Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kA5Pb8HpIu0Y8QKA5dbvGUGQnjw.roa
File:                     kA5Pb8HpIu0Y8QKA5dbvGUGQnjw.roa (raw, json)
Hash identifier:          YhoYy+pdpE8Jmuq08DT3hMUaan1oAVdsre5OHHNmz68=
Subject key identifier:   90:0E:4F:6F:C1:E9:22:ED:18:F1:02:80:E5:D6:EF:19:41:90:9E:3C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019305A7C6F16106D7969483202BE512A57F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kA5Pb8HpIu0Y8QKA5dbvGUGQnjw.roa
Signing time:             Thu 07 Nov 2024 08:05:01 +0000
ROA not before:           Thu 07 Nov 2024 08:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9232
IP address blocks:        31.59.109.0/24 maxlen: 24
                          31.59.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:a7:c6:f1:61:06:d7:96:94:83:20:2b:e5:12:a5:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  7 08:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=900e4f6fc1e922ed18f10280e5d6ef1941909e3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ec:a2:1e:2e:17:a5:5a:99:6d:37:46:6b:81:
                    e0:57:e9:0d:6f:fd:00:99:41:59:d8:2e:3f:86:54:
                    97:17:02:6a:8c:6d:9b:d3:a5:8d:8f:f5:9d:ea:b7:
                    76:31:ad:89:fb:6f:6a:49:24:b8:6c:cf:81:46:3e:
                    09:60:c5:93:dd:f7:ec:7a:73:32:ae:24:11:84:27:
                    80:5b:62:54:f3:1a:a8:7e:94:47:26:29:42:db:e6:
                    fb:31:b0:c9:b8:b5:01:e4:7d:05:34:7e:07:d5:bc:
                    4a:19:c7:d7:56:91:7f:cf:5b:89:c0:d2:39:1e:84:
                    6a:21:93:2e:57:00:af:17:16:aa:f1:c9:43:5b:ea:
                    a3:cb:d2:e5:92:d1:d1:cd:a7:27:bb:1a:7a:ba:22:
                    86:66:cc:c5:2e:88:19:57:ce:ac:56:64:33:b1:ef:
                    5e:87:96:21:c4:00:19:41:c5:c6:a9:a6:c7:6c:ea:
                    e1:34:af:c4:90:9a:82:f4:76:f3:d9:95:97:99:17:
                    e2:b3:6d:49:d9:4a:9d:b8:c8:cb:98:4f:a9:d7:4a:
                    b1:00:24:9c:e5:7a:bb:34:f8:ee:08:53:17:5a:3f:
                    70:bd:2c:f9:ca:22:34:75:45:e5:b6:9b:67:7d:04:
                    82:69:d0:94:0d:42:61:c3:0e:26:71:2e:29:55:6e:
                    91:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:0E:4F:6F:C1:E9:22:ED:18:F1:02:80:E5:D6:EF:19:41:90:9E:3C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/kA5Pb8HpIu0Y8QKA5dbvGUGQnjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.109.0-31.59.110.255

    Signature Algorithm: sha256WithRSAEncryption
         11:8d:1b:84:cf:3d:dd:b3:63:25:53:80:4c:8b:fd:1f:97:c2:
         a3:d0:32:88:6b:ce:68:80:cf:ca:e7:36:84:2b:fc:6e:b8:9c:
         3f:4d:45:30:52:18:40:a3:75:ec:cd:65:2f:c2:c1:9c:11:52:
         3c:4a:78:0c:c7:40:a7:ff:ff:8d:d8:3e:ab:f6:77:e4:30:35:
         8e:f6:98:89:b0:01:cd:74:09:36:09:c9:c7:3e:15:08:5f:8c:
         46:c7:92:b2:1a:4c:f6:e1:54:52:91:dd:36:bf:13:c9:4d:6e:
         d4:70:7d:bc:44:a6:cf:d4:8d:60:49:65:07:2b:53:ce:87:51:
         b1:f0:71:00:b8:22:6b:50:15:ae:fb:62:26:c9:b3:bb:26:4c:
         75:d5:cf:dc:f4:d8:0b:12:20:ce:f4:64:07:8b:2c:8a:74:0b:
         a0:69:40:3a:ff:4b:2f:e5:48:3c:b6:86:06:4a:a8:a3:86:74:
         a7:2d:c8:74:06:5f:0e:47:fd:b2:e9:91:34:04:58:2e:f6:d0:
         e8:6b:cc:25:24:47:e5:c3:ae:79:43:7e:d3:91:79:76:4f:4f:
         bf:2e:b6:60:3e:04:2d:81:f0:48:ba:fb:82:b8:08:00:09:5a:
         06:18:b7:45:8d:a9:9b:4b:59:0b:fa:05:3a:24:31:93:72:23:
         a4:02:b6:41
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZMFp8bxYQbXlpSDICvlEqV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA3MDgwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDBlNGY2ZmMxZTkyMmVkMThmMTAyODBlNWQ2ZWYxOTQxOTA5ZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+yiHi4XpVqZbTdGa4HgV+kNb/0A
mUFZ2C4/hlSXFwJqjG2b06WNj/Wd6rd2Ma2J+29qSSS4bM+BRj4JYMWT3ffsenMy
riQRhCeAW2JU8xqofpRHJilC2+b7MbDJuLUB5H0FNH4H1bxKGcfXVpF/z1uJwNI5
HoRqIZMuVwCvFxaq8clDW+qjy9LlktHRzacnuxp6uiKGZszFLogZV86sVmQzse9e
h5YhxAAZQcXGqabHbOrhNK/EkJqC9Hbz2ZWXmRfis21J2UqduMjLmE+p10qxACSc
5Xq7NPjuCFMXWj9wvSz5yiI0dUXltptnfQSCadCUDUJhww4mcS4pVW6R6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJAOT2/B6SLtGPECgOXW7xlBkJ48MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEva0E1UGI4SHBJdTBZOFFLQTVkYnZHVUdRbmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfO20D
BAAfO24wDQYJKoZIhvcNAQELBQADggEBABGNG4TPPd2zYyVTgEyL/R+XwqPQMohr
zmiAz8rnNoQr/G64nD9NRTBSGECjdezNZS/CwZwRUjxKeAzHQKf//43YPqv2d+Qw
NY72mImwAc10CTYJycc+FQhfjEbHkrIaTPbhVFKR3Ta/E8lNbtRwfbxEps/UjWBJ
ZQcrU86HUbHwcQC4ImtQFa77YibJs7smTHXVz9z02AsSIM70ZAeLLIp0C6BpQDr/
Sy/lSDy2hgZKqKOGdKctyHQGXw5H/bLpkTQEWC720OhrzCUkR+XDrnlDftOReXZP
T78utmA+BC2B8Ei6+4K4CAAJWgYYt0WNqZtLWQv6BTokMZNyI6QCtkE=
-----END CERTIFICATE-----