Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bz735MCcBd_MLhqK5rivsB0tp7c.roa
File:                     bz735MCcBd_MLhqK5rivsB0tp7c.roa (raw, json)
Hash identifier:          iSJR6Vqra+dBPcBI8PmhoTT0qEqw/Li/WdKTiUo+7DY=
Subject key identifier:   6F:3E:F7:E4:C0:9C:05:DF:CC:2E:1A:8A:E6:B8:AF:B0:1D:2D:A7:B7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282344DFD120A5F7609763E70427FA1C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bz735MCcBd_MLhqK5rivsB0tp7c.roa
Signing time:             Thu 02 Jan 2025 17:49:47 +0000
ROA not before:           Thu 02 Jan 2025 17:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46177
IP address blocks:        31.56.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:44:df:d1:20:a5:f7:60:97:63:e7:04:27:fa:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f3ef7e4c09c05dfcc2e1a8ae6b8afb01d2da7b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:23:5b:d4:e4:32:e2:15:2e:df:f9:0b:ad:de:
                    cf:df:48:32:4f:8e:81:44:67:fa:72:ea:97:c7:03:
                    83:08:c5:84:63:89:38:c0:33:1a:81:82:65:87:8b:
                    bd:f9:87:03:d6:b8:03:83:58:0b:a7:d6:3d:19:0b:
                    3e:24:18:9f:0e:a5:eb:c5:aa:3f:c4:ab:13:27:4c:
                    79:b2:82:be:c6:7f:78:86:d3:65:ba:b5:84:82:ca:
                    b8:44:56:26:87:b1:e3:6d:73:67:ca:2a:22:63:a3:
                    91:35:19:2e:8d:ec:77:4f:1c:0e:4d:61:e8:f5:34:
                    9c:59:1e:fe:32:f1:ba:f2:d6:f3:45:07:ba:78:9a:
                    ab:67:3d:06:67:40:83:5e:a4:c2:0a:65:18:84:1b:
                    ca:bd:af:50:c7:da:b1:fb:9d:0d:37:0e:94:94:1f:
                    34:b4:5a:50:7b:ad:a1:d5:dd:f4:2f:f3:b2:45:0c:
                    fe:7f:7b:ed:34:a8:9e:ce:6d:e8:d0:9d:30:43:99:
                    c2:17:6e:ac:ed:8f:c0:6c:ce:9c:77:f1:5a:dd:d2:
                    49:84:f4:2d:a9:31:d2:b2:d8:a6:0d:02:ea:e6:45:
                    cb:cd:fa:b7:2b:27:27:7e:ca:ae:b6:2c:71:19:35:
                    22:ee:02:c2:1a:ee:12:5d:0a:e7:1f:04:6b:ca:91:
                    59:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:3E:F7:E4:C0:9C:05:DF:CC:2E:1A:8A:E6:B8:AF:B0:1D:2D:A7:B7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/bz735MCcBd_MLhqK5rivsB0tp7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:aa:28:5a:38:05:cd:6e:4b:a5:e9:9a:ec:d8:a0:1a:78:12:
         37:6c:7e:14:44:ea:b7:5e:12:c2:26:87:83:c8:55:bf:85:8e:
         fe:03:b6:aa:6e:a7:cc:ad:78:fd:f0:d0:69:6f:bd:dc:0b:4c:
         83:18:45:90:51:17:00:ea:1a:8b:b0:50:e6:8d:ea:20:05:7c:
         5a:33:56:30:3d:96:d5:ac:7a:f3:d0:55:83:f4:e7:51:be:e6:
         0a:d6:38:f9:3d:17:74:40:fc:b4:21:14:53:fb:fd:a3:7f:ff:
         fe:77:c4:87:1b:92:e9:7f:30:36:33:9d:6a:38:8f:2f:68:6a:
         c3:aa:74:ce:4f:f4:b8:2e:ec:23:a6:bd:9d:32:97:13:e8:4b:
         d6:6e:d7:bf:90:9b:51:fc:ed:3a:98:51:b2:26:ee:97:89:41:
         8f:71:eb:17:e3:af:ee:d6:6b:93:14:93:bc:4f:b7:e7:b8:b8:
         78:bd:d3:a5:72:69:06:00:65:e1:7f:54:b4:e5:14:85:ab:8b:
         a3:d8:d8:64:fa:b9:d7:32:67:f2:3d:17:e1:82:9a:c4:4c:f3:
         8b:48:6b:39:86:3e:60:86:72:2f:c8:42:ad:4d:ae:c4:c9:2d:
         10:58:90:e0:72:62:5a:26:56:c5:0c:f0:a8:14:6b:11:08:68:
         84:a8:ea:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0Tf0SCl92CXY+cEJ/ocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjNlZjdlNGMwOWMwNWRmY2MyZTFhOGFlNmI4YWZiMDFkMmRhN2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiNb1OQy4hUu3/kLrd7P30gyT46B
RGf6cuqXxwODCMWEY4k4wDMagYJlh4u9+YcD1rgDg1gLp9Y9GQs+JBifDqXrxao/
xKsTJ0x5soK+xn94htNlurWEgsq4RFYmh7HjbXNnyioiY6ORNRkujex3TxwOTWHo
9TScWR7+MvG68tbzRQe6eJqrZz0GZ0CDXqTCCmUYhBvKva9Qx9qx+50NNw6UlB80
tFpQe62h1d30L/OyRQz+f3vtNKiezm3o0J0wQ5nCF26s7Y/AbM6cd/Fa3dJJhPQt
qTHSstimDQLq5kXLzfq3KycnfsqutixxGTUi7gLCGu4SXQrnHwRrypFZFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8+9+TAnAXfzC4aiua4r7AdLae3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYno3MzVNQ2NCZF9NTGhxSzVyaXZzQjB0cDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhBMA0G
CSqGSIb3DQEBCwUAA4IBAQBQqihaOAXNbkul6Zrs2KAaeBI3bH4UROq3XhLCJoeD
yFW/hY7+A7aqbqfMrXj98NBpb73cC0yDGEWQURcA6hqLsFDmjeogBXxaM1YwPZbV
rHrz0FWD9OdRvuYK1jj5PRd0QPy0IRRT+/2jf//+d8SHG5LpfzA2M51qOI8vaGrD
qnTOT/S4Luwjpr2dMpcT6EvWbte/kJtR/O06mFGyJu6XiUGPcesX46/u1muTFJO8
T7fnuLh4vdOlcmkGAGXhf1S05RSFq4uj2Nhk+rnXMmfyPRfhgprETPOLSGs5hj5g
hnIvyEKtTa7EyS0QWJDgcmJaJlbFDPCoFGsRCGiEqOp8
-----END CERTIFICATE-----