Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/URjA5_NvYEW6vpcfFWgS0NATj6Q.roa
File:                     URjA5_NvYEW6vpcfFWgS0NATj6Q.roa (raw, json)
Hash identifier:          jydCRmw4JLDo7GsH8nB8dgMiw5berfQwquIwcGMvqFA=
Subject key identifier:   51:18:C0:E7:F3:6F:60:45:BA:BE:97:1F:15:68:12:D0:D0:13:8F:A4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019470C24334EFD8683EE9D16945F4586FE6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/URjA5_NvYEW6vpcfFWgS0NATj6Q.roa
Signing time:             Thu 16 Jan 2025 20:16:06 +0000
ROA not before:           Thu 16 Jan 2025 20:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59538
IP address blocks:        31.58.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:70:c2:43:34:ef:d8:68:3e:e9:d1:69:45:f4:58:6f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 16 20:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5118c0e7f36f6045babe971f156812d0d0138fa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:66:1a:45:46:29:be:ab:9c:74:1c:43:8f:0a:
                    3c:63:e9:2c:ef:b9:fd:46:6c:b7:ef:16:3e:d7:78:
                    92:bb:a6:ce:e4:42:94:5b:2e:8e:07:f0:ab:fa:3e:
                    84:05:31:b9:b4:a6:b7:32:33:51:15:fd:6b:f0:b2:
                    17:93:03:6a:04:07:db:2b:3a:a1:fc:67:f0:db:da:
                    64:2f:55:12:77:86:d4:67:91:6b:b3:58:56:07:cc:
                    43:5b:f8:12:15:de:e9:70:4d:18:0c:03:50:cd:c6:
                    13:58:6d:63:6b:d3:f1:b2:aa:c6:70:6f:b8:f8:da:
                    3c:ef:b8:71:4f:5a:7b:7c:1b:9c:a5:44:2d:60:59:
                    67:94:8b:f0:68:3f:cd:51:4a:68:ff:7e:4e:c8:52:
                    5a:4d:ff:eb:c9:d6:32:05:a8:4a:7b:fb:41:67:5c:
                    48:bf:54:55:04:5a:52:d0:1e:71:fb:3a:eb:88:53:
                    17:b9:f4:1a:a2:70:fb:9f:3d:d6:36:45:bc:dd:9f:
                    0e:63:90:a6:77:09:9b:ba:78:5b:f5:32:fa:af:38:
                    b4:2c:2c:3b:50:74:06:8a:af:0c:18:1f:a5:43:c4:
                    fc:5f:ca:81:e2:27:6a:2b:07:e3:8f:be:68:84:f0:
                    35:ef:39:f9:c7:0d:cb:d0:28:20:6d:5f:63:30:ac:
                    a3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:18:C0:E7:F3:6F:60:45:BA:BE:97:1F:15:68:12:D0:D0:13:8F:A4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/URjA5_NvYEW6vpcfFWgS0NATj6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:71:a8:90:b3:3e:7d:c2:34:ef:d6:47:08:5c:72:2a:33:33:
         12:98:97:9d:11:6c:35:0e:d8:0f:c1:f5:49:33:c5:db:5c:9e:
         05:35:f5:e4:39:25:14:cc:c3:0c:8e:95:cb:2e:30:14:01:d3:
         23:25:d2:61:0f:36:a0:1f:dd:00:43:50:67:e5:00:b4:21:de:
         dd:35:30:fc:b7:d3:2d:6a:b2:24:ae:09:24:a0:38:0d:12:c1:
         06:c3:2d:12:99:15:12:11:74:ec:23:7e:21:46:98:b1:0a:f6:
         24:f7:0b:e5:c7:ff:60:c0:e4:cd:5d:69:f5:0b:26:40:26:eb:
         b3:79:91:37:86:d9:8e:12:da:03:14:44:26:d3:51:c1:7f:03:
         3b:d6:f8:52:b2:38:30:be:ad:4b:d6:87:57:66:28:4a:54:1a:
         b1:be:3c:9f:b4:9f:25:d7:54:33:7d:73:ff:ad:2f:77:82:80:
         56:d6:63:50:69:93:0b:9d:cf:f8:c1:ad:5b:d2:1c:f7:68:e2:
         f2:cb:b7:ae:3c:22:4c:ca:22:67:77:89:ba:a7:76:2d:1e:33:
         5d:e5:a4:64:3b:29:20:43:ad:9d:78:8a:58:df:4f:26:ba:83:
         a7:5e:15:a8:30:ad:8e:4c:fa:61:34:26:e9:a2:70:0e:14:23:
         c7:5f:79:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRwwkM079hoPunRaUX0WG/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTE2MjAxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTE4YzBlN2YzNmY2MDQ1YmFiZTk3MWYxNTY4MTJkMGQwMTM4ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GYaRUYpvqucdBxDjwo8Y+ks77n9
Rmy37xY+13iSu6bO5EKUWy6OB/Cr+j6EBTG5tKa3MjNRFf1r8LIXkwNqBAfbKzqh
/Gfw29pkL1USd4bUZ5Frs1hWB8xDW/gSFd7pcE0YDANQzcYTWG1ja9PxsqrGcG+4
+No877hxT1p7fBucpUQtYFlnlIvwaD/NUUpo/35OyFJaTf/rydYyBahKe/tBZ1xI
v1RVBFpS0B5x+zrriFMXufQaonD7nz3WNkW83Z8OY5Cmdwmbunhb9TL6rzi0LCw7
UHQGiq8MGB+lQ8T8X8qB4idqKwfjj75ohPA17zn5xw3L0CggbV9jMKyj/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEYwOfzb2BFur6XHxVoEtDQE4+kMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVVJqQTVfTnZZRVc2dnBjZkZXZ1MwTkFUajZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqdMA0G
CSqGSIb3DQEBCwUAA4IBAQALcaiQsz59wjTv1kcIXHIqMzMSmJedEWw1DtgPwfVJ
M8XbXJ4FNfXkOSUUzMMMjpXLLjAUAdMjJdJhDzagH90AQ1Bn5QC0Id7dNTD8t9Mt
arIkrgkkoDgNEsEGwy0SmRUSEXTsI34hRpixCvYk9wvlx/9gwOTNXWn1CyZAJuuz
eZE3htmOEtoDFEQm01HBfwM71vhSsjgwvq1L1odXZihKVBqxvjyftJ8l11QzfXP/
rS93goBW1mNQaZMLnc/4wa1b0hz3aOLyy7euPCJMyiJnd4m6p3YtHjNd5aRkOykg
Q62deIpY308muoOnXhWoMK2OTPphNCbponAOFCPHX3nu
-----END CERTIFICATE-----