Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dLJGRaZD4dKz5eW5z562RLv_XYo.roa
File:                     dLJGRaZD4dKz5eW5z562RLv_XYo.roa (raw, json)
Hash identifier:          mAGHkNN8S9lMGtFyWmhqX/j0twdtYej8utnKpapqr+Y=
Subject key identifier:   74:B2:46:45:A6:43:E1:D2:B3:E5:E5:B9:CF:9E:B6:44:BB:FF:5D:8A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195CBECD403F217A54EECD58DC8C9C1F1D7
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dLJGRaZD4dKz5eW5z562RLv_XYo.roa
Signing time:             Tue 25 Mar 2025 06:10:50 +0000
ROA not before:           Tue 25 Mar 2025 06:10:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401190
IP address blocks:        31.57.212.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cb:ec:d4:03:f2:17:a5:4e:ec:d5:8d:c8:c9:c1:f1:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 25 06:10:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74b24645a643e1d2b3e5e5b9cf9eb644bbff5d8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cd:76:4a:e8:c1:da:16:c8:3d:f0:35:19:b2:
                    e3:59:74:ba:26:df:5f:1f:73:a2:db:14:de:7c:1b:
                    dd:fc:fc:f8:10:be:b3:d6:39:0d:55:46:85:a7:f8:
                    b4:d9:93:e8:62:a2:6a:29:ba:bd:14:18:4b:d0:69:
                    9f:3a:d7:3e:8c:69:a3:0c:76:8e:11:30:7e:a8:9f:
                    45:42:9b:5b:2e:eb:68:c5:11:0c:cf:5f:ea:bf:40:
                    dd:9d:c8:8b:16:db:54:e2:10:24:29:02:f8:de:17:
                    06:ca:07:f4:99:79:43:2c:00:17:2d:59:6b:b2:cd:
                    6c:a2:12:1b:4f:75:06:eb:ae:ef:b8:d0:3e:a2:13:
                    28:e1:7c:6d:6e:a2:6e:03:f3:10:53:07:32:a3:97:
                    c3:13:ed:c7:e7:a7:2f:e3:1a:3e:77:4e:d8:45:9a:
                    a0:b4:38:c0:9e:61:7b:92:07:0a:e6:c0:8f:a4:0a:
                    83:cd:da:0b:2f:94:8f:2c:06:ed:33:d6:86:f3:65:
                    d6:4d:97:bc:5d:5e:9d:cb:57:da:f8:d5:12:18:31:
                    b2:80:ad:1f:e8:5a:7d:15:0b:e1:ee:d1:4c:68:45:
                    b3:13:69:27:b9:6f:ef:2c:d0:aa:4c:01:e7:e1:cb:
                    e7:fd:74:9c:f8:5d:b8:cd:23:ab:36:bc:1d:b2:9d:
                    24:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:B2:46:45:A6:43:E1:D2:B3:E5:E5:B9:CF:9E:B6:44:BB:FF:5D:8A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/dLJGRaZD4dKz5eW5z562RLv_XYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:a8:19:04:56:61:f9:9f:b9:80:92:f2:cb:fd:18:4d:0a:7c:
         83:ee:30:24:15:50:21:85:2c:92:2b:75:e6:13:4f:32:21:95:
         98:12:31:0b:12:b8:56:29:50:78:28:d3:11:69:66:1c:d5:c7:
         99:b6:3b:a4:17:bf:a1:c7:59:cd:13:a0:66:2d:ee:99:d5:67:
         5b:f0:de:00:2b:bd:1f:3f:5c:39:73:6d:c3:6f:2d:53:ff:12:
         31:e4:5e:a7:2b:e4:c0:4b:6d:53:8d:ce:d5:a5:b6:fc:f5:2c:
         d3:cb:7f:e7:a1:50:85:4c:4e:af:14:cc:74:a9:49:da:71:c5:
         24:96:de:93:fb:53:6f:f1:d2:48:72:07:51:c4:81:5e:5b:23:
         4b:a7:f6:8f:c2:a2:33:21:9b:4c:71:69:45:8d:a5:e8:4a:9b:
         a8:b2:57:59:29:11:fa:51:f8:52:82:5a:fb:c7:13:de:b1:43:
         04:39:d0:8a:f0:8e:c8:a8:9f:c4:7e:e9:62:fa:f6:f2:e0:79:
         a5:1c:34:d5:c1:b6:b2:73:c8:66:74:e7:80:58:5c:e7:a6:89:
         be:bd:6a:93:b3:46:c5:28:f6:6d:66:1f:69:cd:59:c0:91:2e:
         3c:7f:96:82:a2:85:5a:8e:0b:5b:ea:ea:bd:38:48:4d:20:20:
         71:fd:31:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXL7NQD8helTuzVjcjJwfHXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzI1MDYxMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGIyNDY0NWE2NDNlMWQyYjNlNWU1YjljZjllYjY0NGJiZmY1ZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2M12SujB2hbIPfA1GbLjWXS6Jt9f
H3Oi2xTefBvd/Pz4EL6z1jkNVUaFp/i02ZPoYqJqKbq9FBhL0GmfOtc+jGmjDHaO
ETB+qJ9FQptbLutoxREMz1/qv0DdnciLFttU4hAkKQL43hcGygf0mXlDLAAXLVlr
ss1sohIbT3UG667vuNA+ohMo4XxtbqJuA/MQUwcyo5fDE+3H56cv4xo+d07YRZqg
tDjAnmF7kgcK5sCPpAqDzdoLL5SPLAbtM9aG82XWTZe8XV6dy1fa+NUSGDGygK0f
6Fp9FQvh7tFMaEWzE2knuW/vLNCqTAHn4cvn/XSc+F24zSOrNrwdsp0k3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSyRkWmQ+HSs+Xluc+etkS7/12KMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZExKR1JhWkQ0ZEt6NWVXNXo1NjJSTHZfWFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHznUMA0G
CSqGSIb3DQEBCwUAA4IBAQAyqBkEVmH5n7mAkvLL/RhNCnyD7jAkFVAhhSySK3Xm
E08yIZWYEjELErhWKVB4KNMRaWYc1ceZtjukF7+hx1nNE6BmLe6Z1Wdb8N4AK70f
P1w5c23Dby1T/xIx5F6nK+TAS21Tjc7Vpbb89SzTy3/noVCFTE6vFMx0qUnaccUk
lt6T+1Nv8dJIcgdRxIFeWyNLp/aPwqIzIZtMcWlFjaXoSpuosldZKRH6UfhSglr7
xxPesUMEOdCK8I7IqJ/Efuli+vby4HmlHDTVwbayc8hmdOeAWFznpom+vWqTs0bF
KPZtZh9pzVnAkS48f5aCooVajgtb6uq9OEhNICBx/TH6
-----END CERTIFICATE-----