Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XJmwNrNSw7GaLXOOKBjA1bGTmiw.roa
File:                     XJmwNrNSw7GaLXOOKBjA1bGTmiw.roa (raw, json)
Hash identifier:          rDweS70DgkpgloS34QLkflBcWYEsjFcK+An6jPM39Aw=
Subject key identifier:   5C:99:B0:36:B3:52:C3:B1:9A:2D:73:8E:28:18:C0:D5:B1:93:9A:2C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019315C8CE765C83EAFAC5CFC707224B07B2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XJmwNrNSw7GaLXOOKBjA1bGTmiw.roa
Signing time:             Sun 10 Nov 2024 11:15:01 +0000
ROA not before:           Sun 10 Nov 2024 11:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215242
IP address blocks:        31.58.250.0/24 maxlen: 24
                          31.58.251.0/24 maxlen: 24
                          217.60.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:15:c8:ce:76:5c:83:ea:fa:c5:cf:c7:07:22:4b:07:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 10 11:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c99b036b352c3b19a2d738e2818c0d5b1939a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bc:5f:47:94:65:d6:17:ed:d9:0e:b8:38:dc:
                    7a:0b:7e:16:49:b5:54:95:c9:8b:11:b7:6a:1d:74:
                    f7:36:22:20:4a:03:d8:0b:a7:ba:af:95:4d:e7:5f:
                    af:fd:5f:1f:77:af:80:b9:38:b6:fc:ee:7d:e7:25:
                    82:a6:0a:14:30:55:eb:2c:22:31:53:ac:04:9e:b7:
                    a1:ae:f2:a7:a2:b6:e4:ad:61:75:1d:90:d9:72:66:
                    6b:68:0a:a4:3a:3e:eb:49:76:93:ef:2b:60:01:7c:
                    80:d4:1e:ee:04:ab:b5:1c:8c:a7:05:b2:90:75:9e:
                    fd:c1:25:63:d9:37:c0:3b:80:74:ba:5a:99:73:1e:
                    1f:b9:fe:b3:4a:af:42:fe:f7:44:8e:1a:30:76:8b:
                    a1:33:c2:d0:e8:a0:3d:7f:36:76:f2:80:cf:ae:bd:
                    02:d6:f1:1c:db:70:04:40:d7:d3:dc:cd:92:cd:c0:
                    a3:4a:88:95:1c:2d:c7:76:b1:24:89:d9:ba:6d:df:
                    8e:21:14:07:30:85:a3:98:39:91:17:47:10:b1:6b:
                    9e:87:de:b0:19:f1:93:55:e7:8c:31:ec:e6:a9:b6:
                    63:fe:71:d9:e4:ce:f4:78:f4:1b:b1:a1:fa:a5:ae:
                    9d:14:9e:05:91:1a:f5:76:dc:02:5c:d3:7e:99:ff:
                    e6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:99:B0:36:B3:52:C3:B1:9A:2D:73:8E:28:18:C0:D5:B1:93:9A:2C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XJmwNrNSw7GaLXOOKBjA1bGTmiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.250.0/23
                  217.60.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:08:e4:5a:af:cc:86:61:d5:4b:bc:a3:ba:98:77:c2:c9:ec:
         92:40:1e:de:88:b3:ac:f2:bf:9d:17:67:47:c1:17:4b:50:bb:
         04:41:a6:1f:49:f4:7d:a7:90:49:e7:5b:93:ad:d7:93:df:b9:
         08:82:35:60:fc:6e:c9:2a:d5:52:a8:f4:8c:94:69:b8:37:d1:
         5c:50:62:a9:e9:fe:af:ec:75:cd:0c:3f:50:63:2b:96:fc:cd:
         e5:af:4b:d9:15:5b:00:a3:86:52:0d:d6:c5:00:e4:0c:eb:ff:
         ac:f8:f4:39:25:95:89:bf:bf:ef:fc:b7:00:a9:63:63:4c:ce:
         10:b4:26:07:80:0c:fd:d2:15:07:34:bc:54:7d:7e:c0:cb:ab:
         32:68:f9:71:ff:3e:ca:5e:e0:19:d1:87:35:71:71:f0:66:06:
         04:8c:8d:a9:a4:e2:ee:f1:69:96:49:9f:cd:8f:6e:f3:04:fe:
         7c:5b:f2:ed:cd:c7:0d:3a:ef:9a:8c:79:41:02:e0:b9:cf:c5:
         5d:d0:e2:91:d0:01:85:ec:2b:8e:68:8d:75:6a:d7:17:71:ad:
         2c:b5:01:e7:a1:f7:40:07:10:c0:b2:fb:01:6b:01:71:36:d4:
         35:eb:af:9b:98:50:31:71:50:9f:81:51:b4:5c:c7:df:01:b6:
         93:23:3f:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMVyM52XIPq+sXPxwciSweyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTEwMTExNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk5YjAzNmIzNTJjM2IxOWEyZDczOGUyODE4YzBkNWIxOTM5YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbxfR5Rl1hft2Q64ONx6C34WSbVU
lcmLEbdqHXT3NiIgSgPYC6e6r5VN51+v/V8fd6+AuTi2/O595yWCpgoUMFXrLCIx
U6wEnrehrvKnorbkrWF1HZDZcmZraAqkOj7rSXaT7ytgAXyA1B7uBKu1HIynBbKQ
dZ79wSVj2TfAO4B0ulqZcx4fuf6zSq9C/vdEjhowdouhM8LQ6KA9fzZ28oDPrr0C
1vEc23AEQNfT3M2SzcCjSoiVHC3HdrEkidm6bd+OIRQHMIWjmDmRF0cQsWueh96w
GfGTVeeMMezmqbZj/nHZ5M70ePQbsaH6pa6dFJ4FkRr1dtwCXNN+mf/mgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFyZsDazUsOxmi1zjigYwNWxk5osMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWEptd05yTlN3N0dhTFhPT0tCakExYkdUbWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBHzr6AwQA
2Tz7MA0GCSqGSIb3DQEBCwUAA4IBAQC6CORar8yGYdVLvKO6mHfCyeySQB7eiLOs
8r+dF2dHwRdLULsEQaYfSfR9p5BJ51uTrdeT37kIgjVg/G7JKtVSqPSMlGm4N9Fc
UGKp6f6v7HXNDD9QYyuW/M3lr0vZFVsAo4ZSDdbFAOQM6/+s+PQ5JZWJv7/v/LcA
qWNjTM4QtCYHgAz90hUHNLxUfX7Ay6syaPlx/z7KXuAZ0Yc1cXHwZgYEjI2ppOLu
8WmWSZ/Nj27zBP58W/LtzccNOu+ajHlBAuC5z8Vd0OKR0AGF7CuOaI11atcXca0s
tQHnofdABxDAsvsBawFxNtQ166+bmFAxcVCfgVG0XMffAbaTIz8O
-----END CERTIFICATE-----