Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a2jm8yPtgwX6XKOYQvrQZ_9hAmo.roa
File:                     a2jm8yPtgwX6XKOYQvrQZ_9hAmo.roa (raw, json)
Hash identifier:          XcRg9XKt5WVcm/R8SVyWpKWhrBA98M2MwiO/zsClkbI=
Subject key identifier:   6B:68:E6:F3:23:ED:83:05:FA:5C:A3:98:42:FA:D0:67:FF:61:02:6A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823545A32E8018D31DCF3B297E00673
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a2jm8yPtgwX6XKOYQvrQZ_9hAmo.roa
Signing time:             Thu 02 Jan 2025 17:49:51 +0000
ROA not before:           Thu 02 Jan 2025 17:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        31.58.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:54:5a:32:e8:01:8d:31:dc:f3:b2:97:e0:06:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b68e6f323ed8305fa5ca39842fad067ff61026a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4c:35:a8:59:07:43:e6:d5:38:10:81:37:5c:
                    b1:f8:4b:83:27:99:23:ef:08:40:89:47:61:6a:41:
                    71:31:d8:f1:d7:99:e4:d0:b7:22:fb:fc:7f:ef:a8:
                    00:1c:8d:b7:ce:d1:22:42:0f:77:49:a4:88:d4:ec:
                    28:d9:1b:21:21:6c:ee:92:ff:27:9d:81:85:1a:22:
                    63:44:14:8f:1a:dd:2c:13:1a:f2:6c:8e:9e:72:d5:
                    fd:f4:7c:a6:23:f7:ec:cd:83:b5:da:9f:cb:2e:61:
                    c5:e6:f8:3f:25:ad:b3:45:6c:f5:7e:79:11:ee:06:
                    d7:99:b4:da:93:8d:a2:8f:99:13:6a:c8:c8:26:bb:
                    d7:83:95:45:ad:26:1b:37:02:c8:a0:a6:52:e1:3d:
                    25:88:79:89:d8:b1:2d:01:75:cf:60:02:f3:7d:8b:
                    ec:fc:31:81:c8:2e:38:be:18:f3:0f:26:9f:7f:47:
                    65:9c:50:ec:2d:82:bc:60:ab:41:83:e5:0f:2e:ba:
                    66:21:34:47:f0:0b:76:51:d0:c4:2d:18:f7:7d:af:
                    dd:f6:bf:57:db:1f:a5:af:be:f9:07:cd:3e:f5:df:
                    d3:ad:43:8b:03:c5:77:d3:cc:20:c0:da:2e:2c:84:
                    19:53:99:6f:a8:3a:9d:f2:c8:5c:05:26:67:b6:9d:
                    56:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:68:E6:F3:23:ED:83:05:FA:5C:A3:98:42:FA:D0:67:FF:61:02:6A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a2jm8yPtgwX6XKOYQvrQZ_9hAmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:6e:7e:80:f6:37:57:fb:d0:ff:9f:8b:0a:63:ae:bf:10:42:
         14:a6:1e:78:cf:fb:40:8d:b8:2d:4b:c8:a5:d3:38:a7:5c:02:
         8c:0f:d8:75:55:ad:15:0c:1b:6a:ce:b1:80:ea:71:a3:4f:4e:
         28:78:dc:f7:eb:82:2e:0b:c4:de:f3:ee:9b:91:81:0f:05:72:
         e0:b1:d8:c3:4d:dc:a3:74:1d:fb:79:29:a0:ad:8a:ba:d8:85:
         f6:3e:61:28:c5:10:2d:eb:a8:db:3b:e0:9a:b1:46:6c:67:8c:
         49:dd:26:b6:77:82:b1:20:c4:08:8d:06:36:92:b8:64:b3:1a:
         a7:b5:84:3b:b5:d7:d6:7a:a3:8d:9f:d3:a8:3c:e5:d2:b1:fb:
         a7:2e:62:9c:9d:85:8b:eb:a5:5d:a4:fa:0e:7c:f6:2d:aa:07:
         35:3a:7e:fd:fa:ac:80:26:aa:6d:7d:ae:42:e3:a8:7f:36:f0:
         8c:3d:9d:b9:92:15:9a:c3:4d:1f:a0:f3:ae:b1:c0:e6:c5:b8:
         47:8e:ee:39:10:99:4f:cf:44:bd:a2:40:ec:4f:24:89:4c:a5:
         87:30:c4:89:2d:b4:84:0f:59:d3:24:a1:e6:4a:79:7c:d8:6f:
         a3:fd:65:c7:93:19:ad:b8:74:55:17:b2:da:da:14:4d:2a:72:
         61:9a:18:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI1RaMugBjTHc87KX4AZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjY4ZTZmMzIzZWQ4MzA1ZmE1Y2EzOTg0MmZhZDA2N2ZmNjEwMjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUw1qFkHQ+bVOBCBN1yx+EuDJ5kj
7whAiUdhakFxMdjx15nk0Lci+/x/76gAHI23ztEiQg93SaSI1Owo2RshIWzukv8n
nYGFGiJjRBSPGt0sExrybI6ectX99HymI/fszYO12p/LLmHF5vg/Ja2zRWz1fnkR
7gbXmbTak42ij5kTasjIJrvXg5VFrSYbNwLIoKZS4T0liHmJ2LEtAXXPYALzfYvs
/DGByC44vhjzDyaff0dlnFDsLYK8YKtBg+UPLrpmITRH8At2UdDELRj3fa/d9r9X
2x+lr775B80+9d/TrUOLA8V308wgwNouLIQZU5lvqDqd8shcBSZntp1WbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGto5vMj7YMF+lyjmEL60Gf/YQJqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYTJqbTh5UHRnd1g2WEtPWVF2clFaXzloQW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzooMA0G
CSqGSIb3DQEBCwUAA4IBAQCnbn6A9jdX+9D/n4sKY66/EEIUph54z/tAjbgtS8il
0zinXAKMD9h1Va0VDBtqzrGA6nGjT04oeNz364IuC8Te8+6bkYEPBXLgsdjDTdyj
dB37eSmgrYq62IX2PmEoxRAt66jbO+CasUZsZ4xJ3Sa2d4KxIMQIjQY2krhksxqn
tYQ7tdfWeqONn9OoPOXSsfunLmKcnYWL66VdpPoOfPYtqgc1On79+qyAJqptfa5C
46h/NvCMPZ25khWaw00foPOuscDmxbhHju45EJlPz0S9okDsTySJTKWHMMSJLbSE
D1nTJKHmSnl82G+j/WXHkxmtuHRVF7La2hRNKnJhmhh4
-----END CERTIFICATE-----