Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aa_0kTFdsCRxS6v5J6UY5Eue9v4.roa
File:                     aa_0kTFdsCRxS6v5J6UY5Eue9v4.roa (raw, json)
Hash identifier:          YORZjtCXSvUSzBwR0+lUhWKTUFusWld/lWbIOLi5sFo=
Subject key identifier:   69:AF:F4:91:31:5D:B0:24:71:4B:AB:F9:27:A5:18:E4:4B:9E:F6:FE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01956B4AD180307A5318DA9DEDF8880B5772
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aa_0kTFdsCRxS6v5J6UY5Eue9v4.roa
Signing time:             Thu 06 Mar 2025 11:50:20 +0000
ROA not before:           Thu 06 Mar 2025 11:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51847
IP address blocks:        31.57.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:4a:d1:80:30:7a:53:18:da:9d:ed:f8:88:0b:57:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar  6 11:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69aff491315db024714babf927a518e44b9ef6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:12:5d:f1:d8:02:b9:31:15:b6:88:c6:59:1b:
                    ea:9d:b2:6a:e6:a4:3d:d7:02:93:1e:ac:c0:ee:9a:
                    16:ee:80:87:93:6f:07:56:e5:d6:37:34:ff:43:53:
                    c9:26:82:56:0c:62:b3:3b:e6:7c:13:92:22:39:54:
                    ec:4c:16:54:c0:d8:e9:7c:e9:46:13:21:0e:0c:59:
                    f3:f4:b3:42:48:1f:05:93:82:91:e6:6c:a9:cb:15:
                    12:48:23:45:7b:02:62:8e:26:53:cc:89:2d:dd:3d:
                    50:67:6f:35:30:65:d9:52:19:a3:6e:05:f9:49:54:
                    ee:3e:3d:a5:3b:c3:ca:64:5e:91:18:92:93:8b:53:
                    14:ac:67:6c:92:00:dd:87:ac:31:a1:80:a1:bf:47:
                    af:27:b6:37:5a:1f:4a:14:82:51:df:5c:c3:f8:1e:
                    6f:79:19:0d:7e:88:e7:19:ee:10:86:16:d7:cb:42:
                    09:25:93:ea:f0:15:6a:9c:9c:e6:83:9a:9c:cb:8b:
                    a4:9b:49:b5:4a:ca:a8:81:e7:0a:33:09:f5:0a:07:
                    c7:ee:ed:0b:81:6c:dc:95:67:96:1b:94:6d:46:2e:
                    6a:ac:98:e4:49:3a:87:89:7b:fc:a9:d5:2c:7f:5a:
                    04:66:25:9c:dc:22:78:16:66:fd:15:3c:12:fb:ae:
                    44:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AF:F4:91:31:5D:B0:24:71:4B:AB:F9:27:A5:18:E4:4B:9E:F6:FE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aa_0kTFdsCRxS6v5J6UY5Eue9v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8b:0e:95:38:10:30:0c:4f:29:e1:24:89:7c:46:74:64:fc:
         53:6f:07:d4:4d:4a:d2:ff:1d:e6:e4:0f:29:f0:93:fe:d4:17:
         4e:3c:76:74:39:b3:9b:28:f6:0a:85:20:77:47:7c:18:1d:95:
         4a:9a:c1:53:d8:c3:f4:a1:91:0f:a5:ba:0e:1f:b8:e4:ba:13:
         ce:9c:fd:7a:c7:f4:8f:25:6f:94:55:28:53:59:1e:c2:b4:20:
         d1:f1:3b:86:a3:1c:c9:4f:e5:9e:62:89:92:3c:f3:d9:bd:da:
         29:71:71:92:3f:43:bf:78:8f:0f:3d:69:e1:db:70:ea:4b:93:
         52:b9:19:23:10:d6:77:32:f8:69:35:21:5d:5e:ae:26:a0:04:
         e9:85:2b:16:13:8d:b6:3e:e4:07:12:90:58:fe:7a:73:74:a9:
         db:dc:7a:e7:4e:28:c7:ea:e5:31:c9:ba:f3:89:25:d0:83:29:
         39:ea:86:9f:03:19:79:6d:68:87:77:06:83:8a:17:7e:78:35:
         43:e2:68:6c:49:b9:5e:e2:10:cf:5c:e1:da:70:55:f0:a6:bf:
         fb:3c:91:58:22:d2:35:26:36:94:38:de:a4:a7:73:28:76:51:
         a6:0d:da:a7:1f:af:80:3c:a1:c7:10:ed:4e:c7:4c:8a:45:0d:
         11:0f:92:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVrStGAMHpTGNqd7fiIC1dyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzA2MTE1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWFmZjQ5MTMxNWRiMDI0NzE0YmFiZjkyN2E1MThlNDRiOWVmNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBJd8dgCuTEVtojGWRvqnbJq5qQ9
1wKTHqzA7poW7oCHk28HVuXWNzT/Q1PJJoJWDGKzO+Z8E5IiOVTsTBZUwNjpfOlG
EyEODFnz9LNCSB8Fk4KR5mypyxUSSCNFewJijiZTzIkt3T1QZ281MGXZUhmjbgX5
SVTuPj2lO8PKZF6RGJKTi1MUrGdskgDdh6wxoYChv0evJ7Y3Wh9KFIJR31zD+B5v
eRkNfojnGe4QhhbXy0IJJZPq8BVqnJzmg5qcy4ukm0m1SsqogecKMwn1CgfH7u0L
gWzclWeWG5RtRi5qrJjkSTqHiXv8qdUsf1oEZiWc3CJ4Fmb9FTwS+65EFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmv9JExXbAkcUur+SelGORLnvb+MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYWFfMGtURmRzQ1J4UzZ2NUo2VVk1RXVlOXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznYMA0G
CSqGSIb3DQEBCwUAA4IBAQBHiw6VOBAwDE8p4SSJfEZ0ZPxTbwfUTUrS/x3m5A8p
8JP+1BdOPHZ0ObObKPYKhSB3R3wYHZVKmsFT2MP0oZEPpboOH7jkuhPOnP16x/SP
JW+UVShTWR7CtCDR8TuGoxzJT+WeYomSPPPZvdopcXGSP0O/eI8PPWnh23DqS5NS
uRkjENZ3MvhpNSFdXq4moATphSsWE422PuQHEpBY/npzdKnb3HrnTijH6uUxybrz
iSXQgyk56oafAxl5bWiHdwaDihd+eDVD4mhsSble4hDPXOHacFXwpr/7PJFYItI1
JjaUON6kp3ModlGmDdqnH6+APKHHEO1Ox0yKRQ0RD5JB
-----END CERTIFICATE-----