Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fzCXvTWiMfcMK5WMqOGz3r05Iac.roa
File:                     fzCXvTWiMfcMK5WMqOGz3r05Iac.roa (raw, json)
Hash identifier:          H2KRxbpILKRPD4edgSo8dicMBdzdqr2/cOB8sbG1v9c=
Subject key identifier:   7F:30:97:BD:35:A2:31:F7:0C:2B:95:8C:A8:E1:B3:DE:BD:39:21:A7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234C4132BEF077D3EAD1B8A75A4643
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fzCXvTWiMfcMK5WMqOGz3r05Iac.roa
Signing time:             Thu 02 Jan 2025 17:49:49 +0000
ROA not before:           Thu 02 Jan 2025 17:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60504
IP address blocks:        31.56.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:4c:41:32:be:f0:77:d3:ea:d1:b8:a7:5a:46:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f3097bd35a231f70c2b958ca8e1b3debd3921a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:53:68:5e:89:8a:75:79:06:81:6e:87:6f:b4:
                    e9:0d:da:92:70:ae:33:f7:b8:c6:20:a8:be:9a:0f:
                    2e:b0:34:21:f5:c7:30:ae:0b:40:1e:58:c0:ef:5b:
                    d4:49:62:bb:00:dc:b8:a1:1f:95:1d:96:76:dd:8d:
                    e5:17:88:67:57:b8:20:06:6a:6d:c9:bd:b6:11:07:
                    fe:1a:c0:1b:60:85:0f:85:c5:b7:d2:4c:a9:25:34:
                    ce:d5:23:f9:a8:ab:9d:09:f2:44:98:31:eb:e1:88:
                    d6:3b:18:bc:95:8b:03:d9:84:49:6c:28:39:ab:bf:
                    6c:9c:2d:bd:29:0d:99:06:b6:a7:66:fc:24:b6:79:
                    2a:51:52:73:c3:d7:77:1c:1f:65:6f:96:c8:6d:82:
                    93:fd:79:80:07:8e:21:25:ca:7a:37:b1:5f:f0:41:
                    bf:4e:29:e9:88:ca:3b:48:e9:bd:d6:fb:d3:bd:67:
                    c7:9a:d2:7a:57:36:b8:52:7b:66:f4:c8:d3:5c:98:
                    7d:79:d3:6e:fe:6c:d4:e0:4e:fe:52:4b:74:ef:ff:
                    24:b5:87:d5:2f:ce:cd:cd:0e:c8:e9:69:de:c1:9b:
                    2d:09:a8:5e:1f:53:98:7d:92:92:0a:b4:f7:61:10:
                    4e:15:5f:81:cf:8e:c7:8b:26:1f:28:c9:9b:4c:7a:
                    cb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:30:97:BD:35:A2:31:F7:0C:2B:95:8C:A8:E1:B3:DE:BD:39:21:A7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fzCXvTWiMfcMK5WMqOGz3r05Iac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c2:7a:cc:8c:05:2a:3a:7a:f4:fa:7c:ab:68:f5:12:fc:16:
         47:ae:9a:be:90:a8:f0:d4:87:a2:29:bb:e6:8b:1a:8e:d6:ff:
         d7:c2:f6:1e:f4:c7:ce:b4:92:6d:90:a4:b6:91:67:8f:a6:67:
         c6:e4:df:c8:cf:6b:05:37:c7:df:d6:f6:06:d4:e1:8a:68:9a:
         37:42:a9:82:67:03:75:b8:c2:90:6b:84:90:c4:8d:fa:97:0a:
         af:b9:c4:0a:0c:dc:cc:7b:43:c3:ef:9c:ee:63:6e:5e:90:51:
         30:78:c9:b2:18:b1:50:14:e4:b9:b0:7c:8d:fe:b9:85:d5:3d:
         94:65:bc:f1:73:61:7b:53:3d:91:d6:ef:2a:61:93:68:c0:ad:
         e0:97:c8:ac:bc:7b:db:0a:19:ee:2b:f3:a6:f7:2a:e9:ab:97:
         56:85:fc:ed:26:b6:05:a1:97:fb:1b:b0:23:94:b9:ae:b1:33:
         87:2b:4b:1a:5e:cf:be:c4:88:cd:23:b6:a6:41:96:51:32:3f:
         00:d2:f4:4f:bb:55:d0:f9:bd:5c:b5:43:8a:22:25:72:ec:b6:
         22:48:80:3e:28:11:9b:2a:69:fb:46:a8:eb:cb:3b:5c:eb:81:
         be:df:05:8a:58:b0:75:97:b4:47:37:8e:37:62:6c:aa:e8:ab:
         2c:ce:03:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0xBMr7wd9Pq0binWkZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjMwOTdiZDM1YTIzMWY3MGMyYjk1OGNhOGUxYjNkZWJkMzkyMWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1NoXomKdXkGgW6Hb7TpDdqScK4z
97jGIKi+mg8usDQh9ccwrgtAHljA71vUSWK7ANy4oR+VHZZ23Y3lF4hnV7ggBmpt
yb22EQf+GsAbYIUPhcW30kypJTTO1SP5qKudCfJEmDHr4YjWOxi8lYsD2YRJbCg5
q79snC29KQ2ZBranZvwktnkqUVJzw9d3HB9lb5bIbYKT/XmAB44hJcp6N7Ff8EG/
TinpiMo7SOm91vvTvWfHmtJ6Vza4Untm9MjTXJh9edNu/mzU4E7+Ukt07/8ktYfV
L87NzQ7I6WnewZstCaheH1OYfZKSCrT3YRBOFV+Bz47HiyYfKMmbTHrLnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8wl701ojH3DCuVjKjhs969OSGnMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZnpDWHZUV2lNZmNNSzVXTXFPR3ozcjA1SWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgvMA0G
CSqGSIb3DQEBCwUAA4IBAQCZwnrMjAUqOnr0+nyraPUS/BZHrpq+kKjw1IeiKbvm
ixqO1v/XwvYe9MfOtJJtkKS2kWePpmfG5N/Iz2sFN8ff1vYG1OGKaJo3QqmCZwN1
uMKQa4SQxI36lwqvucQKDNzMe0PD75zuY25ekFEweMmyGLFQFOS5sHyN/rmF1T2U
Zbzxc2F7Uz2R1u8qYZNowK3gl8isvHvbChnuK/Om9yrpq5dWhfztJrYFoZf7G7Aj
lLmusTOHK0saXs++xIjNI7amQZZRMj8A0vRPu1XQ+b1ctUOKIiVy7LYiSIA+KBGb
Kmn7Rqjryztc64G+3wWKWLB1l7RHN443Ymyq6KsszgMb
-----END CERTIFICATE-----