Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gS1ZdqUxdxK6lvMf_8wWMnZyUGo.roa
File:                     gS1ZdqUxdxK6lvMf_8wWMnZyUGo.roa (raw, json)
Hash identifier:          3k7hfUcl+Rt0MrGR1cLf00bcVKJ7wthdUqTPQ1f8a+s=
Subject key identifier:   81:2D:59:76:A5:31:77:12:BA:96:F3:1F:FF:CC:16:32:76:72:50:6A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282389825ECEF9ED952291DB8BB01880
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gS1ZdqUxdxK6lvMf_8wWMnZyUGo.roa
Signing time:             Thu 02 Jan 2025 17:50:05 +0000
ROA not before:           Thu 02 Jan 2025 17:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400696
IP address blocks:        31.58.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:89:82:5e:ce:f9:ed:95:22:91:db:8b:b0:18:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=812d5976a5317712ba96f31fffcc16327672506a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:83:dd:67:ff:15:3b:f9:ce:ea:14:7b:30:55:
                    27:08:4a:8a:4c:5d:5f:b1:94:a0:1f:40:5e:65:a9:
                    70:5d:3a:bc:29:c3:0f:77:56:2f:6e:83:86:fc:5e:
                    79:69:18:8a:0d:e2:26:36:63:f1:b1:4f:85:d3:bf:
                    40:bb:86:83:b3:3a:ef:ce:f7:8f:f4:fe:c1:67:38:
                    8d:59:5e:99:3c:35:a0:9f:8e:e2:b2:86:5b:7c:40:
                    ad:ab:19:d6:19:a1:93:15:a1:21:f4:25:28:38:18:
                    fb:e6:d6:55:4f:50:fe:29:91:66:84:d2:b3:6d:16:
                    ab:de:27:86:de:01:ef:0d:db:1f:94:56:7d:d1:d2:
                    9c:b6:f0:83:a5:e7:78:62:27:8f:62:ad:12:e3:3c:
                    56:e6:47:a7:f0:41:85:55:9a:3a:b1:c9:d0:b5:db:
                    9b:c7:b1:25:48:ac:68:d4:0e:90:86:31:d3:0a:22:
                    5f:4c:0e:79:58:0f:f2:46:20:cc:e8:90:fc:87:2a:
                    ae:e0:5a:1c:96:a4:10:b9:4f:3a:ab:35:6e:fb:27:
                    c8:17:62:be:07:af:32:fa:45:bd:ae:6d:b2:e9:4a:
                    07:0a:53:52:30:1b:fe:22:19:fd:42:84:1f:d4:22:
                    c6:ad:93:06:48:70:8d:76:e0:35:ba:d4:94:e0:cc:
                    33:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:2D:59:76:A5:31:77:12:BA:96:F3:1F:FF:CC:16:32:76:72:50:6A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gS1ZdqUxdxK6lvMf_8wWMnZyUGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:57:68:ff:4c:d4:bf:5f:5d:50:c1:51:5e:59:53:e2:29:16:
         33:a8:46:e1:25:99:e3:ae:9d:79:7c:e0:30:87:40:6e:fc:9e:
         7b:28:b3:e5:34:67:d3:b6:d7:59:34:00:1c:ff:b9:65:d6:22:
         92:89:6c:f9:9d:2a:c1:99:32:76:6c:2f:a1:a9:92:86:5a:37:
         0c:4f:13:bd:da:e3:30:97:03:33:ec:1d:c2:fc:05:4b:8a:67:
         5a:d3:b5:48:14:b9:90:66:76:e8:04:c1:df:ad:b8:e7:92:be:
         31:1f:32:52:0f:59:ae:2b:4e:88:b1:78:8c:d6:62:6b:20:61:
         37:ee:eb:7e:3c:ee:af:dd:65:f3:75:97:a0:49:a2:d8:b5:e2:
         d5:1a:65:00:85:9e:19:10:a4:b7:28:fc:0e:fc:82:e1:98:17:
         b6:bf:70:b5:da:d7:ca:4e:96:20:3a:71:a7:ed:c5:c7:f4:18:
         f4:98:ac:78:57:79:7e:dd:0d:32:35:2f:02:8e:0e:86:3d:79:
         59:57:33:31:3d:a6:f9:37:82:44:5d:96:33:ec:71:98:6a:01:
         f7:ab:ff:2b:b2:29:01:23:74:8d:8c:fa:2c:ff:de:97:a6:7d:
         b1:68:0e:59:cd:d4:fd:dd:ab:31:b4:93:4e:bc:42:e7:08:bc:
         f6:17:51:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4mCXs757ZUikduLsBiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTJkNTk3NmE1MzE3NzEyYmE5NmYzMWZmZmNjMTYzMjc2NzI1MDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoPdZ/8VO/nO6hR7MFUnCEqKTF1f
sZSgH0BeZalwXTq8KcMPd1YvboOG/F55aRiKDeImNmPxsU+F079Au4aDszrvzveP
9P7BZziNWV6ZPDWgn47isoZbfECtqxnWGaGTFaEh9CUoOBj75tZVT1D+KZFmhNKz
bRar3ieG3gHvDdsflFZ90dKctvCDped4YiePYq0S4zxW5ken8EGFVZo6scnQtdub
x7ElSKxo1A6QhjHTCiJfTA55WA/yRiDM6JD8hyqu4FoclqQQuU86qzVu+yfIF2K+
B68y+kW9rm2y6UoHClNSMBv+Ihn9QoQf1CLGrZMGSHCNduA1utSU4MwzqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEtWXalMXcSupbzH//MFjJ2clBqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZ1MxWmRxVXhkeEs2bHZNZl84d1dNblp5VUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqfMA0G
CSqGSIb3DQEBCwUAA4IBAQC5V2j/TNS/X11QwVFeWVPiKRYzqEbhJZnjrp15fOAw
h0Bu/J57KLPlNGfTttdZNAAc/7ll1iKSiWz5nSrBmTJ2bC+hqZKGWjcMTxO92uMw
lwMz7B3C/AVLimda07VIFLmQZnboBMHfrbjnkr4xHzJSD1muK06IsXiM1mJrIGE3
7ut+PO6v3WXzdZegSaLYteLVGmUAhZ4ZEKS3KPwO/ILhmBe2v3C12tfKTpYgOnGn
7cXH9Bj0mKx4V3l+3Q0yNS8Cjg6GPXlZVzMxPab5N4JEXZYz7HGYagH3q/8rsikB
I3SNjPos/96Xpn2xaA5ZzdT93asxtJNOvELnCLz2F1FM
-----END CERTIFICATE-----