Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZqhPN9O6oAMBgTSxFImg4F7KxOc.roa
File:                     ZqhPN9O6oAMBgTSxFImg4F7KxOc.roa (raw, json)
Hash identifier:          dzPbJXHkJktXgrI9/clhrVadNgQDHeNcVVxo4fWhE84=
Subject key identifier:   66:A8:4F:37:D3:BA:A0:03:01:81:34:B1:14:89:A0:E0:5E:CA:C4:E7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428237445F898D7E24890780D3688C988
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZqhPN9O6oAMBgTSxFImg4F7KxOc.roa
Signing time:             Thu 02 Jan 2025 17:49:59 +0000
ROA not before:           Thu 02 Jan 2025 17:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214375
IP address blocks:        31.56.46.0/24 maxlen: 24
                          31.57.157.0/24 maxlen: 24
                          31.57.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:74:45:f8:98:d7:e2:48:90:78:0d:36:88:c9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66a84f37d3baa003018134b11489a0e05ecac4e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:af:63:24:e5:93:77:f3:b9:e5:93:45:36:4f:
                    62:71:7b:fe:1f:4b:e7:88:ba:52:77:40:26:22:2b:
                    cf:15:f9:75:66:15:7e:1b:f7:af:18:1e:12:5f:d3:
                    2c:55:50:78:90:26:99:73:f7:12:d3:61:a5:0e:6d:
                    7a:b4:34:2a:5b:94:a0:89:3f:28:63:c7:0a:7f:58:
                    01:f7:69:05:ab:9d:81:5e:05:14:4d:2b:95:5b:51:
                    a3:5e:28:e8:bd:45:ac:e9:5a:4c:ce:cd:88:20:2d:
                    32:9e:f9:cd:c0:8f:d0:e7:a7:19:08:4e:83:a8:44:
                    38:ab:4f:24:3d:97:ff:87:40:9e:83:ce:e0:9e:26:
                    01:5c:8c:7b:58:3c:29:0e:08:12:cd:47:72:8f:56:
                    ae:ec:54:3b:2e:ae:58:14:30:87:a2:06:26:ce:53:
                    b5:f5:1e:80:ae:ee:cb:01:ca:04:27:81:16:46:52:
                    c7:83:ca:ba:61:fa:3a:3c:a9:29:51:d4:2b:cc:7b:
                    c3:a0:c0:66:90:bf:7c:38:19:d0:54:67:fa:61:00:
                    09:dd:de:bf:11:92:1b:37:9a:07:2c:90:a2:52:28:
                    ef:86:0e:b8:e6:bc:9b:56:02:58:11:41:35:3d:63:
                    47:1a:53:39:44:37:c9:e7:ef:f5:21:df:09:c2:c5:
                    01:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A8:4F:37:D3:BA:A0:03:01:81:34:B1:14:89:A0:E0:5E:CA:C4:E7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ZqhPN9O6oAMBgTSxFImg4F7KxOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.46.0/24
                  31.57.157.0-31.57.158.255

    Signature Algorithm: sha256WithRSAEncryption
         98:7c:7c:8b:d3:8d:34:5f:17:17:b3:b3:9a:62:12:1f:67:a1:
         76:c8:62:74:59:95:53:82:e6:2e:d8:94:1a:44:7a:c3:b5:cf:
         0d:4b:96:74:cf:83:2c:f4:b7:d4:d4:9b:60:54:7a:de:70:02:
         64:2c:4f:95:b4:15:b6:d9:e0:7f:b2:cc:ac:b1:fd:0c:7a:0b:
         8c:94:26:f4:bf:76:7a:e2:5c:f7:5d:3f:f4:25:62:ca:84:36:
         29:cf:6d:f5:01:3b:51:dc:ab:b6:9b:90:f8:f8:c0:9e:a9:d6:
         42:11:0b:b8:a2:bc:e3:98:10:a7:da:21:d4:5c:5a:28:27:00:
         d1:36:b0:9f:2d:9d:95:1b:74:56:e1:b7:72:44:58:37:87:d0:
         84:9a:2b:53:d4:21:31:29:1d:63:d4:4f:50:6d:11:fe:6e:18:
         3e:c4:02:9c:5d:5f:d4:57:7b:bb:2f:98:bb:02:e9:2e:b3:66:
         1f:c8:cf:6a:cf:2d:91:d6:1d:cf:5c:ae:7b:43:06:bc:34:16:
         e3:72:79:00:5f:61:e0:c4:67:96:7b:b7:15:2b:b7:10:ce:75:
         e8:52:60:0c:37:65:40:39:e5:27:8c:f7:1b:48:8a:cf:78:fb:
         3f:1c:13:2b:7b:97:33:f3:58:47:73:05:b5:b4:7a:83:86:f8:
         e1:cf:de:85
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQoI3RF+JjX4kiQeA02iMmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmE4NGYzN2QzYmFhMDAzMDE4MTM0YjExNDg5YTBlMDVlY2FjNGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo69jJOWTd/O55ZNFNk9icXv+H0vn
iLpSd0AmIivPFfl1ZhV+G/evGB4SX9MsVVB4kCaZc/cS02GlDm16tDQqW5SgiT8o
Y8cKf1gB92kFq52BXgUUTSuVW1GjXijovUWs6VpMzs2IIC0ynvnNwI/Q56cZCE6D
qEQ4q08kPZf/h0Ceg87gniYBXIx7WDwpDggSzUdyj1au7FQ7Lq5YFDCHogYmzlO1
9R6Aru7LAcoEJ4EWRlLHg8q6Yfo6PKkpUdQrzHvDoMBmkL98OBnQVGf6YQAJ3d6/
EZIbN5oHLJCiUijvhg645rybVgJYEUE1PWNHGlM5RDfJ5+/1Id8JwsUBNwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGaoTzfTuqADAYE0sRSJoOBeysTnMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWnFoUE45TzZvQU1CZ1RTeEZJbWc0RjdLeE9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAHzguMAwD
BAAfOZ0DBAAfOZ4wDQYJKoZIhvcNAQELBQADggEBAJh8fIvTjTRfFxezs5piEh9n
oXbIYnRZlVOC5i7YlBpEesO1zw1LlnTPgyz0t9TUm2BUet5wAmQsT5W0FbbZ4H+y
zKyx/Qx6C4yUJvS/dnriXPddP/QlYsqENinPbfUBO1Hcq7abkPj4wJ6p1kIRC7ii
vOOYEKfaIdRcWignANE2sJ8tnZUbdFbht3JEWDeH0ISaK1PUITEpHWPUT1BtEf5u
GD7EApxdX9RXe7svmLsC6S6zZh/Iz2rPLZHWHc9crntDBrw0FuNyeQBfYeDEZ5Z7
txUrtxDOdehSYAw3ZUA55SeM9xtIis94+z8cEyt7lzPzWEdzBbW0eoOG+OHP3oU=
-----END CERTIFICATE-----