Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fso2Ql2jldcoKKqT8Lmlz_-t8vE.roa
File:                     fso2Ql2jldcoKKqT8Lmlz_-t8vE.roa (raw, json)
Hash identifier:          deUdowo7/Wi7jk4hijqYTHSGq0nlohx1MAjWX6WoByI=
Subject key identifier:   7E:CA:36:42:5D:A3:95:D7:28:28:AA:93:F0:B9:A5:CF:FF:AD:F2:F1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019302A4E6E8ABB391D3F6C4601EA6B0ECFC
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fso2Ql2jldcoKKqT8Lmlz_-t8vE.roa
Signing time:             Wed 06 Nov 2024 18:03:01 +0000
ROA not before:           Wed 06 Nov 2024 18:03:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136501
IP address blocks:        31.58.172.0/22 maxlen: 24
                          31.59.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:a4:e6:e8:ab:b3:91:d3:f6:c4:60:1e:a6:b0:ec:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  6 18:03:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eca36425da395d72828aa93f0b9a5cfffadf2f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:90:10:49:09:d7:af:45:89:d7:96:1e:93:15:
                    f7:c6:27:57:6d:cb:17:f3:8a:e3:f1:97:a2:49:51:
                    f2:4b:09:79:57:b8:1c:88:bc:3f:ca:80:62:29:2b:
                    f3:12:15:74:4f:2c:da:47:c7:84:c6:54:12:e4:8f:
                    9f:96:19:43:fd:7e:d5:ba:a1:e8:0e:01:19:a7:d1:
                    f5:a7:98:f7:a2:47:c1:9a:10:9a:58:07:d8:c6:a2:
                    e2:89:10:b1:17:b3:18:3e:e1:3b:b9:65:9e:bf:57:
                    ad:9e:e2:af:ff:01:b1:c2:cc:29:e3:a3:b7:00:e6:
                    21:9c:cd:dd:60:49:6d:29:6d:d8:25:4e:c9:5f:56:
                    5a:07:77:73:ab:56:9b:7f:fc:3f:be:66:bf:a9:c4:
                    6e:2b:e9:60:0a:d4:60:3b:38:88:5d:77:da:93:f9:
                    8c:37:87:3b:27:ca:53:4e:c5:27:9a:7f:bd:fd:b4:
                    8a:02:8d:fc:89:ca:67:0f:d2:ee:6a:42:a4:82:9e:
                    63:a8:e6:30:be:98:e8:1c:59:33:46:25:17:a4:47:
                    cd:5f:4c:3e:eb:b6:ca:8f:17:92:27:32:e5:f9:56:
                    43:0f:87:2d:c1:83:8c:61:30:ea:b3:e2:95:ba:85:
                    d2:65:46:fe:33:2a:74:b3:03:bb:fe:3a:c1:ee:28:
                    5d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CA:36:42:5D:A3:95:D7:28:28:AA:93:F0:B9:A5:CF:FF:AD:F2:F1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fso2Ql2jldcoKKqT8Lmlz_-t8vE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.172.0/22
                  31.59.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:23:6e:e6:d8:76:47:e1:c6:6e:0b:5f:c0:f0:11:bf:46:73:
         ee:31:24:96:05:04:f5:f3:52:c9:35:75:39:9a:b1:b0:0c:e1:
         81:71:2a:dd:d5:57:fe:e5:aa:19:0f:09:36:45:ec:de:12:69:
         a8:81:ce:10:58:96:15:6b:7b:fb:53:8d:09:9c:44:35:86:78:
         5c:a3:c9:4d:d4:72:a2:7b:db:85:ec:62:8b:3a:ec:5a:21:f4:
         72:77:9c:5c:be:9d:1d:c1:70:a8:75:77:dd:b1:b9:4e:d2:55:
         3b:99:8d:4c:4b:68:d2:07:2d:84:dc:f1:41:11:64:f2:58:75:
         14:ac:52:17:ec:48:ec:6e:87:04:85:de:df:2d:e9:44:32:27:
         1f:c0:ea:27:74:d4:75:a0:77:81:49:68:8b:81:d6:4d:ee:1e:
         1e:8b:df:a7:23:b3:f7:68:cc:4f:99:ac:be:32:76:7c:73:52:
         f7:7e:95:07:87:5b:e0:24:ca:ab:c5:00:a2:4c:72:74:13:c2:
         de:e6:4e:01:ac:15:05:0d:30:fc:96:a5:ae:8f:71:5a:c7:12:
         ba:26:cd:a7:94:1f:f2:b5:1e:eb:b2:a8:99:2e:48:29:8d:34:
         2a:95:9e:ad:fc:82:91:03:1d:31:55:35:fb:ca:eb:55:6e:ae:
         99:85:36:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMCpOboq7OR0/bEYB6msOz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA2MTgwMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNhMzY0MjVkYTM5NWQ3MjgyOGFhOTNmMGI5YTVjZmZmYWRmMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZAQSQnXr0WJ15YekxX3xidXbcsX
84rj8ZeiSVHySwl5V7gciLw/yoBiKSvzEhV0TyzaR8eExlQS5I+flhlD/X7VuqHo
DgEZp9H1p5j3okfBmhCaWAfYxqLiiRCxF7MYPuE7uWWev1etnuKv/wGxwswp46O3
AOYhnM3dYEltKW3YJU7JX1ZaB3dzq1abf/w/vma/qcRuK+lgCtRgOziIXXfak/mM
N4c7J8pTTsUnmn+9/bSKAo38icpnD9LuakKkgp5jqOYwvpjoHFkzRiUXpEfNX0w+
67bKjxeSJzLl+VZDD4ctwYOMYTDqs+KVuoXSZUb+Myp0swO7/jrB7ihdJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH7KNkJdo5XXKCiqk/C5pc//rfLxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZnNvMlFsMmpsZGNvS0txVDhMbWx6Xy10OHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCHzqsAwQC
HztMMA0GCSqGSIb3DQEBCwUAA4IBAQBUI27m2HZH4cZuC1/A8BG/RnPuMSSWBQT1
81LJNXU5mrGwDOGBcSrd1Vf+5aoZDwk2RezeEmmogc4QWJYVa3v7U40JnEQ1hnhc
o8lN1HKie9uF7GKLOuxaIfRyd5xcvp0dwXCodXfdsblO0lU7mY1MS2jSBy2E3PFB
EWTyWHUUrFIX7EjsbocEhd7fLelEMicfwOondNR1oHeBSWiLgdZN7h4ei9+nI7P3
aMxPmay+MnZ8c1L3fpUHh1vgJMqrxQCiTHJ0E8Le5k4BrBUFDTD8lqWuj3FaxxK6
Js2nlB/ytR7rsqiZLkgpjTQqlZ6t/IKRAx0xVTX7yutVbq6ZhTbv
-----END CERTIFICATE-----