Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jq-C5i965D4cozWE-oTGTEGN7fk.roa
File:                     jq-C5i965D4cozWE-oTGTEGN7fk.roa (raw, json)
Hash identifier:          IQApsPU8rE7oaFZX2zDE0cDa8en5ZTlgJyrzI7ca3Ag=
Subject key identifier:   8E:AF:82:E6:2F:7A:E4:3E:1C:A3:35:84:FA:84:C6:4C:41:8D:ED:F9
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019470C15908A8C0EC24596B3591CB0C0A53
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jq-C5i965D4cozWE-oTGTEGN7fk.roa
Signing time:             Thu 16 Jan 2025 20:15:06 +0000
ROA not before:           Thu 16 Jan 2025 20:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        31.56.160.0/21 maxlen: 24
                          31.57.202.0/24 maxlen: 24
                          31.57.203.0/24 maxlen: 24
                          31.59.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:70:c1:59:08:a8:c0:ec:24:59:6b:35:91:cb:0c:0a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 16 20:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8eaf82e62f7ae43e1ca33584fa84c64c418dedf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d5:28:cc:18:8c:6a:f2:54:5b:d4:d2:bb:27:
                    64:61:62:de:34:5d:42:93:97:8a:10:38:23:75:49:
                    3d:f4:5b:5e:d3:35:a6:b5:b9:a1:75:06:dd:3b:43:
                    54:6e:f7:e5:b1:99:60:7c:9a:e0:64:20:1d:3c:07:
                    84:88:65:c3:ee:13:cc:52:33:9f:8c:cf:5b:5d:1e:
                    e7:c7:1a:87:8e:8e:42:67:8d:e2:f7:a1:46:83:d3:
                    71:76:11:a8:fd:6e:d3:a6:a8:2e:71:cb:23:37:a0:
                    cf:01:ee:eb:33:ec:8b:91:79:19:82:0f:24:07:f2:
                    3b:ec:95:73:70:69:3b:98:e7:06:b3:75:f8:4d:cd:
                    b8:08:0b:81:e4:37:e0:3d:1c:0d:24:05:14:f6:fe:
                    18:f7:7e:bd:e1:59:a6:15:10:0e:87:37:11:a7:ea:
                    43:53:30:06:fc:57:1a:d2:35:64:5d:a9:93:70:13:
                    98:f2:90:06:47:80:03:70:50:d1:e1:e6:1f:f9:ac:
                    ba:94:d4:07:35:cc:88:eb:ce:23:98:38:eb:97:4e:
                    b2:cb:05:0b:df:1f:08:71:1e:31:47:ce:66:e4:32:
                    92:51:56:36:7e:0c:1a:19:c4:b9:67:a7:a3:da:23:
                    ff:93:f8:0e:00:d3:80:7f:90:31:b0:e7:2a:2e:39:
                    e6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AF:82:E6:2F:7A:E4:3E:1C:A3:35:84:FA:84:C6:4C:41:8D:ED:F9
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jq-C5i965D4cozWE-oTGTEGN7fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.160.0/21
                  31.57.202.0/23
                  31.59.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:79:f3:0c:64:f4:06:13:61:84:09:4f:e1:fe:fa:e5:f3:d1:
         16:4b:a4:fa:9e:18:61:9e:ca:57:b1:95:d8:44:55:97:47:79:
         1a:85:75:34:bc:87:e5:bf:05:f0:3a:70:85:ab:1a:9c:0d:20:
         64:8c:8d:54:75:7c:a7:5c:4c:5c:0e:f3:73:d5:5e:7a:6e:88:
         3c:d6:a6:7b:65:54:44:f2:df:3b:6c:8d:82:bc:8f:5c:d9:2d:
         cc:29:ce:db:14:72:e2:89:1a:e6:13:a7:d9:47:9d:6f:ac:61:
         dd:a5:35:64:81:3e:c5:48:d4:e3:5b:e2:cf:82:d2:cf:29:d0:
         bf:3d:f9:8b:5b:22:79:72:04:8c:64:13:f4:98:5f:b1:bd:ef:
         16:bc:c3:41:d3:be:f6:11:63:bd:9d:8b:26:6c:3d:81:c9:27:
         76:72:85:91:d6:87:7b:5b:bf:cd:b4:22:7a:2b:2f:47:89:3b:
         e7:f5:2b:28:30:3d:5c:98:64:b0:2e:98:84:c3:c9:3f:48:b2:
         9d:27:c1:09:d7:23:15:8d:57:b2:69:e3:7b:f5:03:b5:d8:a9:
         aa:c3:d5:d8:3f:30:b3:c0:98:73:9e:f0:94:77:a2:ad:60:94:
         c5:3b:be:2e:bd:dc:d8:8f:67:d3:04:70:0b:48:12:c2:c9:0d:
         57:46:b8:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRwwVkIqMDsJFlrNZHLDApTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTE2MjAxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWFmODJlNjJmN2FlNDNlMWNhMzM1ODRmYTg0YzY0YzQxOGRlZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutUozBiMavJUW9TSuydkYWLeNF1C
k5eKEDgjdUk99Fte0zWmtbmhdQbdO0NUbvflsZlgfJrgZCAdPAeEiGXD7hPMUjOf
jM9bXR7nxxqHjo5CZ43i96FGg9NxdhGo/W7TpqguccsjN6DPAe7rM+yLkXkZgg8k
B/I77JVzcGk7mOcGs3X4Tc24CAuB5DfgPRwNJAUU9v4Y93694VmmFRAOhzcRp+pD
UzAG/Fca0jVkXamTcBOY8pAGR4ADcFDR4eYf+ay6lNQHNcyI684jmDjrl06yywUL
3x8IcR4xR85m5DKSUVY2fgwaGcS5Z6ej2iP/k/gOANOAf5AxsOcqLjnmBQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI6vguYveuQ+HKM1hPqExkxBje35MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvanEtQzVpOTY1RDRjb3pXRS1vVEdURUdON2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDHzigAwQB
HznKAwQCHzt0MA0GCSqGSIb3DQEBCwUAA4IBAQC/efMMZPQGE2GECU/h/vrl89EW
S6T6nhhhnspXsZXYRFWXR3kahXU0vIflvwXwOnCFqxqcDSBkjI1UdXynXExcDvNz
1V56bog81qZ7ZVRE8t87bI2CvI9c2S3MKc7bFHLiiRrmE6fZR51vrGHdpTVkgT7F
SNTjW+LPgtLPKdC/PfmLWyJ5cgSMZBP0mF+xve8WvMNB0772EWO9nYsmbD2BySd2
coWR1od7W7/NtCJ6Ky9HiTvn9SsoMD1cmGSwLpiEw8k/SLKdJ8EJ1yMVjVeyaeN7
9QO12Kmqw9XYPzCzwJhznvCUd6KtYJTFO74uvdzYj2fTBHALSBLCyQ1XRrg3
-----END CERTIFICATE-----