Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZLGIcxcV6713ztg0xcjxt8gLNPg.roa
File:                     ZLGIcxcV6713ztg0xcjxt8gLNPg.roa (raw, json)
Hash identifier:          aAVcUpHPOjbfsV+1bJG/PIgXMlGIjTV4EWRXnun9myw=
Subject key identifier:   64:B1:88:73:17:15:EB:BD:77:CE:D8:34:C5:C8:F1:B7:C8:0B:34:F8
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01929E8D5D80EC84F97CDC3CC525BA0E6DCC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZLGIcxcV6713ztg0xcjxt8gLNPg.roa
Signing time:             Fri 18 Oct 2024 07:35:17 +0000
ROA not before:           Fri 18 Oct 2024 07:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31715
IP address blocks:        31.59.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:8d:5d:80:ec:84:f9:7c:dc:3c:c5:25:ba:0e:6d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 18 07:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64b188731715ebbd77ced834c5c8f1b7c80b34f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:64:58:68:cf:b9:e9:01:ea:31:c0:47:67:43:
                    c7:32:d1:14:cd:eb:39:78:a2:62:9a:6a:cb:50:f6:
                    c2:07:51:be:78:27:41:a4:d2:9d:f8:fb:3d:6e:26:
                    5d:86:f8:b7:c1:b7:25:7e:ad:2d:58:5d:62:98:28:
                    ef:cc:60:99:6c:7b:79:86:03:58:08:d5:86:31:b8:
                    b2:80:7a:e6:f9:c1:50:e9:61:b1:1d:34:65:79:59:
                    c9:f1:7f:3a:82:07:9f:7e:3f:01:fc:0e:ed:97:7f:
                    56:49:ba:5a:54:d2:41:b3:e9:6d:36:cc:06:28:18:
                    79:ff:d1:b9:f1:e4:44:54:c7:70:19:84:89:44:b2:
                    59:b2:6f:8f:46:c5:ce:f0:01:f0:e5:54:b6:a4:0c:
                    fe:41:23:d9:f3:84:f6:4a:79:ff:4b:a4:2c:5d:b4:
                    5f:26:10:1d:f1:0c:f6:28:af:aa:a4:e3:6b:5d:7b:
                    3c:cd:96:02:50:dd:81:ba:25:10:4e:2c:29:22:82:
                    75:40:44:a8:25:bd:00:29:b7:07:ef:3e:51:06:82:
                    37:4e:38:f5:45:eb:4d:cb:2b:d5:3c:fa:16:30:d2:
                    92:db:ed:2d:42:33:92:71:49:63:0c:16:84:56:4d:
                    80:0c:9a:dd:7c:c1:ea:ac:27:b4:6b:b2:2b:34:2a:
                    48:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B1:88:73:17:15:EB:BD:77:CE:D8:34:C5:C8:F1:B7:C8:0B:34:F8
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZLGIcxcV6713ztg0xcjxt8gLNPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:6a:66:4b:60:05:4b:49:52:22:31:17:18:f4:36:4f:1d:eb:
         e9:26:ec:d0:1e:2a:32:e5:22:06:19:53:39:aa:4d:bc:97:03:
         65:ed:36:99:6e:9b:54:be:7b:78:fd:45:07:67:73:41:63:bf:
         87:54:d5:43:7f:f9:f7:bb:d7:c6:a8:6e:8d:25:88:cd:c4:f6:
         6b:77:27:18:62:55:23:d3:02:a0:4c:4a:a5:37:cf:3b:88:64:
         a8:ff:18:01:f0:30:b6:ec:8f:dc:90:f7:2e:97:22:55:76:60:
         b4:25:21:91:bd:f8:6d:43:8f:da:5e:ed:c1:ba:c4:c5:de:c2:
         8c:d9:a4:43:36:8f:2a:c2:5d:72:4e:2b:e5:e0:ba:cf:40:a3:
         2c:64:37:51:2d:45:7e:fa:ef:46:eb:50:c3:62:0b:e6:6c:6c:
         2e:a1:d0:ae:e2:de:10:79:a8:3d:64:59:68:f1:68:d6:d1:ef:
         82:74:e2:84:c3:42:37:ca:93:1e:e6:12:88:31:3b:36:55:ee:
         b1:03:02:d3:58:5a:1a:22:52:18:04:52:d7:69:94:26:53:55:
         2d:5e:f3:a2:e1:3b:19:ab:a3:7a:a5:b5:2a:de:72:c1:25:c2:
         5b:94:30:e5:49:2e:90:7e:54:57:4d:b6:0b:14:0d:7e:be:e4:
         9a:85:a1:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKejV2A7IT5fNw8xSW6Dm3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDE4MDczNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGIxODg3MzE3MTVlYmJkNzdjZWQ4MzRjNWM4ZjFiN2M4MGIzNGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGRYaM+56QHqMcBHZ0PHMtEUzes5
eKJimmrLUPbCB1G+eCdBpNKd+Ps9biZdhvi3wbclfq0tWF1imCjvzGCZbHt5hgNY
CNWGMbiygHrm+cFQ6WGxHTRleVnJ8X86ggeffj8B/A7tl39WSbpaVNJBs+ltNswG
KBh5/9G58eREVMdwGYSJRLJZsm+PRsXO8AHw5VS2pAz+QSPZ84T2Snn/S6QsXbRf
JhAd8Qz2KK+qpONrXXs8zZYCUN2BuiUQTiwpIoJ1QESoJb0AKbcH7z5RBoI3Tjj1
RetNyyvVPPoWMNKS2+0tQjOScUljDBaEVk2ADJrdfMHqrCe0a7IrNCpITQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSxiHMXFeu9d87YNMXI8bfICzT4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWkxHSWN4Y1Y2NzEzenRnMHhjanh0OGdMTlBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzsoMA0G
CSqGSIb3DQEBCwUAA4IBAQCYamZLYAVLSVIiMRcY9DZPHevpJuzQHioy5SIGGVM5
qk28lwNl7TaZbptUvnt4/UUHZ3NBY7+HVNVDf/n3u9fGqG6NJYjNxPZrdycYYlUj
0wKgTEqlN887iGSo/xgB8DC27I/ckPculyJVdmC0JSGRvfhtQ4/aXu3BusTF3sKM
2aRDNo8qwl1yTivl4LrPQKMsZDdRLUV++u9G61DDYgvmbGwuodCu4t4Qeag9ZFlo
8WjW0e+CdOKEw0I3ypMe5hKIMTs2Ve6xAwLTWFoaIlIYBFLXaZQmU1UtXvOi4TsZ
q6N6pbUq3nLBJcJblDDlSS6QflRXTbYLFA1+vuSahaE2
-----END CERTIFICATE-----