Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VTRPft_CK-b8RIrukltdKwGsWLI.roa
File:                     VTRPft_CK-b8RIrukltdKwGsWLI.roa (raw, json)
Hash identifier:          2FERX34HQHvHV2vAc9e+oi5KUGd3LkqXFrrZmuVosoc=
Subject key identifier:   55:34:4F:7E:DF:C2:2B:E6:FC:44:8A:EE:92:5B:5D:2B:01:AC:58:B2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234791974C28BAB868042EACBF806B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VTRPft_CK-b8RIrukltdKwGsWLI.roa
Signing time:             Thu 02 Jan 2025 17:49:48 +0000
ROA not before:           Thu 02 Jan 2025 17:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49127
IP address blocks:        31.56.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:47:91:97:4c:28:ba:b8:68:04:2e:ac:bf:80:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55344f7edfc22be6fc448aee925b5d2b01ac58b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6e:f2:d5:2d:eb:d2:0d:00:04:68:57:23:4f:
                    91:c0:86:56:c7:db:07:44:a3:63:18:a8:8a:64:bd:
                    5e:aa:b6:bd:d8:22:81:7a:46:1b:da:68:1c:32:f5:
                    27:23:e9:c0:61:42:1e:76:92:2b:63:4c:26:50:48:
                    90:69:4c:59:86:0d:4a:1f:1b:a8:e6:81:d6:67:58:
                    97:be:d0:26:e8:73:42:e5:87:f2:83:f4:2c:86:7c:
                    14:d5:80:24:a6:84:b2:cc:94:b2:b1:02:de:f6:01:
                    6f:37:47:48:02:94:8a:1b:f8:ad:9b:6d:f7:36:13:
                    ea:67:ca:47:93:42:bd:a2:07:24:26:b1:0f:1c:f8:
                    18:07:a4:44:05:7b:1c:90:8f:9d:05:c2:24:f3:0e:
                    94:3f:67:f2:b8:9a:22:ab:ac:1a:38:0d:4c:cb:d6:
                    44:fe:6e:97:f7:d4:31:59:b6:28:c1:19:27:5f:06:
                    bc:cd:bb:89:2a:d0:1f:97:73:6f:cf:21:31:e4:70:
                    93:d7:be:55:02:75:d0:d9:86:10:b4:a6:73:20:ea:
                    b2:bc:e2:b7:bd:84:89:d8:b2:f2:07:1d:de:01:e6:
                    ce:51:d0:c2:ed:81:30:ef:37:a6:9b:f3:d3:51:c4:
                    5e:f6:f9:62:50:49:77:97:69:69:4c:5b:11:05:48:
                    76:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:34:4F:7E:DF:C2:2B:E6:FC:44:8A:EE:92:5B:5D:2B:01:AC:58:B2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/VTRPft_CK-b8RIrukltdKwGsWLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:18:a5:05:e8:d6:d4:79:86:70:ae:d7:12:2a:75:69:db:10:
         99:3c:aa:2c:30:70:70:ff:cb:21:38:4e:bc:90:00:e0:62:60:
         55:ad:9f:13:e5:d4:99:aa:7b:30:f6:f9:73:55:42:8d:3b:8f:
         76:49:a8:81:f4:cf:8f:c7:b1:7d:c1:35:0c:29:42:22:c4:64:
         33:6e:e6:8e:69:d6:ae:4f:17:f6:9a:b5:93:4c:9e:63:25:f2:
         11:d3:17:fe:c4:05:50:48:99:c4:8e:15:01:5a:71:6a:d6:61:
         88:88:dc:d7:85:33:94:83:56:1a:78:40:06:f8:2c:4e:7c:2a:
         45:fd:b2:07:07:97:c0:a4:17:74:d3:08:f0:ae:68:eb:4b:a0:
         ef:83:a7:75:b6:3d:65:70:45:95:58:2c:78:e8:80:b4:37:4e:
         fe:f9:82:08:c0:1a:85:96:56:e2:9b:e5:18:65:49:fe:44:5b:
         6c:ff:6b:33:a3:c5:f2:6e:43:4f:45:37:88:cd:23:c8:e1:5d:
         f4:cf:96:67:92:7c:8b:cd:d9:78:a6:d5:23:3a:85:94:d8:e6:
         09:71:f5:fe:b3:6d:c4:2a:2f:c7:99:be:ed:65:bc:b5:52:68:
         e3:e7:41:2a:23:29:a1:f6:9b:dd:5c:b0:85:d8:ed:e2:62:b1:
         a3:30:5a:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0eRl0wourhoBC6sv4BrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTM0NGY3ZWRmYzIyYmU2ZmM0NDhhZWU5MjViNWQyYjAxYWM1OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0W7y1S3r0g0ABGhXI0+RwIZWx9sH
RKNjGKiKZL1eqra92CKBekYb2mgcMvUnI+nAYUIedpIrY0wmUEiQaUxZhg1KHxuo
5oHWZ1iXvtAm6HNC5Yfyg/QshnwU1YAkpoSyzJSysQLe9gFvN0dIApSKG/itm233
NhPqZ8pHk0K9ogckJrEPHPgYB6REBXsckI+dBcIk8w6UP2fyuJoiq6waOA1My9ZE
/m6X99QxWbYowRknXwa8zbuJKtAfl3NvzyEx5HCT175VAnXQ2YYQtKZzIOqyvOK3
vYSJ2LLyBx3eAebOUdDC7YEw7zemm/PTUcRe9vliUEl3l2lpTFsRBUh27QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFU0T37fwivm/ESK7pJbXSsBrFiyMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVlRSUGZ0X0NLLWI4UklydWtsdGRLd0dzV0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzibMA0G
CSqGSIb3DQEBCwUAA4IBAQASGKUF6NbUeYZwrtcSKnVp2xCZPKosMHBw/8shOE68
kADgYmBVrZ8T5dSZqnsw9vlzVUKNO492SaiB9M+Px7F9wTUMKUIixGQzbuaOadau
Txf2mrWTTJ5jJfIR0xf+xAVQSJnEjhUBWnFq1mGIiNzXhTOUg1YaeEAG+CxOfCpF
/bIHB5fApBd00wjwrmjrS6Dvg6d1tj1lcEWVWCx46IC0N07++YIIwBqFllbim+UY
ZUn+RFts/2szo8XybkNPRTeIzSPI4V30z5ZnknyLzdl4ptUjOoWU2OYJcfX+s23E
Ki/Hmb7tZby1Umjj50EqIymh9pvdXLCF2O3iYrGjMFr2
-----END CERTIFICATE-----