Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/V-7GSIfdVZFNG5nm_W-a9JzmAA0.roa
File:                     V-7GSIfdVZFNG5nm_W-a9JzmAA0.roa (raw, json)
Hash identifier:          WWW4UlNENgJFAuj82ITQ9ztdJYNuGJ0vc74kQQ4j9UE=
Subject key identifier:   57:EE:C6:48:87:DD:55:91:4D:1B:99:E6:FD:6F:9A:F4:9C:E6:00:0D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282377079AD0A1914DF14E90070413C9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/V-7GSIfdVZFNG5nm_W-a9JzmAA0.roa
Signing time:             Thu 02 Jan 2025 17:50:00 +0000
ROA not before:           Thu 02 Jan 2025 17:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214819
IP address blocks:        31.58.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:77:07:9a:d0:a1:91:4d:f1:4e:90:07:04:13:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57eec64887dd55914d1b99e6fd6f9af49ce6000d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:24:65:16:84:b5:49:27:3c:50:63:2d:15:94:
                    0a:5d:16:98:10:04:55:36:7d:33:e0:f1:87:b4:9c:
                    a0:56:1d:3f:bb:30:86:94:e3:da:ab:2b:ba:ac:46:
                    f4:b8:93:a4:b7:35:a5:0b:ac:8a:d9:fb:1a:32:cf:
                    fc:8d:e9:8a:ee:84:00:b5:22:98:38:a0:e4:e8:03:
                    17:f6:ef:98:33:dd:e2:7c:d9:5e:e0:85:75:a6:65:
                    cd:db:d8:ff:f3:ba:64:f8:2c:0e:d6:b1:61:3a:25:
                    aa:b7:d2:3e:e0:9d:bc:41:11:b7:bd:63:3d:c8:48:
                    ab:ec:f3:7a:56:3c:7f:79:fd:1f:77:c7:41:2c:79:
                    e0:08:e0:19:c8:45:63:61:40:a4:8f:17:da:80:02:
                    a8:3a:64:00:21:83:9c:1c:02:8c:f5:e5:0a:48:7f:
                    d4:12:71:d7:a7:cd:7f:d2:ec:10:02:bd:3c:6b:fc:
                    73:b9:9a:f4:b1:75:39:85:15:c4:c5:4c:c4:0c:04:
                    3b:ee:1d:ee:25:84:62:38:7f:df:52:16:d5:ab:43:
                    a1:e8:3a:9b:31:bb:f8:04:cd:bd:b2:ef:f6:9c:c7:
                    cd:01:d2:9a:3e:93:cb:01:08:02:eb:03:6a:e8:e5:
                    21:b9:44:5c:e0:98:81:9d:21:43:f1:e7:c4:fb:40:
                    36:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EE:C6:48:87:DD:55:91:4D:1B:99:E6:FD:6F:9A:F4:9C:E6:00:0D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/V-7GSIfdVZFNG5nm_W-a9JzmAA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:36:60:90:12:07:36:dc:f4:9c:ba:e9:ef:27:5e:7f:5c:99:
         3c:97:24:61:29:f1:a5:60:67:25:d2:c9:00:29:f4:8a:5f:6e:
         69:78:e4:b4:23:fe:a4:43:a5:bf:09:01:5d:c3:f8:ea:2a:6b:
         eb:87:f2:58:d1:20:d9:23:1c:79:93:d3:33:5e:f2:92:a6:81:
         f5:ee:14:29:02:d3:1a:9e:4b:e4:e8:b9:43:ca:a4:85:e7:b9:
         c8:3a:a4:f0:41:32:72:f5:45:bb:69:e8:3d:dd:c0:6b:ee:5f:
         bc:61:5b:71:91:ff:fc:7b:92:19:d4:eb:2a:5d:ee:d4:10:9c:
         dc:4f:2e:88:46:45:96:a2:2c:4b:9f:53:c0:8d:1d:0b:ed:ff:
         a2:f3:34:bb:2d:e5:46:5d:81:77:fa:fd:0a:3c:34:0d:07:e8:
         fb:ad:c2:6b:60:06:6a:7b:ee:10:69:b6:63:ad:54:2b:41:34:
         4c:3b:83:73:e0:c2:98:27:ea:4d:97:7f:b1:b9:37:85:e8:ad:
         45:b4:67:2e:7d:0d:9d:d4:7e:20:f4:0d:0a:70:8d:11:01:7e:
         74:3f:a9:10:1d:4d:67:c0:5b:d8:3b:34:67:9a:2f:11:ec:40:
         c9:b2:34:35:82:0c:65:fb:9e:78:c2:41:98:6a:45:d8:50:21:
         ef:18:8a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI3cHmtChkU3xTpAHBBPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2VlYzY0ODg3ZGQ1NTkxNGQxYjk5ZTZmZDZmOWFmNDljZTYwMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiRlFoS1SSc8UGMtFZQKXRaYEARV
Nn0z4PGHtJygVh0/uzCGlOPaqyu6rEb0uJOktzWlC6yK2fsaMs/8jemK7oQAtSKY
OKDk6AMX9u+YM93ifNle4IV1pmXN29j/87pk+CwO1rFhOiWqt9I+4J28QRG3vWM9
yEir7PN6Vjx/ef0fd8dBLHngCOAZyEVjYUCkjxfagAKoOmQAIYOcHAKM9eUKSH/U
EnHXp81/0uwQAr08a/xzuZr0sXU5hRXExUzEDAQ77h3uJYRiOH/fUhbVq0Oh6Dqb
Mbv4BM29su/2nMfNAdKaPpPLAQgC6wNq6OUhuURc4JiBnSFD8efE+0A2BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfuxkiH3VWRTRuZ5v1vmvSc5gANMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVi03R1NJZmRWWkZORzVubV9XLWE5SnptQUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqgMA0G
CSqGSIb3DQEBCwUAA4IBAQBVNmCQEgc23PScuunvJ15/XJk8lyRhKfGlYGcl0skA
KfSKX25peOS0I/6kQ6W/CQFdw/jqKmvrh/JY0SDZIxx5k9MzXvKSpoH17hQpAtMa
nkvk6LlDyqSF57nIOqTwQTJy9UW7aeg93cBr7l+8YVtxkf/8e5IZ1OsqXe7UEJzc
Ty6IRkWWoixLn1PAjR0L7f+i8zS7LeVGXYF3+v0KPDQNB+j7rcJrYAZqe+4QabZj
rVQrQTRMO4Nz4MKYJ+pNl3+xuTeF6K1FtGcufQ2d1H4g9A0KcI0RAX50P6kQHU1n
wFvYOzRnmi8R7EDJsjQ1ggxl+554wkGYakXYUCHvGIrE
-----END CERTIFICATE-----