Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/W8vw6ra-BxKSpD2ymnD-HeRx5c0.roa
File:                     W8vw6ra-BxKSpD2ymnD-HeRx5c0.roa (raw, json)
Hash identifier:          shnMOItOK229JX28h3GHjRKvsNmZ/WxJDiujI0yNNkI=
Subject key identifier:   5B:CB:F0:EA:B6:BE:07:12:92:A4:3D:B2:9A:70:FE:1D:E4:71:E5:CD
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192256EC3073FE2E45E41B75BC157187FD7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/W8vw6ra-BxKSpD2ymnD-HeRx5c0.roa
Signing time:             Tue 24 Sep 2024 19:07:48 +0000
ROA not before:           Tue 24 Sep 2024 19:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     270187
IP address blocks:        31.57.172.0/24 maxlen: 24
                          31.57.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:25:6e:c3:07:3f:e2:e4:5e:41:b7:5b:c1:57:18:7f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 24 19:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bcbf0eab6be071292a43db29a70fe1de471e5cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a2:ef:a4:28:af:a3:24:77:47:70:28:3d:54:
                    40:08:d4:33:ce:e0:fa:b9:82:c3:1a:73:e6:c1:e1:
                    09:d5:00:df:c4:17:a9:85:0f:a1:0e:02:57:ba:5c:
                    72:0c:df:dd:3b:6e:10:15:8a:9e:62:c2:7c:34:a6:
                    e8:a9:3d:c5:45:5e:8f:c2:d3:58:b7:5f:4d:97:53:
                    df:ba:a3:0c:c8:b4:48:9f:b0:fc:fe:c4:f1:d3:c3:
                    d3:a8:68:bf:27:e9:f2:36:ad:96:b9:8a:7e:f0:d3:
                    d8:d0:d6:f6:68:7c:22:a9:d1:32:03:44:72:be:cd:
                    6b:23:00:c7:c0:30:6a:98:ed:c9:a6:a3:cf:63:32:
                    4e:f4:73:10:c3:62:b2:33:ab:d9:42:9d:9d:96:05:
                    e3:d3:15:65:33:a3:94:45:7f:9d:e8:3d:8d:6c:43:
                    6c:06:19:38:b4:80:cb:ba:57:16:1d:db:57:cf:38:
                    ca:e8:dc:08:7e:ac:0c:78:ec:e1:31:b4:a7:f1:fe:
                    1c:42:80:b7:19:9f:57:cd:a6:62:19:19:f0:98:ca:
                    13:7e:8d:73:63:38:e8:19:f9:a3:cb:b6:20:f4:6c:
                    da:91:ce:06:1b:00:9d:a9:d4:d2:80:9a:57:b8:a0:
                    c4:bb:88:b5:e0:a3:28:1e:6d:d0:77:53:cb:f3:c3:
                    a0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CB:F0:EA:B6:BE:07:12:92:A4:3D:B2:9A:70:FE:1D:E4:71:E5:CD
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/W8vw6ra-BxKSpD2ymnD-HeRx5c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:a5:93:0d:f3:a9:c2:0e:bb:40:4b:bb:b0:fe:83:05:22:56:
         62:38:01:f3:21:10:00:88:d4:31:2f:3b:b6:47:16:86:21:47:
         89:9b:38:92:16:f5:cb:c2:7d:85:a7:94:34:b2:7d:5a:ed:90:
         de:9a:5a:54:71:c3:1f:47:6a:25:30:c7:af:bc:5c:e9:b8:37:
         d0:f3:e7:e5:5c:76:e2:ec:3a:0c:29:ac:7c:a7:7d:7b:e2:55:
         1d:76:a3:a9:4a:d9:ba:a4:dd:59:d1:58:b4:fb:a0:3a:28:ec:
         a4:27:0a:be:89:75:c5:a5:03:1a:87:8e:72:df:e7:d8:dd:1c:
         5e:16:63:8b:8a:d2:aa:c2:35:96:80:8d:c7:4b:7b:c9:db:08:
         c0:cb:8c:c8:6d:c6:54:01:12:57:1c:a0:cf:19:2f:3f:51:63:
         7d:43:8d:32:8b:76:b0:98:67:c7:4a:10:4b:0b:a8:b2:3d:43:
         3f:9d:43:a2:32:b7:e9:30:08:af:df:e0:85:b5:86:f7:be:92:
         4c:ae:3f:1d:63:0d:4c:f1:8f:d4:0a:4c:97:41:62:f9:38:3f:
         9e:4d:38:f4:cb:12:1c:13:3e:aa:f1:c5:fd:67:ed:61:cc:47:
         25:46:9f:66:d7:82:2f:58:f2:3d:46:d3:91:f4:78:5f:c9:4b:
         f3:e7:06:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIlbsMHP+LkXkG3W8FXGH/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTI0MTkwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNiZjBlYWI2YmUwNzEyOTJhNDNkYjI5YTcwZmUxZGU0NzFlNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6LvpCivoyR3R3AoPVRACNQzzuD6
uYLDGnPmweEJ1QDfxBephQ+hDgJXulxyDN/dO24QFYqeYsJ8NKboqT3FRV6PwtNY
t19Nl1PfuqMMyLRIn7D8/sTx08PTqGi/J+nyNq2WuYp+8NPY0Nb2aHwiqdEyA0Ry
vs1rIwDHwDBqmO3JpqPPYzJO9HMQw2KyM6vZQp2dlgXj0xVlM6OURX+d6D2NbENs
Bhk4tIDLulcWHdtXzzjK6NwIfqwMeOzhMbSn8f4cQoC3GZ9XzaZiGRnwmMoTfo1z
YzjoGfmjy7Yg9Gzakc4GGwCdqdTSgJpXuKDEu4i14KMoHm3Qd1PL88OgTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvL8Oq2vgcSkqQ9sppw/h3kceXNMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvVzh2dzZyYS1CeEtTcEQyeW1uRC1IZVJ4NWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzmsMA0G
CSqGSIb3DQEBCwUAA4IBAQCxpZMN86nCDrtAS7uw/oMFIlZiOAHzIRAAiNQxLzu2
RxaGIUeJmziSFvXLwn2Fp5Q0sn1a7ZDemlpUccMfR2olMMevvFzpuDfQ8+flXHbi
7DoMKax8p3174lUddqOpStm6pN1Z0Vi0+6A6KOykJwq+iXXFpQMah45y3+fY3Rxe
FmOLitKqwjWWgI3HS3vJ2wjAy4zIbcZUARJXHKDPGS8/UWN9Q40yi3awmGfHShBL
C6iyPUM/nUOiMrfpMAiv3+CFtYb3vpJMrj8dYw1M8Y/UCkyXQWL5OD+eTTj0yxIc
Ez6q8cX9Z+1hzEclRp9m14IvWPI9RtOR9HhfyUvz5wZV
-----END CERTIFICATE-----