Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aOuAcriZFm9av2pkCkGEID95-BM.roa
File:                     aOuAcriZFm9av2pkCkGEID95-BM.roa (raw, json)
Hash identifier:          SXK8i3T8zhqTkqyrOh66o7BK975TN+O2/fcCxmHLdeY=
Subject key identifier:   68:EB:80:72:B8:99:16:6F:5A:BF:6A:64:0A:41:84:20:3F:79:F8:13
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192D33A29DC50273F29482ADF6C62C76EDB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aOuAcriZFm9av2pkCkGEID95-BM.roa
Signing time:             Mon 28 Oct 2024 13:04:17 +0000
ROA not before:           Mon 28 Oct 2024 13:04:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        31.57.135.0/24 maxlen: 24
                          217.60.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:3a:29:dc:50:27:3f:29:48:2a:df:6c:62:c7:6e:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 28 13:04:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68eb8072b899166f5abf6a640a4184203f79f813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4d:76:54:83:9f:09:68:54:3b:c8:af:0d:76:
                    6e:dd:71:d1:45:ae:db:ac:97:6e:74:c2:db:27:2a:
                    ec:b4:60:fb:e0:f8:c6:2f:5b:21:75:e9:ab:f8:34:
                    3a:d9:26:ec:5f:fb:4e:ea:c5:98:8f:98:64:80:c2:
                    29:a0:17:0e:6f:d6:e8:a3:63:fd:fc:58:83:4d:4b:
                    f5:85:fc:8f:6c:ef:28:c3:64:ba:24:99:0c:1a:99:
                    94:d1:46:c8:6e:1e:dd:e1:f9:80:02:7e:b3:60:ee:
                    29:e6:e4:b7:7e:20:f9:2c:7c:55:d1:cc:7b:41:ca:
                    45:1c:46:b5:e3:ab:2a:28:6c:b5:65:4f:85:fb:63:
                    d0:c1:9f:cb:fd:52:cf:cf:ad:b0:12:87:4b:1a:6e:
                    a7:4c:08:31:05:fd:3f:d9:98:1a:7c:7d:0e:69:6b:
                    7c:6d:94:1e:f4:1e:5f:86:b2:b6:56:71:91:c9:a4:
                    13:2b:ac:6b:84:27:22:73:bb:19:94:2d:82:9e:3f:
                    3c:a7:70:11:bf:62:2a:f3:9d:df:7c:a2:74:8c:32:
                    99:00:c2:1c:0d:b1:eb:ba:a1:83:d1:7a:12:67:d8:
                    ca:a8:35:7b:41:12:eb:69:ab:f7:42:4c:3a:f9:d9:
                    7f:be:da:a8:74:06:fc:61:ea:97:38:57:d3:7f:92:
                    8b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:EB:80:72:B8:99:16:6F:5A:BF:6A:64:0A:41:84:20:3F:79:F8:13
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aOuAcriZFm9av2pkCkGEID95-BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.135.0/24
                  217.60.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         45:2a:cb:57:81:ef:92:5d:b3:14:77:38:f5:44:06:bf:fc:8e:
         60:24:d2:cd:ca:46:0f:bc:fc:2b:f8:d1:1b:c6:d7:23:01:ed:
         a5:73:83:88:66:a8:ad:aa:60:0a:bb:73:65:b9:d8:a8:aa:4a:
         43:cb:5a:c7:1c:08:0e:a3:85:83:d2:4b:9f:56:7a:45:8e:f7:
         5d:df:d0:8f:de:63:39:25:c5:16:8d:73:1e:c5:9a:3d:ff:e9:
         d1:c8:aa:bf:0e:61:82:eb:93:8b:2c:9f:8f:b4:20:40:31:b3:
         6e:31:6c:95:e5:a8:09:a3:30:66:82:d9:c2:c6:e1:fb:1f:c6:
         77:e9:60:86:f3:93:86:2b:0f:3a:96:ce:a6:d1:1f:27:a5:73:
         20:b3:83:31:46:b6:49:1e:90:9b:73:a3:b7:2a:3f:e4:7b:1a:
         6c:32:1e:d4:b7:e7:ed:ad:22:6f:88:eb:ec:cb:95:b1:81:71:
         32:05:7c:af:67:48:54:d0:1b:52:b9:6e:ca:34:93:5d:12:28:
         58:ae:8b:c4:ea:8d:1d:44:08:cc:13:cb:9f:1f:75:3a:b7:63:
         b1:43:09:35:54:7c:b2:a9:58:74:d7:c9:20:79:65:0d:df:4f:
         e7:e5:1c:82:5d:b7:11:3d:b1:ff:83:70:10:68:2e:4c:b0:65:
         a1:2a:14:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLTOincUCc/KUgq32xix27bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDI4MTMwNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGViODA3MmI4OTkxNjZmNWFiZjZhNjQwYTQxODQyMDNmNzlmODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk12VIOfCWhUO8ivDXZu3XHRRa7b
rJdudMLbJyrstGD74PjGL1shdemr+DQ62SbsX/tO6sWYj5hkgMIpoBcOb9boo2P9
/FiDTUv1hfyPbO8ow2S6JJkMGpmU0UbIbh7d4fmAAn6zYO4p5uS3fiD5LHxV0cx7
QcpFHEa146sqKGy1ZU+F+2PQwZ/L/VLPz62wEodLGm6nTAgxBf0/2ZgafH0OaWt8
bZQe9B5fhrK2VnGRyaQTK6xrhCcic7sZlC2Cnj88p3ARv2Iq853ffKJ0jDKZAMIc
DbHruqGD0XoSZ9jKqDV7QRLraav3Qkw6+dl/vtqodAb8YeqXOFfTf5KLOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGjrgHK4mRZvWr9qZApBhCA/efgTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYU91QWNyaVpGbTlhdjJwa0NrR0VJRDk1LUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzmHAwQG
2TxAMA0GCSqGSIb3DQEBCwUAA4IBAQBFKstXge+SXbMUdzj1RAa//I5gJNLNykYP
vPwr+NEbxtcjAe2lc4OIZqitqmAKu3NludioqkpDy1rHHAgOo4WD0kufVnpFjvdd
39CP3mM5JcUWjXMexZo9/+nRyKq/DmGC65OLLJ+PtCBAMbNuMWyV5agJozBmgtnC
xuH7H8Z36WCG85OGKw86ls6m0R8npXMgs4MxRrZJHpCbc6O3Kj/kexpsMh7Ut+ft
rSJviOvsy5WxgXEyBXyvZ0hU0BtSuW7KNJNdEihYrovE6o0dRAjME8ufH3U6t2Ox
Qwk1VHyyqVh018kgeWUN30/n5RyCXbcRPbH/g3AQaC5MsGWhKhRh
-----END CERTIFICATE-----