Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iONysRHj0U6Khd51bM57b99xWFk.roa
File:                     iONysRHj0U6Khd51bM57b99xWFk.roa (raw, json)
Hash identifier:          XPktQdm5TGDo5gfFEo4vE1F6VwmB+iIdqcS3b+M/5hg=
Subject key identifier:   88:E3:72:B1:11:E3:D1:4E:8A:85:DE:75:6C:CE:7B:6F:DF:71:58:59
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01923C071118951555AE7A33A3DB215B926C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iONysRHj0U6Khd51bM57b99xWFk.roa
Signing time:             Sun 29 Sep 2024 04:25:49 +0000
ROA not before:           Sun 29 Sep 2024 04:25:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214138
IP address blocks:        31.56.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3c:07:11:18:95:15:55:ae:7a:33:a3:db:21:5b:92:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 29 04:25:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88e372b111e3d14e8a85de756cce7b6fdf715859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b2:3b:f1:3c:ce:e7:05:73:61:e2:65:26:c9:
                    e8:83:0f:05:aa:3a:15:20:3b:8f:c5:ef:04:ae:46:
                    cb:f3:bb:23:cd:f4:94:cd:d3:db:a1:aa:66:2f:28:
                    a2:c4:e8:85:6a:9f:fe:44:16:de:df:76:20:62:61:
                    89:53:67:07:07:21:6f:5e:c0:81:26:b1:04:8d:75:
                    e5:ad:50:37:97:01:74:f1:c3:c5:83:a9:99:54:06:
                    2a:68:5c:f4:4b:0b:62:7b:f9:bc:28:f7:4e:5a:b3:
                    70:38:81:6f:4a:99:0f:5e:90:24:85:f8:d3:4c:b0:
                    58:1c:f4:e5:4e:c1:af:be:05:e5:d4:b6:13:55:94:
                    6b:90:27:da:54:9a:9c:45:98:a1:f7:ef:14:91:1d:
                    61:3b:8e:4c:9e:d6:c1:e6:02:63:ac:41:13:e3:51:
                    16:54:30:a6:e1:3f:9d:7b:a7:87:15:30:cc:07:68:
                    29:3e:e3:ba:89:cf:92:df:08:38:a1:df:5e:24:d5:
                    9a:9e:49:0a:94:9a:c4:6e:fa:64:7e:aa:52:8f:dd:
                    5e:b4:51:d5:7a:b9:6a:5c:3c:4f:e0:24:8c:09:0b:
                    e9:54:1e:5a:d9:32:c5:39:6e:bd:5c:7b:9b:c6:ef:
                    3b:d2:e2:22:6b:0c:11:cc:2c:b1:c9:9a:69:2c:32:
                    c0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E3:72:B1:11:E3:D1:4E:8A:85:DE:75:6C:CE:7B:6F:DF:71:58:59
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iONysRHj0U6Khd51bM57b99xWFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d1:b7:e5:67:3e:9e:f9:0d:b1:b4:8d:02:37:b0:4d:0d:ff:
         93:23:68:1b:0e:0b:1f:cd:9b:ec:c1:04:eb:4d:46:02:ac:19:
         66:33:23:79:c5:7b:74:08:a6:25:d7:8b:44:f6:8b:13:5d:42:
         f2:3c:15:40:84:27:99:35:24:0b:27:86:51:8c:e4:bd:2f:51:
         c2:cc:55:2d:a5:32:5d:8a:e9:d7:e1:f0:58:5c:ac:05:8a:ef:
         22:fb:9e:9e:e8:8e:27:e9:45:93:87:25:e8:40:a6:1d:a8:06:
         2e:18:05:f0:99:b3:cf:d0:37:15:77:dd:6c:22:a2:e4:58:11:
         20:7b:22:47:fa:41:85:49:f2:34:d8:54:64:ac:94:bd:b1:32:
         8e:3e:be:82:c9:e5:72:1a:ce:bf:f6:6c:2c:a6:fe:0e:b8:d7:
         c7:27:26:7c:35:d1:83:5f:1b:f7:48:02:ac:04:12:55:5e:a7:
         18:d8:06:38:91:d3:83:50:ff:35:d2:b3:ac:82:8c:59:51:1f:
         76:74:8d:94:93:fb:22:be:84:3b:59:25:5b:6f:ca:2e:00:c8:
         1e:69:a3:1a:bd:60:b0:d7:be:61:3a:c2:6a:7b:ad:26:55:b0:
         9c:30:9c:da:82:60:53:28:3c:f3:48:c7:cd:a9:22:b5:86:4f:
         de:6a:3b:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI8BxEYlRVVrnozo9shW5JsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTI5MDQyNTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGUzNzJiMTExZTNkMTRlOGE4NWRlNzU2Y2NlN2I2ZmRmNzE1ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprI78TzO5wVzYeJlJsnogw8FqjoV
IDuPxe8ErkbL87sjzfSUzdPboapmLyiixOiFap/+RBbe33YgYmGJU2cHByFvXsCB
JrEEjXXlrVA3lwF08cPFg6mZVAYqaFz0Swtie/m8KPdOWrNwOIFvSpkPXpAkhfjT
TLBYHPTlTsGvvgXl1LYTVZRrkCfaVJqcRZih9+8UkR1hO45MntbB5gJjrEET41EW
VDCm4T+de6eHFTDMB2gpPuO6ic+S3wg4od9eJNWankkKlJrEbvpkfqpSj91etFHV
erlqXDxP4CSMCQvpVB5a2TLFOW69XHubxu870uIiawwRzCyxyZppLDLAyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjjcrER49FOioXedWzOe2/fcVhZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaU9OeXNSSGowVTZLaGQ1MWJNNTdiOTl4V0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgtMA0G
CSqGSIb3DQEBCwUAA4IBAQCD0bflZz6e+Q2xtI0CN7BNDf+TI2gbDgsfzZvswQTr
TUYCrBlmMyN5xXt0CKYl14tE9osTXULyPBVAhCeZNSQLJ4ZRjOS9L1HCzFUtpTJd
iunX4fBYXKwFiu8i+56e6I4n6UWThyXoQKYdqAYuGAXwmbPP0DcVd91sIqLkWBEg
eyJH+kGFSfI02FRkrJS9sTKOPr6CyeVyGs6/9mwspv4OuNfHJyZ8NdGDXxv3SAKs
BBJVXqcY2AY4kdODUP810rOsgoxZUR92dI2Uk/sivoQ7WSVbb8ouAMgeaaMavWCw
175hOsJqe60mVbCcMJzagmBTKDzzSMfNqSK1hk/eaju7
-----END CERTIFICATE-----