Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cVjTbHE0AkUfhymoYH0H1eKPzqQ.roa
File:                     cVjTbHE0AkUfhymoYH0H1eKPzqQ.roa (raw, json)
Hash identifier:          ckWdEQc22uynHNwjgtJ4zC/SRBdqzFFlqHuA602YgfI=
Subject key identifier:   71:58:D3:6C:71:34:02:45:1F:87:29:A8:60:7D:07:D5:E2:8F:CE:A4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019248D93B3AE8F00B3F4C112B6D0B9F8AA9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cVjTbHE0AkUfhymoYH0H1eKPzqQ.roa
Signing time:             Tue 01 Oct 2024 16:10:48 +0000
ROA not before:           Tue 01 Oct 2024 16:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215026
IP address blocks:        31.57.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:d9:3b:3a:e8:f0:0b:3f:4c:11:2b:6d:0b:9f:8a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  1 16:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7158d36c713402451f8729a8607d07d5e28fcea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1b:63:c6:e9:f4:5e:7f:ef:ee:43:f8:ee:92:
                    b5:54:a6:d1:57:8a:52:0d:12:95:e8:f7:8e:8d:cf:
                    73:c1:de:39:ac:2b:f2:73:9b:86:07:75:d3:9a:61:
                    e7:a6:1b:90:89:34:68:b4:8c:9d:25:68:32:be:92:
                    ec:4d:68:da:71:64:3b:3d:ab:6b:74:13:10:02:ea:
                    b5:4c:ce:55:b0:87:47:f0:00:d3:b5:62:1a:05:97:
                    00:da:4c:3e:97:a1:f2:b6:cf:18:58:13:11:94:32:
                    e0:69:1d:7d:02:3a:d8:43:72:59:d2:73:5c:88:85:
                    ac:0a:23:c5:ef:04:47:eb:0b:f6:51:02:13:1c:a2:
                    e5:84:84:25:b0:4d:1a:50:2a:e6:8a:2b:39:58:c1:
                    14:84:66:9c:61:c1:29:c8:0c:c3:11:10:d4:00:61:
                    8f:f6:07:93:09:92:9f:2f:a6:03:4b:a7:90:0c:c6:
                    cd:3e:34:cf:8f:c5:45:ca:ea:ea:77:a7:d3:b3:27:
                    b8:a1:a2:d4:ae:f5:aa:33:92:1f:05:0b:93:48:c5:
                    e1:58:21:d1:9f:59:c6:fd:ae:97:e7:cb:b8:63:1b:
                    d6:bc:7b:bd:4c:96:50:02:5f:d3:8d:cb:1e:42:04:
                    c6:9e:39:cc:68:d7:21:26:3e:e5:37:28:77:09:9f:
                    9d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:58:D3:6C:71:34:02:45:1F:87:29:A8:60:7D:07:D5:E2:8F:CE:A4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/cVjTbHE0AkUfhymoYH0H1eKPzqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:7e:ff:06:c8:4b:ca:3f:91:36:a4:a7:0e:2c:c6:9d:29:51:
         b5:67:27:d4:37:d0:a8:44:cc:87:fc:a9:57:d7:c3:fc:2c:14:
         9e:b7:ae:62:e0:5a:9d:27:59:fb:88:63:d9:f6:95:23:66:ab:
         b7:5c:c6:bb:fe:a3:e2:18:c0:19:be:ce:72:21:39:91:f7:cc:
         14:ec:34:81:d1:28:a0:42:54:ac:45:4e:f6:13:8a:b3:0a:24:
         a0:3f:a6:80:1f:c0:13:49:0c:a5:19:a6:89:f6:f0:79:09:f0:
         98:02:d0:f0:2d:cf:26:35:f4:50:b4:76:1b:34:e4:a4:47:1c:
         41:87:69:65:68:e3:ea:13:32:f7:96:57:02:ee:07:45:cc:50:
         bb:32:2f:c1:cf:35:c9:9d:19:a9:61:a4:92:1e:fd:b4:8b:fd:
         ff:57:87:12:59:c7:f8:33:f8:61:ec:0e:a0:7c:ae:17:0d:2a:
         39:95:3b:1f:d2:81:b7:15:f1:96:97:f7:84:b2:b6:a6:b1:42:
         30:b1:c0:c1:7b:c1:74:ba:7f:e1:44:74:77:9f:89:4b:f9:68:
         e7:1c:23:b6:3d:1b:fc:c1:a2:3a:c9:f8:32:96:48:72:3d:16:
         f5:03:f8:3d:27:aa:4f:df:dc:e2:05:97:e6:2a:03:60:cc:00:
         d4:56:ff:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJI2Ts66PALP0wRK20Ln4qpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDAxMTYxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTU4ZDM2YzcxMzQwMjQ1MWY4NzI5YTg2MDdkMDdkNWUyOGZjZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRtjxun0Xn/v7kP47pK1VKbRV4pS
DRKV6PeOjc9zwd45rCvyc5uGB3XTmmHnphuQiTRotIydJWgyvpLsTWjacWQ7Patr
dBMQAuq1TM5VsIdH8ADTtWIaBZcA2kw+l6Hyts8YWBMRlDLgaR19AjrYQ3JZ0nNc
iIWsCiPF7wRH6wv2UQITHKLlhIQlsE0aUCrmiis5WMEUhGacYcEpyAzDERDUAGGP
9geTCZKfL6YDS6eQDMbNPjTPj8VFyurqd6fTsye4oaLUrvWqM5IfBQuTSMXhWCHR
n1nG/a6X58u4YxvWvHu9TJZQAl/TjcseQgTGnjnMaNchJj7lNyh3CZ+dFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFY02xxNAJFH4cpqGB9B9Xij86kMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvY1ZqVGJIRTBBa1VmaHltb1lIMEgxZUtQenFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmfMA0G
CSqGSIb3DQEBCwUAA4IBAQASfv8GyEvKP5E2pKcOLMadKVG1ZyfUN9CoRMyH/KlX
18P8LBSet65i4FqdJ1n7iGPZ9pUjZqu3XMa7/qPiGMAZvs5yITmR98wU7DSB0Sig
QlSsRU72E4qzCiSgP6aAH8ATSQylGaaJ9vB5CfCYAtDwLc8mNfRQtHYbNOSkRxxB
h2llaOPqEzL3llcC7gdFzFC7Mi/BzzXJnRmpYaSSHv20i/3/V4cSWcf4M/hh7A6g
fK4XDSo5lTsf0oG3FfGWl/eEsramsUIwscDBe8F0un/hRHR3n4lL+WjnHCO2PRv8
waI6yfgylkhyPRb1A/g9J6pP39ziBZfmKgNgzADUVv/H
-----END CERTIFICATE-----