJFQRNer+R
slqGmxbbLmmMoS+QGp/uhbbXDfNg5caJBuZUEMOs7MY5GBOfMo/Az6BAtc/gmAlf
tfZFPHl/btQwqWuuObtXdBc4wE8bYuROU6DbNi8gFHQ6XdpSbXaZPPtDJtguiYAS
/3qPnurMDUu+7NYFb8zryTdiKGmo8+va7kjsddt+6uoyektgI/R4JKN3nlmKv37N
HJMYWUv9YdeXgqHxR/9wzTD1WHKOCc3FbdmmJaG98gxY9Ytgm9zpCLejYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAV4GGQePvdEOvyFdtQxuvtw+rcMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVUJYZ1laQjQtOTBRNl9JVjIxREc2LTNENnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztZMA0G
CSqGSIb3DQEBCwUAA4IBAQCYd7RTmtT3ZBQSDc6s7JDQgMjZdIfWs46GoTfZjj4g
+bAiKGiBjTzENHVGXiXQWf/fbjljmBK1+V/bQvJuqggNIlZWjz1YIkRhG/sR2EW8
VXpBlbO5icL5byJM1UOavp+ie67GmF+//CkhAg4hW13I7/QIwmLi7Pn0bx7szduQ
rfwMLFOtvIxDaxjBFm3H9CWr+vDsJq/whu55I7bXv39Zi9Iw/MqCMeIqb/EnBXEU
PCKxDtqc48PxrSnrVvmaif8UGE9HZCKD/RDuMU8IxiFvHT+/GvZz5X5hDuQa/lTZ
KD22MIeRRNM7SpjynxbQlA0WbE0BER6zDEElC5wbI4Ge
-----END CERTIFICATE-----