Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aNqVNu2HDdVt_etz31chKmX6QV4.roa
File:                     aNqVNu2HDdVt_etz31chKmX6QV4.roa (raw, json)
Hash identifier:          4dCHUqnw+baPElIm1nt0ngM0/nbO5AR33+U343IdaGE=
Subject key identifier:   68:DA:95:36:ED:87:0D:D5:6D:FD:EB:73:DF:57:21:2A:65:FA:41:5E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01929A8DCBE63E9C2A4EE527F5FBABA83ECB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aNqVNu2HDdVt_etz31chKmX6QV4.roa
Signing time:             Thu 17 Oct 2024 12:57:16 +0000
ROA not before:           Thu 17 Oct 2024 12:57:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214134
IP address blocks:        31.58.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 23:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9a:8d:cb:e6:3e:9c:2a:4e:e5:27:f5:fb:ab:a8:3e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 17 12:57:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68da9536ed870dd56dfdeb73df57212a65fa415e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8d:52:46:1b:21:d2:c0:c7:ce:91:a8:4d:ed:
                    ca:93:e4:50:a5:2d:60:ca:21:b5:44:7d:37:09:9a:
                    21:8e:8e:57:00:c9:35:c7:19:6f:3d:ae:d3:93:7e:
                    a8:fc:09:da:a3:de:bc:73:c4:d7:50:5f:a7:64:5c:
                    1b:df:1c:b0:99:22:e4:a0:46:3f:5d:e9:8a:39:ba:
                    16:8b:4c:39:99:7d:9d:e6:67:5d:84:82:c0:3c:74:
                    be:1c:0b:9b:65:16:32:ec:72:0b:53:7b:f8:01:ed:
                    4f:96:32:1e:0a:93:2e:f9:89:77:3d:a1:2b:96:79:
                    a8:71:ca:e1:ce:16:db:2e:71:63:5b:33:78:2d:9f:
                    9d:84:66:c6:a6:64:7e:97:2a:9f:dc:6f:c7:b1:46:
                    fa:8d:13:b4:22:ae:c1:01:9b:4c:eb:7e:c9:86:30:
                    3a:a5:d7:6e:50:a6:51:8f:43:08:6b:59:09:b2:bd:
                    c6:ef:0d:ad:71:16:a3:e6:6e:3a:6a:97:7b:18:53:
                    bb:43:96:c9:2d:82:15:ef:b3:58:e2:cf:37:45:e0:
                    0c:38:2d:e7:5f:1a:9c:e9:ed:48:5c:7d:22:20:d9:
                    7d:f9:ea:59:28:71:43:fd:70:ab:af:53:0e:6e:90:
                    72:e3:75:38:b6:09:b8:5a:75:ed:c5:50:c5:08:8c:
                    1a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DA:95:36:ED:87:0D:D5:6D:FD:EB:73:DF:57:21:2A:65:FA:41:5E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aNqVNu2HDdVt_etz31chKmX6QV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:c5:a5:4b:c1:94:14:9f:47:f9:dd:bd:fc:31:62:79:29:30:
         f4:62:34:da:b5:0f:7e:67:73:30:bc:d1:d9:2d:fc:1a:7f:26:
         65:cc:74:16:c8:5b:d4:d6:e7:2d:2e:67:bc:fb:58:64:94:41:
         e3:f0:8f:71:cf:b2:31:af:d0:f5:d3:95:05:7b:d9:01:f2:4e:
         b4:da:46:1d:15:81:d8:a3:3b:17:92:8f:46:08:82:64:2f:c2:
         07:6b:27:0c:c9:7a:95:08:80:ca:b2:2c:b9:f9:f6:85:b2:7c:
         4c:a9:de:84:78:7e:a6:1d:77:39:4b:46:6d:bd:ed:a8:0b:a0:
         b8:02:75:9e:76:54:53:8a:6f:0a:14:64:83:08:07:13:85:2b:
         65:5d:c9:52:2f:b4:dd:c0:5b:9f:a9:36:36:49:62:79:8c:29:
         1b:49:e3:82:fb:2a:3d:50:b9:e3:f6:a9:fa:d6:cf:f8:74:97:
         f8:69:e8:63:a4:90:58:cf:93:63:98:6f:ab:f7:24:81:d1:b4:
         a8:6f:cf:be:14:d1:4a:ce:06:88:fe:66:6e:4c:ec:c8:ac:99:
         69:22:e1:30:dc:52:8f:44:5d:8c:c1:78:17:92:db:ad:a2:9b:
         5f:79:1c:38:81:c1:94:bb:59:57:a2:31:a8:9c:61:80:f3:9a:
         17:74:28:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKajcvmPpwqTuUn9furqD7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDE3MTI1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRhOTUzNmVkODcwZGQ1NmRmZGViNzNkZjU3MjEyYTY1ZmE0MTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhY1SRhsh0sDHzpGoTe3Kk+RQpS1g
yiG1RH03CZohjo5XAMk1xxlvPa7Tk36o/Anao968c8TXUF+nZFwb3xywmSLkoEY/
XemKOboWi0w5mX2d5mddhILAPHS+HAubZRYy7HILU3v4Ae1PljIeCpMu+Yl3PaEr
lnmoccrhzhbbLnFjWzN4LZ+dhGbGpmR+lyqf3G/HsUb6jRO0Iq7BAZtM637JhjA6
pdduUKZRj0MIa1kJsr3G7w2tcRaj5m46apd7GFO7Q5bJLYIV77NY4s83ReAMOC3n
Xxqc6e1IXH0iINl9+epZKHFD/XCrr1MObpBy43U4tgm4WnXtxVDFCIwauwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjalTbthw3Vbf3rc99XISpl+kFeMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYU5xVk51MkhEZFZ0X2V0ejMxY2hLbVg2UVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzo6MA0G
CSqGSIb3DQEBCwUAA4IBAQASxaVLwZQUn0f53b38MWJ5KTD0YjTatQ9+Z3MwvNHZ
LfwafyZlzHQWyFvU1uctLme8+1hklEHj8I9xz7Ixr9D105UFe9kB8k602kYdFYHY
ozsXko9GCIJkL8IHaycMyXqVCIDKsiy5+faFsnxMqd6EeH6mHXc5S0Ztve2oC6C4
AnWedlRTim8KFGSDCAcThStlXclSL7TdwFufqTY2SWJ5jCkbSeOC+yo9ULnj9qn6
1s/4dJf4aehjpJBYz5NjmG+r9ySB0bSob8++FNFKzgaI/mZuTOzIrJlpIuEw3FKP
RF2MwXgXktutoptfeRw4gcGUu1lXojGonGGA85oXdCh3
-----END CERTIFICATE-----