Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZG2nEoCL0hJw0XphILNOFQ1GNKA.roa
File:                     ZG2nEoCL0hJw0XphILNOFQ1GNKA.roa (raw, json)
Hash identifier:          +v7G582aBamQm32jXLOBLli8S5DHgiODIvC2w8fnK+w=
Subject key identifier:   64:6D:A7:12:80:8B:D2:12:70:D1:7A:61:20:B3:4E:15:0D:46:34:A0
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01945715C51792696FCEE888FA4E37C52859
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZG2nEoCL0hJw0XphILNOFQ1GNKA.roa
Signing time:             Sat 11 Jan 2025 20:37:11 +0000
ROA not before:           Sat 11 Jan 2025 20:37:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        31.58.208.0/24 maxlen: 24
                          31.58.209.0/24 maxlen: 24
                          31.58.232.0/24 maxlen: 24
                          31.58.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:57:15:c5:17:92:69:6f:ce:e8:88:fa:4e:37:c5:28:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 11 20:37:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=646da712808bd21270d17a6120b34e150d4634a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:19:35:a1:5a:b1:91:aa:e5:91:3c:9b:c3:e0:
                    c9:25:ce:04:2e:04:5f:5c:19:0f:5c:2b:c0:2b:57:
                    02:ad:ec:d4:69:09:7b:1e:2a:82:b7:b5:62:a2:9f:
                    46:27:5f:bd:ea:10:a3:67:6b:92:5c:09:9d:63:c4:
                    72:4f:96:73:6e:e7:d7:2c:dc:a2:52:e5:c9:b6:35:
                    60:c0:37:b5:3f:21:f6:ef:b1:9f:61:ae:c5:0f:7d:
                    55:4a:48:20:7e:c9:e3:50:56:3e:d3:04:cc:af:5d:
                    ca:4f:1f:e7:0f:c8:64:20:5d:0c:15:ab:1d:55:71:
                    99:c2:f9:00:a9:70:56:3a:b8:21:90:fc:dc:49:e3:
                    d0:63:08:e5:65:e1:4b:7f:a8:22:04:8a:bb:0a:3c:
                    7b:c6:4c:d1:46:7d:43:91:67:e1:b9:19:53:94:db:
                    6c:54:3b:a7:80:53:e6:03:e9:87:f1:14:f6:3c:66:
                    45:df:61:45:af:76:1a:fc:18:f3:e2:25:56:7a:9e:
                    3e:f6:ed:f0:a5:83:37:12:0b:bf:d3:89:30:ed:ed:
                    d8:75:e0:e8:b4:3b:fe:c6:94:68:cc:a0:45:69:7a:
                    34:72:1e:6b:96:27:83:08:a7:17:6c:45:eb:7e:3e:
                    2b:d0:c9:02:9a:46:21:6d:0c:d3:83:d5:71:36:d3:
                    db:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6D:A7:12:80:8B:D2:12:70:D1:7A:61:20:B3:4E:15:0D:46:34:A0
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZG2nEoCL0hJw0XphILNOFQ1GNKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.208.0/23
                  31.58.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:25:31:f5:ec:d5:67:e5:ac:b3:4f:e8:12:d2:ac:50:60:a9:
         56:41:97:35:d7:3a:3d:fd:9a:23:9e:62:0a:33:9f:52:c8:84:
         a6:39:9d:37:9a:0f:45:ae:20:4d:ae:37:d5:79:2c:97:20:4b:
         be:60:4a:61:42:7d:7a:29:95:d3:67:14:e1:88:8b:f2:03:05:
         95:5a:f0:90:0b:c4:56:12:17:f0:d0:8b:33:29:73:a9:38:b1:
         a7:97:4e:71:9b:ca:0a:af:53:75:9c:4d:03:b9:88:ce:16:bf:
         59:af:b4:df:df:12:8a:e7:6f:73:5c:45:0e:0f:19:66:e9:5c:
         61:d7:81:39:85:e3:28:50:5e:53:ac:be:6b:11:f2:82:a4:17:
         71:a8:c5:7a:b9:51:73:c3:a7:24:f3:47:ab:b0:9d:67:2c:54:
         da:69:9b:16:fc:37:e2:2a:76:61:64:b7:2b:e1:62:de:af:08:
         ce:6d:54:30:64:e7:d7:dd:02:82:c3:25:9d:74:81:39:51:62:
         0c:f5:33:6f:39:8d:c5:32:9f:3f:e3:5d:d5:d7:af:5a:dd:d1:
         69:75:ac:fb:96:46:cc:f8:16:c0:a5:12:1d:43:8c:ae:26:3e:
         60:61:ec:e0:8e:52:a5:7e:fa:b4:88:4d:e9:62:c8:e5:cc:17:
         e5:d2:e3:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRXFcUXkmlvzuiI+k43xShZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTExMjAzNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZkYTcxMjgwOGJkMjEyNzBkMTdhNjEyMGIzNGUxNTBkNDYzNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBk1oVqxkarlkTybw+DJJc4ELgRf
XBkPXCvAK1cCrezUaQl7HiqCt7Viop9GJ1+96hCjZ2uSXAmdY8RyT5ZzbufXLNyi
UuXJtjVgwDe1PyH277GfYa7FD31VSkggfsnjUFY+0wTMr13KTx/nD8hkIF0MFasd
VXGZwvkAqXBWOrghkPzcSePQYwjlZeFLf6giBIq7Cjx7xkzRRn1DkWfhuRlTlNts
VDungFPmA+mH8RT2PGZF32FFr3Ya/Bjz4iVWep4+9u3wpYM3Egu/04kw7e3YdeDo
tDv+xpRozKBFaXo0ch5rlieDCKcXbEXrfj4r0MkCmkYhbQzTg9VxNtPbbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGRtpxKAi9IScNF6YSCzThUNRjSgMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWkcybkVvQ0wwaEp3MFhwaElMTk9GUTFHTktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBHzrQAwQB
HzroMA0GCSqGSIb3DQEBCwUAA4IBAQCSJTH17NVn5ayzT+gS0qxQYKlWQZc11zo9
/ZojnmIKM59SyISmOZ03mg9FriBNrjfVeSyXIEu+YEphQn16KZXTZxThiIvyAwWV
WvCQC8RWEhfw0IszKXOpOLGnl05xm8oKr1N1nE0DuYjOFr9Zr7Tf3xKK529zXEUO
Dxlm6Vxh14E5heMoUF5TrL5rEfKCpBdxqMV6uVFzw6ck80ersJ1nLFTaaZsW/Dfi
KnZhZLcr4WLerwjObVQwZOfX3QKCwyWddIE5UWIM9TNvOY3FMp8/413V169a3dFp
daz7lkbM+BbApRIdQ4yuJj5gYezgjlKlfvq0iE3pYsjlzBfl0uME
-----END CERTIFICATE-----