Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/V6TzfImkISKnx_r9Ab31QLW8fNc.roa
File:                     V6TzfImkISKnx_r9Ab31QLW8fNc.roa (raw, json)
Hash identifier:          gTlu2gSXXfZdaqCjI/r8wSk9/ftYozSzN1/rnGiYLtE=
Subject key identifier:   57:A4:F3:7C:89:A4:21:22:A7:C7:FA:FD:01:BD:F5:40:B5:BC:7C:D7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428237E6335A59A0DA370E133B3916985
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/V6TzfImkISKnx_r9Ab31QLW8fNc.roa
Signing time:             Thu 02 Jan 2025 17:50:02 +0000
ROA not before:           Thu 02 Jan 2025 17:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215415
IP address blocks:        31.56.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:7e:63:35:a5:9a:0d:a3:70:e1:33:b3:91:69:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57a4f37c89a42122a7c7fafd01bdf540b5bc7cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9b:d7:b4:e8:24:6a:c8:04:96:17:5e:4a:d6:
                    f3:5f:87:0b:bb:99:86:f4:24:79:be:04:03:2d:48:
                    da:0c:8b:0d:38:00:db:f8:2e:36:be:c6:38:da:ab:
                    95:13:4a:02:4e:37:8b:53:2e:e8:66:9e:87:94:8b:
                    f4:1b:3d:3a:6f:92:19:1b:a4:87:2d:79:d2:57:7e:
                    7d:80:da:32:07:4b:1f:2d:be:27:8f:86:d5:59:52:
                    41:62:ab:91:f7:34:76:ca:f4:57:73:8b:18:d0:cb:
                    48:a6:2b:5a:14:1a:01:39:cc:92:85:e2:41:b8:9f:
                    c1:ee:f3:a6:f8:80:00:5c:75:0a:d6:6f:3a:52:b4:
                    95:20:78:c2:cb:65:75:48:f7:9d:83:5c:98:70:32:
                    8a:ee:b9:c0:54:ef:f1:95:53:29:2e:a2:a1:d9:ca:
                    0e:0c:61:ca:3a:9d:e9:19:a7:2b:b6:c7:a8:b3:b3:
                    25:51:82:ec:3e:9c:76:de:ad:2f:91:13:c1:19:9c:
                    42:52:43:62:76:d7:71:08:43:88:52:b0:68:10:e0:
                    e9:ed:b8:a7:7f:2f:70:97:1e:58:81:4b:05:73:94:
                    be:44:16:74:83:78:0d:17:52:9c:f9:01:9e:cb:51:
                    15:98:3f:38:15:5c:f7:00:f9:1e:c1:47:09:6b:0e:
                    3f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:A4:F3:7C:89:A4:21:22:A7:C7:FA:FD:01:BD:F5:40:B5:BC:7C:D7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/V6TzfImkISKnx_r9Ab31QLW8fNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:4d:1f:ed:86:d2:65:ec:fc:95:93:71:4f:bd:95:05:55:f0:
         d4:f0:72:2c:4c:39:87:e5:4e:8f:9b:c2:e1:f3:66:b3:08:65:
         8a:51:bd:dc:9d:e8:d9:72:2f:c6:f2:47:ad:fb:34:e5:08:52:
         1e:61:f0:c0:9e:b8:c3:89:f1:27:bd:f6:bb:4c:2b:5a:d9:dc:
         c7:7c:88:3b:d1:a6:06:26:0d:06:6b:77:85:b4:51:7c:28:32:
         7b:4b:ef:65:f9:cf:4e:d4:48:07:86:c3:b3:af:23:c9:ab:40:
         d4:c2:68:ea:27:bd:e1:14:c8:df:42:76:94:e5:de:b5:b2:7d:
         db:a0:38:ef:bb:00:67:f2:fa:32:45:62:41:33:55:46:ef:3e:
         72:6c:80:68:95:0e:22:e6:67:55:8a:d8:85:06:ba:76:ff:d2:
         ec:3d:ed:5b:3f:38:fb:4c:13:97:2f:19:9b:51:c1:41:1d:c2:
         b8:62:5e:ed:4a:48:91:8b:69:00:23:05:d6:18:8a:0c:f1:81:
         f7:fe:50:60:f8:e0:4d:e0:a7:ee:ac:9c:cf:2a:85:82:49:06:
         15:15:86:54:f4:8d:fb:f0:3f:9a:79:41:62:e5:66:a0:51:cf:
         72:3b:02:c8:c6:7e:9e:6c:96:ea:ea:90:c3:17:44:a7:54:ae:
         cf:6f:3e:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI35jNaWaDaNw4TOzkWmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2E0ZjM3Yzg5YTQyMTIyYTdjN2ZhZmQwMWJkZjU0MGI1YmM3Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pvXtOgkasgElhdeStbzX4cLu5mG
9CR5vgQDLUjaDIsNOADb+C42vsY42quVE0oCTjeLUy7oZp6HlIv0Gz06b5IZG6SH
LXnSV359gNoyB0sfLb4nj4bVWVJBYquR9zR2yvRXc4sY0MtIpitaFBoBOcySheJB
uJ/B7vOm+IAAXHUK1m86UrSVIHjCy2V1SPedg1yYcDKK7rnAVO/xlVMpLqKh2coO
DGHKOp3pGacrtseos7MlUYLsPpx23q0vkRPBGZxCUkNidtdxCEOIUrBoEODp7bin
fy9wlx5YgUsFc5S+RBZ0g3gNF1Kc+QGey1EVmD84FVz3APkewUcJaw4/AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFek83yJpCEip8f6/QG99UC1vHzXMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVjZUemZJbWtJU0tueF9yOUFiMzFRTFc4Zk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHziQMA0G
CSqGSIb3DQEBCwUAA4IBAQBKTR/thtJl7PyVk3FPvZUFVfDU8HIsTDmH5U6Pm8Lh
82azCGWKUb3cnejZci/G8ket+zTlCFIeYfDAnrjDifEnvfa7TCta2dzHfIg70aYG
Jg0Ga3eFtFF8KDJ7S+9l+c9O1EgHhsOzryPJq0DUwmjqJ73hFMjfQnaU5d61sn3b
oDjvuwBn8voyRWJBM1VG7z5ybIBolQ4i5mdVitiFBrp2/9LsPe1bPzj7TBOXLxmb
UcFBHcK4Yl7tSkiRi2kAIwXWGIoM8YH3/lBg+OBN4KfurJzPKoWCSQYVFYZU9I37
8D+aeUFi5WagUc9yOwLIxn6ebJbq6pDDF0SnVK7Pbz5N
-----END CERTIFICATE-----