Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aLh6T4gKwNjs3QqhhiqIhFRKmRY.roa
File:                     aLh6T4gKwNjs3QqhhiqIhFRKmRY.roa (raw, json)
Hash identifier:          12Hv6/C8x4YezUreHqc0KlABtl5i+5y+EMKT9lEjD1w=
Subject key identifier:   68:B8:7A:4F:88:0A:C0:D8:EC:DD:0A:A1:86:2A:88:84:54:4A:99:16
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192D7CEF467F82972DE23C4B6C8AAEA83D6
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aLh6T4gKwNjs3QqhhiqIhFRKmRY.roa
Signing time:             Tue 29 Oct 2024 10:25:17 +0000
ROA not before:           Tue 29 Oct 2024 10:25:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216022
IP address blocks:        31.56.241.0/24 maxlen: 24
                          31.57.40.0/24 maxlen: 24
                          31.58.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:ce:f4:67:f8:29:72:de:23:c4:b6:c8:aa:ea:83:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 29 10:25:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68b87a4f880ac0d8ecdd0aa1862a8884544a9916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a7:1e:3d:c9:5a:03:ef:8b:28:01:16:71:2c:
                    55:ba:94:fe:d7:93:9f:29:bd:7d:9c:d8:d7:a2:ba:
                    f0:49:84:aa:db:78:85:b2:eb:bb:96:1b:3b:20:66:
                    d0:2f:24:8c:fc:2c:7e:1e:2b:6e:c8:c5:f8:19:da:
                    da:4e:5c:94:36:44:4d:e3:2b:42:e1:fc:e2:fc:e5:
                    f4:62:37:4e:26:65:c8:bb:e4:64:91:4f:b0:f9:8f:
                    25:31:db:5f:a2:ba:f7:69:6a:66:a6:57:00:c7:93:
                    19:fc:0d:e3:5f:3e:2e:18:f2:87:93:cb:b1:a6:f1:
                    b4:9d:e0:c6:4d:12:78:ef:cd:e5:bf:a3:c7:ca:ff:
                    13:52:4e:4b:37:69:16:02:05:85:c8:f4:31:88:b0:
                    ed:6f:cf:3c:2c:c1:17:3d:55:4e:fa:72:76:5a:2a:
                    70:b3:16:4e:cd:31:b6:2d:cc:fd:ca:6e:7b:ad:6d:
                    e2:12:aa:cf:2c:a3:d7:15:ec:e3:a4:5e:9a:44:01:
                    06:6f:d4:55:cf:b3:61:99:7f:bb:9c:ab:92:29:92:
                    78:26:d4:f3:6a:82:9f:ff:eb:ca:23:0d:f1:84:7c:
                    ab:a9:47:5e:af:b3:95:50:83:8f:23:c7:aa:e5:12:
                    bc:a3:d3:70:81:4e:c2:6f:55:b7:1d:65:66:9f:ac:
                    6c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B8:7A:4F:88:0A:C0:D8:EC:DD:0A:A1:86:2A:88:84:54:4A:99:16
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aLh6T4gKwNjs3QqhhiqIhFRKmRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.241.0/24
                  31.57.40.0/24
                  31.58.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:e5:6e:01:18:cb:2d:b0:72:a2:99:66:37:cd:eb:c3:ef:bf:
         ce:cf:d3:ae:78:ca:6f:e9:01:d4:c1:14:4a:c0:8d:e9:d7:e6:
         e4:43:62:67:d7:10:c7:c8:96:39:98:36:28:2c:65:6d:9b:e7:
         d6:79:77:b1:d0:5c:9f:72:80:06:db:77:40:61:0c:92:3f:f7:
         be:8a:68:da:7f:d8:7a:9e:ed:20:9b:ab:fe:13:10:13:4e:1f:
         d5:3a:cb:5c:b8:65:d4:f4:97:1c:8a:98:bb:96:03:e4:92:fe:
         3d:57:68:cb:13:34:0a:4d:41:5f:f5:e2:1f:b4:a8:46:44:f2:
         0a:48:cb:a5:a5:37:f3:8d:3a:87:00:bd:54:55:59:29:10:92:
         f0:fa:ab:3b:7a:df:13:a4:8f:93:62:02:33:93:23:d4:b7:d4:
         1c:0a:93:8b:b6:dc:1e:d7:d7:84:07:27:de:19:1b:f2:62:6d:
         54:e5:e9:a3:f3:ba:83:97:e9:d7:26:d2:92:2c:16:2f:9a:a7:
         82:28:29:10:69:b0:9b:6a:97:36:ce:da:0b:97:6b:cc:94:e6:
         16:14:86:a2:5c:43:3a:9d:45:0e:a7:a1:31:18:d9:1c:c9:1d:
         09:74:5c:58:d6:25:4d:f2:26:d6:0a:dc:43:de:d7:3b:33:31:
         14:2c:f3:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLXzvRn+Cly3iPEtsiq6oPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDI5MTAyNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGI4N2E0Zjg4MGFjMGQ4ZWNkZDBhYTE4NjJhODg4NDU0NGE5OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAracePclaA++LKAEWcSxVupT+15Of
Kb19nNjXorrwSYSq23iFsuu7lhs7IGbQLySM/Cx+HituyMX4GdraTlyUNkRN4ytC
4fzi/OX0YjdOJmXIu+RkkU+w+Y8lMdtforr3aWpmplcAx5MZ/A3jXz4uGPKHk8ux
pvG0neDGTRJ4783lv6PHyv8TUk5LN2kWAgWFyPQxiLDtb888LMEXPVVO+nJ2Wipw
sxZOzTG2Lcz9ym57rW3iEqrPLKPXFezjpF6aRAEGb9RVz7NhmX+7nKuSKZJ4JtTz
aoKf/+vKIw3xhHyrqUder7OVUIOPI8eq5RK8o9NwgU7Cb1W3HWVmn6xs7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGi4ek+ICsDY7N0KoYYqiIRUSpkWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYUxoNlQ0Z0t3TmpzM1FxaGhpcUloRlJLbVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjxAwQA
HzkoAwQAHzqCMA0GCSqGSIb3DQEBCwUAA4IBAQBl5W4BGMstsHKimWY3zevD77/O
z9OueMpv6QHUwRRKwI3p1+bkQ2Jn1xDHyJY5mDYoLGVtm+fWeXex0FyfcoAG23dA
YQySP/e+imjaf9h6nu0gm6v+ExATTh/VOstcuGXU9Jccipi7lgPkkv49V2jLEzQK
TUFf9eIftKhGRPIKSMulpTfzjTqHAL1UVVkpEJLw+qs7et8TpI+TYgIzkyPUt9Qc
CpOLttwe19eEByfeGRvyYm1U5emj87qDl+nXJtKSLBYvmqeCKCkQabCbapc2ztoL
l2vMlOYWFIaiXEM6nUUOp6ExGNkcyR0JdFxY1iVN8ibWCtxD3tc7MzEULPMb
-----END CERTIFICATE-----