Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UV8I081GmfCAa-CRFQwi266i7M4.roa
File:                     UV8I081GmfCAa-CRFQwi266i7M4.roa (raw, json)
Hash identifier:          /TWqMBU4Nvq0hfNBwQzBbOlCAmV3FkJE7CPiGXnhG3M=
Subject key identifier:   51:5F:08:D3:CD:46:99:F0:80:6B:E0:91:15:0C:22:DB:AE:A2:EC:CE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192E8E2BAA186846CC1066630E7F3BD76A5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UV8I081GmfCAa-CRFQwi266i7M4.roa
Signing time:             Fri 01 Nov 2024 18:00:25 +0000
ROA not before:           Fri 01 Nov 2024 18:00:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213948
IP address blocks:        31.59.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e8:e2:ba:a1:86:84:6c:c1:06:66:30:e7:f3:bd:76:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  1 18:00:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=515f08d3cd4699f0806be091150c22dbaea2ecce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:60:83:ed:03:0a:77:5c:3a:a0:31:e9:3c:17:
                    b5:6e:7d:7e:08:10:2f:43:f9:08:12:a5:86:82:ca:
                    4f:f5:e0:64:e3:c4:d3:49:6b:b5:69:84:0d:90:ef:
                    dd:58:fd:7f:88:82:d6:a3:35:6a:07:e3:45:5f:d3:
                    d2:a6:70:9e:79:77:52:dc:bb:22:f7:85:f3:44:43:
                    07:58:95:30:bf:63:4e:e1:b9:cf:70:17:40:52:53:
                    e7:9f:ca:2c:a6:af:9c:cb:9d:d8:08:f4:e1:6f:79:
                    6c:08:23:0d:57:b5:bd:15:9a:f3:ed:d6:1e:fc:11:
                    e7:88:ae:ac:81:bd:73:dc:d1:31:90:64:d3:c9:5a:
                    c2:f9:09:b3:b9:f3:8e:a2:56:8d:56:55:ee:fa:47:
                    e2:08:9d:74:9a:f9:9c:29:7c:2f:00:a6:f9:4a:26:
                    40:e0:d5:39:a3:b0:8d:1b:58:aa:55:69:6f:a4:65:
                    6e:63:6a:8c:02:d8:58:9c:16:9f:d3:a8:12:08:81:
                    fe:12:a7:ed:41:bf:5b:62:84:73:25:18:62:87:26:
                    20:e8:01:bd:e3:2f:86:b3:a5:b6:4e:27:e6:f6:47:
                    bb:c0:c0:29:7f:eb:ed:9d:a8:71:16:d0:bd:4f:55:
                    62:c7:23:00:3e:33:22:71:5b:12:5b:95:47:67:5f:
                    c1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:5F:08:D3:CD:46:99:F0:80:6B:E0:91:15:0C:22:DB:AE:A2:EC:CE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/UV8I081GmfCAa-CRFQwi266i7M4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:36:ab:5f:d4:d9:a8:8e:5f:dd:34:7c:9d:f3:7e:a0:3f:0f:
         3d:c7:72:49:60:1c:56:95:86:52:e2:6e:18:51:d8:80:8a:ee:
         ae:b5:e0:ad:6d:c1:ac:76:75:ab:78:e5:4a:1b:e2:69:83:8c:
         c5:65:37:87:38:53:6b:5f:1e:35:13:5e:5c:6a:9d:93:33:e4:
         d2:de:cc:3f:43:a4:0a:38:57:8f:43:05:63:4d:99:4e:26:81:
         2e:8c:bf:34:5c:9d:e7:5e:3d:d9:db:a6:6c:69:89:21:bf:01:
         76:4d:1c:ff:88:7a:21:ad:d8:27:bd:26:18:60:ac:5a:d0:00:
         72:26:3d:ae:ec:a6:ad:da:12:1a:88:f3:d4:b9:c2:74:cb:20:
         40:6f:d3:b4:f0:d0:77:af:cd:9b:34:12:30:2b:f4:35:80:3a:
         37:b9:0f:c8:f5:13:4e:4c:11:0a:4f:cf:7f:5e:81:77:74:51:
         5f:84:40:a8:9e:22:d9:50:05:24:62:fb:27:c2:ff:aa:5e:96:
         f1:03:8f:db:11:e0:82:51:2b:35:d1:8f:ae:a1:73:08:e2:1d:
         20:6d:c7:12:23:b5:01:1b:4b:2b:9c:15:8d:06:93:e2:aa:b6:
         cd:25:54:f7:ac:e6:92:f8:57:a8:e7:68:48:dd:54:8b:60:70:
         a1:8f:8f:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLo4rqhhoRswQZmMOfzvXalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTAxMTgwMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTVmMDhkM2NkNDY5OWYwODA2YmUwOTExNTBjMjJkYmFlYTJlY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWCD7QMKd1w6oDHpPBe1bn1+CBAv
Q/kIEqWGgspP9eBk48TTSWu1aYQNkO/dWP1/iILWozVqB+NFX9PSpnCeeXdS3Lsi
94XzREMHWJUwv2NO4bnPcBdAUlPnn8ospq+cy53YCPThb3lsCCMNV7W9FZrz7dYe
/BHniK6sgb1z3NExkGTTyVrC+QmzufOOolaNVlXu+kfiCJ10mvmcKXwvAKb5SiZA
4NU5o7CNG1iqVWlvpGVuY2qMAthYnBaf06gSCIH+EqftQb9bYoRzJRhihyYg6AG9
4y+Gs6W2Tifm9ke7wMApf+vtnahxFtC9T1VixyMAPjMicVsSW5VHZ1/BmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFfCNPNRpnwgGvgkRUMItuuouzOMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVVY4STA4MUdtZkNBYS1DUkZRd2kyNjZpN000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztHMA0G
CSqGSIb3DQEBCwUAA4IBAQAQNqtf1Nmojl/dNHyd836gPw89x3JJYBxWlYZS4m4Y
UdiAiu6uteCtbcGsdnWreOVKG+Jpg4zFZTeHOFNrXx41E15cap2TM+TS3sw/Q6QK
OFePQwVjTZlOJoEujL80XJ3nXj3Z26ZsaYkhvwF2TRz/iHohrdgnvSYYYKxa0ABy
Jj2u7Kat2hIaiPPUucJ0yyBAb9O08NB3r82bNBIwK/Q1gDo3uQ/I9RNOTBEKT89/
XoF3dFFfhEConiLZUAUkYvsnwv+qXpbxA4/bEeCCUSs10Y+uoXMI4h0gbccSI7UB
G0srnBWNBpPiqrbNJVT3rOaS+Feo52hI3VSLYHChj4/+
-----END CERTIFICATE-----