Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/eBCzpIyMiYK_fx7Q3KisZ_t-CoY.roa
File:                     eBCzpIyMiYK_fx7Q3KisZ_t-CoY.roa (raw, json)
Hash identifier:          zBkzzvVwehSzJKHNQ9wooEWrGqSVwFZqBzCqX5m4fNE=
Subject key identifier:   78:10:B3:A4:8C:8C:89:82:BF:7F:1E:D0:DC:A8:AC:67:FB:7E:0A:86
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192CD538A271AF6C80BA0D95C294924BBCB
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/eBCzpIyMiYK_fx7Q3KisZ_t-CoY.roa
Signing time:             Sun 27 Oct 2024 09:34:17 +0000
ROA not before:           Sun 27 Oct 2024 09:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213990
IP address blocks:        31.59.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cd:53:8a:27:1a:f6:c8:0b:a0:d9:5c:29:49:24:bb:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 27 09:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7810b3a48c8c8982bf7f1ed0dca8ac67fb7e0a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:16:75:79:1b:e3:a9:67:f7:73:65:81:dc:2c:
                    26:48:f6:32:fc:34:54:24:3b:16:29:9f:6d:eb:3f:
                    7c:2c:22:f9:89:78:4e:43:5b:d5:e2:c6:85:bf:98:
                    73:85:23:c8:8a:0a:28:9b:4a:68:56:2d:6f:3e:e1:
                    a7:59:db:c7:79:7e:69:48:b7:82:ab:da:0c:8d:98:
                    2a:3f:93:39:96:e5:70:bc:16:5d:5d:5b:3c:e3:f2:
                    21:ac:50:46:31:36:55:e8:d6:69:24:3f:14:03:18:
                    f2:5d:da:8f:32:97:73:b9:f2:f3:ca:36:fc:92:36:
                    70:ec:c3:3b:a2:0e:6b:2f:48:75:15:f1:0f:4c:c7:
                    5a:86:28:a8:87:fc:51:77:1d:1d:3a:08:5a:55:ae:
                    98:c1:38:a1:df:10:e2:87:50:6e:cb:3f:16:5a:36:
                    b1:cd:a1:b1:14:f0:66:47:fa:1f:a0:03:41:cb:25:
                    a8:52:25:14:b5:9e:a3:58:f3:f4:e3:93:06:ac:39:
                    d3:46:b5:9e:a5:24:df:32:c8:c4:ed:f4:c1:47:86:
                    ad:50:b7:a8:fa:8e:e9:59:f1:c1:ea:97:51:ff:f5:
                    c1:08:88:7a:47:58:a9:3b:0e:3b:96:56:ef:43:3a:
                    f4:6a:22:84:c3:d1:96:73:d5:cf:39:45:de:8f:57:
                    22:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:10:B3:A4:8C:8C:89:82:BF:7F:1E:D0:DC:A8:AC:67:FB:7E:0A:86
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/eBCzpIyMiYK_fx7Q3KisZ_t-CoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:42:da:51:81:17:63:e1:69:85:43:6c:d6:ca:35:43:66:1f:
         10:15:d4:b6:83:3c:f9:ef:ee:5c:b2:16:ad:d5:54:60:50:d5:
         cc:29:28:32:d4:06:74:86:28:ac:c3:66:ae:07:1a:99:20:be:
         9f:6d:2f:0e:1f:0b:ee:87:1e:99:f4:4c:d7:48:e5:df:8a:a3:
         6b:05:c5:3d:b5:2b:0a:d3:28:5f:e1:b4:c7:8b:7a:9e:81:79:
         97:27:f2:3e:c1:01:f2:5f:87:50:85:9f:ab:75:59:ef:e1:51:
         2d:ac:18:d3:e8:b0:6c:8c:5b:75:93:41:f1:0b:71:34:27:c1:
         a4:f3:ba:cb:ad:28:60:76:2c:ab:6f:a3:8a:0a:e0:61:f6:09:
         e2:34:a8:58:a4:db:c5:91:ce:8d:49:de:d7:17:1f:fc:58:f9:
         2f:71:92:82:64:dc:28:d4:6b:c1:c7:7a:7f:7e:96:c7:c1:21:
         b8:b5:cf:d9:c1:d4:9b:c2:59:1f:c3:f4:3c:e2:84:c1:5d:f4:
         11:36:8f:61:b0:52:09:2a:69:27:aa:60:97:6e:62:a7:25:ff:
         97:ab:d5:71:c9:dc:be:3c:80:ff:7d:56:28:0a:66:5d:a0:b7:
         5c:f7:7b:4a:a6:bb:5e:60:c5:35:00:10:49:20:f4:2b:60:27:
         75:da:db:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLNU4onGvbIC6DZXClJJLvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDI3MDkzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODEwYjNhNDhjOGM4OTgyYmY3ZjFlZDBkY2E4YWM2N2ZiN2UwYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBZ1eRvjqWf3c2WB3CwmSPYy/DRU
JDsWKZ9t6z98LCL5iXhOQ1vV4saFv5hzhSPIigoom0poVi1vPuGnWdvHeX5pSLeC
q9oMjZgqP5M5luVwvBZdXVs84/IhrFBGMTZV6NZpJD8UAxjyXdqPMpdzufLzyjb8
kjZw7MM7og5rL0h1FfEPTMdahiioh/xRdx0dOghaVa6YwTih3xDih1Buyz8WWjax
zaGxFPBmR/ofoANByyWoUiUUtZ6jWPP045MGrDnTRrWepSTfMsjE7fTBR4atULeo
+o7pWfHB6pdR//XBCIh6R1ipOw47llbvQzr0aiKEw9GWc9XPOUXej1ci/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgQs6SMjImCv38e0NyorGf7fgqGMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZUJDenBJeU1pWUtfZng3UTNLaXNaX3QtQ29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztFMA0G
CSqGSIb3DQEBCwUAA4IBAQAnQtpRgRdj4WmFQ2zWyjVDZh8QFdS2gzz57+5cshat
1VRgUNXMKSgy1AZ0hiisw2auBxqZIL6fbS8OHwvuhx6Z9EzXSOXfiqNrBcU9tSsK
0yhf4bTHi3qegXmXJ/I+wQHyX4dQhZ+rdVnv4VEtrBjT6LBsjFt1k0HxC3E0J8Gk
87rLrShgdiyrb6OKCuBh9gniNKhYpNvFkc6NSd7XFx/8WPkvcZKCZNwo1GvBx3p/
fpbHwSG4tc/ZwdSbwlkfw/Q84oTBXfQRNo9hsFIJKmknqmCXbmKnJf+Xq9Vxydy+
PID/fVYoCmZdoLdc93tKprteYMU1ABBJIPQrYCd12tvn
-----END CERTIFICATE-----