Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/h4hlYJx96lboQj0I8Kp3X7f3GPw.roa
File:                     h4hlYJx96lboQj0I8Kp3X7f3GPw.roa (raw, json)
Hash identifier:          nObfdVbgaM6N9xHTai6gvXdgINLfpR5TVDHVc+jDW8c=
Subject key identifier:   87:88:65:60:9C:7D:EA:56:E8:42:3D:08:F0:AA:77:5F:B7:F7:18:FC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01930D03EE94457C6E08E859F26E3137D835
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/h4hlYJx96lboQj0I8Kp3X7f3GPw.roa
Signing time:             Fri 08 Nov 2024 18:23:01 +0000
ROA not before:           Fri 08 Nov 2024 18:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400696
IP address blocks:        31.58.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0d:03:ee:94:45:7c:6e:08:e8:59:f2:6e:31:37:d8:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  8 18:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=878865609c7dea56e8423d08f0aa775fb7f718fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cb:f1:26:de:b9:1b:f7:f0:d1:9f:87:8d:5e:
                    37:ab:d4:a4:26:e8:33:dd:b2:b8:eb:2c:e9:9d:15:
                    6b:51:88:7e:c1:6b:9a:6e:7a:b3:3c:53:d8:a7:54:
                    87:2d:ab:fc:a5:f5:a8:54:e4:39:8a:2c:24:bf:8f:
                    d2:e0:b1:91:30:0a:6b:b2:ad:6e:07:a8:b9:82:60:
                    44:73:fb:bc:b3:af:bc:aa:86:aa:01:bd:cb:ce:b5:
                    dc:4f:41:57:3b:de:4d:ee:58:31:fd:dd:61:ca:e1:
                    ad:5f:29:92:4f:06:3a:a5:26:6f:ee:d7:03:dd:68:
                    c8:4c:44:30:71:fa:9e:80:f0:8e:1c:c3:75:c0:1c:
                    28:59:2b:92:b7:d1:2c:8e:d3:73:97:a6:b4:ef:c5:
                    4a:8c:13:fa:ea:c5:0b:30:67:33:57:ff:5d:55:cb:
                    e0:da:70:c2:ae:88:20:86:17:9b:38:34:96:27:99:
                    3a:b0:1b:a9:04:3a:2b:b3:a2:ab:99:23:e0:cc:a5:
                    87:74:51:90:7c:5f:e9:0d:f1:3b:47:dc:b8:c3:ae:
                    fc:03:8b:41:97:43:c4:db:76:63:a2:4b:00:d7:48:
                    35:3a:43:65:6f:97:96:e5:34:11:37:cf:a6:00:26:
                    d2:83:23:05:96:91:61:bb:b0:78:8c:f5:63:3a:83:
                    04:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:88:65:60:9C:7D:EA:56:E8:42:3D:08:F0:AA:77:5F:B7:F7:18:FC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/h4hlYJx96lboQj0I8Kp3X7f3GPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:47:8a:f2:ea:bf:b3:3c:70:15:15:43:e2:47:c4:c8:d7:1e:
         c2:49:9b:96:9b:ef:b3:bd:fd:e4:88:ef:75:d0:dd:15:80:b5:
         a6:03:af:20:5d:e9:44:47:c5:38:12:4d:87:ba:9f:7b:32:cc:
         b2:60:ff:cd:8f:83:7a:c0:cc:4d:42:3b:ec:1c:13:ea:f5:10:
         ed:8c:87:ae:1d:11:6c:79:00:27:32:d3:f2:02:f8:7b:62:5d:
         af:0f:c3:7b:e2:ab:01:87:ec:1b:45:b4:53:20:a5:b8:61:a4:
         03:79:a6:54:33:9c:74:59:7a:db:7d:25:9a:24:33:17:10:24:
         95:3c:fb:09:1b:26:a5:1b:f9:26:5b:ae:c5:05:73:8d:2e:41:
         67:39:49:62:48:98:72:af:fb:a5:6e:2e:68:dd:fd:13:88:55:
         ee:3f:a4:3b:3c:82:b6:a7:6e:64:47:20:b2:84:a4:9d:19:d9:
         33:98:d4:55:68:94:f1:c3:34:9a:b8:2c:68:79:40:d1:a5:de:
         84:b2:29:63:df:35:8e:65:f2:fe:f0:21:d2:f9:20:ce:dc:b0:
         4d:b2:89:5f:bb:45:06:c4:f2:22:be:1a:3a:f1:b2:96:f1:e9:
         6e:84:64:1a:2b:c7:b7:9b:f5:2b:e2:44:6b:6b:de:fb:cd:67:
         dd:d8:2a:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMNA+6URXxuCOhZ8m4xN9g1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA4MTgyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg4NjU2MDljN2RlYTU2ZTg0MjNkMDhmMGFhNzc1ZmI3ZjcxOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8vxJt65G/fw0Z+HjV43q9SkJugz
3bK46yzpnRVrUYh+wWuabnqzPFPYp1SHLav8pfWoVOQ5iiwkv4/S4LGRMAprsq1u
B6i5gmBEc/u8s6+8qoaqAb3LzrXcT0FXO95N7lgx/d1hyuGtXymSTwY6pSZv7tcD
3WjITEQwcfqegPCOHMN1wBwoWSuSt9EsjtNzl6a078VKjBP66sULMGczV/9dVcvg
2nDCrogghhebODSWJ5k6sBupBDors6KrmSPgzKWHdFGQfF/pDfE7R9y4w678A4tB
l0PE23ZjoksA10g1OkNlb5eW5TQRN8+mACbSgyMFlpFhu7B4jPVjOoMEiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeIZWCcfepW6EI9CPCqd1+39xj8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaDRobFlKeDk2bGJvUWowSThLcDNYN2YzR1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqfMA0G
CSqGSIb3DQEBCwUAA4IBAQBwR4ry6r+zPHAVFUPiR8TI1x7CSZuWm++zvf3kiO91
0N0VgLWmA68gXelER8U4Ek2Hup97MsyyYP/Nj4N6wMxNQjvsHBPq9RDtjIeuHRFs
eQAnMtPyAvh7Yl2vD8N74qsBh+wbRbRTIKW4YaQDeaZUM5x0WXrbfSWaJDMXECSV
PPsJGyalG/kmW67FBXONLkFnOUliSJhyr/ulbi5o3f0TiFXuP6Q7PIK2p25kRyCy
hKSdGdkzmNRVaJTxwzSauCxoeUDRpd6Esilj3zWOZfL+8CHS+SDO3LBNsolfu0UG
xPIivho68bKW8eluhGQaK8e3m/Ur4kRra977zWfd2Cpb
-----END CERTIFICATE-----