Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VHOiuWdsHisThV-U9Yf1zhhflEw.roa
File:                     VHOiuWdsHisThV-U9Yf1zhhflEw.roa (raw, json)
Hash identifier:          ipxN7ZcFJFQ5Q2tYpImzS1U5KbKHgdDXZY1mcMPA4c4=
Subject key identifier:   54:73:A2:B9:67:6C:1E:2B:13:85:5F:94:F5:87:F5:CE:18:5F:94:4C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282368D1E7180A2E9CC03B77C42E5D64
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VHOiuWdsHisThV-U9Yf1zhhflEw.roa
Signing time:             Thu 02 Jan 2025 17:49:56 +0000
ROA not before:           Thu 02 Jan 2025 17:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212042
IP address blocks:        31.57.130.0/24 maxlen: 24
                          31.58.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:68:d1:e7:18:0a:2e:9c:c0:3b:77:c4:2e:5d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5473a2b9676c1e2b13855f94f587f5ce185f944c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:63:79:17:47:b2:0d:f4:4d:f3:f6:bc:b1:5e:
                    1a:d0:4f:7d:a2:18:85:55:a6:6b:01:cc:a9:b0:69:
                    66:6a:b7:f5:64:a6:8b:3a:7c:6c:b8:41:47:bb:dc:
                    f3:a5:d1:04:d2:f1:a0:16:4c:ac:d6:10:d0:b0:82:
                    3d:9c:73:45:6b:5d:e9:ab:5c:8f:f0:fe:a0:f1:64:
                    2e:bd:54:de:10:ed:f7:5e:a5:b7:05:45:48:5f:39:
                    aa:5b:a8:6c:48:6b:69:c8:c9:85:14:6f:59:ca:a6:
                    72:cd:c0:82:72:cd:ef:3d:6f:38:91:12:86:66:8b:
                    70:7a:a5:94:36:d8:00:e4:63:3f:2a:c6:34:f4:16:
                    d8:9a:43:7d:20:5b:85:c2:e9:39:c6:ee:8e:ca:ec:
                    2a:89:f8:55:c2:eb:73:5d:79:1d:5e:98:1f:84:92:
                    20:86:5b:1a:91:ef:53:9a:50:3e:d8:f8:fa:a1:b4:
                    e2:46:24:55:e5:d5:e3:28:b4:21:da:3a:e9:16:98:
                    d6:dc:cf:63:b9:0d:a7:e5:0e:58:e4:8f:13:b0:ea:
                    45:be:f4:50:64:d0:0a:2a:68:5f:ab:de:b4:10:ba:
                    fa:63:12:d2:f8:a7:64:78:5e:52:87:7e:a6:9d:5f:
                    04:65:e8:c4:49:0f:64:8c:e4:73:b9:aa:4d:b9:84:
                    de:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:73:A2:B9:67:6C:1E:2B:13:85:5F:94:F5:87:F5:CE:18:5F:94:4C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VHOiuWdsHisThV-U9Yf1zhhflEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.130.0/24
                  31.58.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ba:18:78:ba:ab:22:32:49:44:cf:f5:41:7b:9d:c8:dc:ea:
         38:4f:96:f5:1a:52:b5:c1:6f:ce:57:d6:66:64:00:78:c6:ec:
         a6:3a:d8:ca:a1:35:83:ab:fb:26:a2:1c:44:c6:9b:9d:b5:c4:
         6d:41:71:f1:71:8f:87:9d:6f:dc:df:67:f7:32:f5:00:55:1a:
         60:1b:b5:a9:94:6a:08:fd:db:8b:f9:61:eb:45:dd:3a:73:24:
         ca:d7:d1:a9:4a:6f:6e:9b:5a:6f:ac:4d:1a:e7:f8:5f:f0:82:
         e7:4e:dd:2e:72:52:9e:5c:0c:5d:93:c2:50:96:b7:86:2b:f4:
         34:49:40:38:a3:b1:fa:5d:52:80:d7:dd:d2:43:2e:27:41:af:
         8e:1b:14:c3:48:52:3e:91:87:d4:31:61:2d:b1:38:d3:a3:39:
         7f:a5:03:aa:37:d6:36:62:f3:03:cc:d2:8f:aa:29:f8:52:6a:
         74:c1:a9:f7:ab:b1:57:7f:dc:eb:75:23:98:33:f2:5d:6a:1f:
         da:dc:cd:eb:ba:3a:31:5f:14:ed:b1:18:a0:91:59:17:75:ca:
         cb:41:2c:fd:a7:06:7f:0e:18:7b:de:c7:63:b1:e6:df:c5:ea:
         52:42:b6:18:74:1e:4b:e1:19:7f:eb:77:0d:fb:0c:86:23:3e:
         15:3f:c7:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI2jR5xgKLpzAO3fELl1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDczYTJiOTY3NmMxZTJiMTM4NTVmOTRmNTg3ZjVjZTE4NWY5NDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmN5F0eyDfRN8/a8sV4a0E99ohiF
VaZrAcypsGlmarf1ZKaLOnxsuEFHu9zzpdEE0vGgFkys1hDQsII9nHNFa13pq1yP
8P6g8WQuvVTeEO33XqW3BUVIXzmqW6hsSGtpyMmFFG9ZyqZyzcCCcs3vPW84kRKG
ZotweqWUNtgA5GM/KsY09BbYmkN9IFuFwuk5xu6OyuwqifhVwutzXXkdXpgfhJIg
hlsake9TmlA+2Pj6obTiRiRV5dXjKLQh2jrpFpjW3M9juQ2n5Q5Y5I8TsOpFvvRQ
ZNAKKmhfq960ELr6YxLS+KdkeF5Sh36mnV8EZejESQ9kjORzuapNuYTecwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFRzorlnbB4rE4VflPWH9c4YX5RMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVkhPaXVXZHNIaXNUaFYtVTlZZjF6aGhmbEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmCAwQA
HzqMMA0GCSqGSIb3DQEBCwUAA4IBAQBOuhh4uqsiMklEz/VBe53I3Oo4T5b1GlK1
wW/OV9ZmZAB4xuymOtjKoTWDq/smohxExpudtcRtQXHxcY+HnW/c32f3MvUAVRpg
G7WplGoI/duL+WHrRd06cyTK19GpSm9um1pvrE0a5/hf8ILnTt0uclKeXAxdk8JQ
lreGK/Q0SUA4o7H6XVKA193SQy4nQa+OGxTDSFI+kYfUMWEtsTjTozl/pQOqN9Y2
YvMDzNKPqin4Ump0wan3q7FXf9zrdSOYM/Jdah/a3M3rujoxXxTtsRigkVkXdcrL
QSz9pwZ/Dhh73sdjsebfxepSQrYYdB5L4Rl/63cN+wyGIz4VP8c7
-----END CERTIFICATE-----