Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lHgL9zIOmk3gpqdQ5s-o8o4M5EY.roa
File:                     lHgL9zIOmk3gpqdQ5s-o8o4M5EY.roa (raw, json)
Hash identifier:          SatQuRPXYoI8DaenbkiY8arg3G4j1TmexscOpHF7trc=
Subject key identifier:   94:78:0B:F7:32:0E:9A:4D:E0:A6:A7:50:E6:CF:A8:F2:8E:0C:E4:46
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01970233233FFCB74DD61E32AE29FB30A321
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lHgL9zIOmk3gpqdQ5s-o8o4M5EY.roa
Signing time:             Sat 24 May 2025 12:09:55 +0000
ROA not before:           Sat 24 May 2025 12:09:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        31.57.190.0/24 maxlen: 24
                          31.58.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:02:33:23:3f:fc:b7:4d:d6:1e:32:ae:29:fb:30:a3:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 24 12:09:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94780bf7320e9a4de0a6a750e6cfa8f28e0ce446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8e:a9:a0:2f:69:7a:8b:dc:a5:76:ce:84:be:
                    4b:c8:c6:b6:71:c0:e2:44:9b:b5:2f:8d:23:bc:2e:
                    29:d7:5f:a1:96:dd:b7:ab:8f:e3:98:fa:17:99:b1:
                    93:fd:d2:d8:57:c6:80:77:0e:c2:e8:91:89:56:ce:
                    e2:43:4c:76:2a:12:c5:28:07:26:c8:47:1b:ae:55:
                    cd:bc:d6:c1:1c:09:49:27:6a:e2:08:4d:67:cb:6e:
                    26:2f:aa:f5:fc:a3:98:e5:53:10:17:e2:22:7b:66:
                    3b:a0:2f:7e:59:b0:75:f3:70:3d:11:d1:32:75:a0:
                    95:13:6e:01:d6:30:99:ff:45:cb:ee:71:f0:5c:d9:
                    05:4a:d9:f0:44:94:a0:49:b9:10:99:00:d1:4f:de:
                    0b:88:ab:9c:ad:89:57:29:b6:b4:de:98:fa:40:c6:
                    cf:a9:af:ea:58:1b:df:28:5f:e6:ee:e0:55:4f:1b:
                    bc:0f:d9:bc:85:5a:5d:3f:42:84:d8:fe:04:ac:f2:
                    70:a1:13:35:8e:46:61:a8:c4:b7:58:82:5b:84:da:
                    36:68:e5:46:93:c7:e6:a5:0b:1e:91:df:2e:b6:d2:
                    ba:e2:d0:7c:e1:7a:e1:0b:46:ab:e4:f7:fe:91:f1:
                    ac:56:a0:01:c1:fd:e2:a7:1c:bf:63:f6:4a:24:4c:
                    14:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:78:0B:F7:32:0E:9A:4D:E0:A6:A7:50:E6:CF:A8:F2:8E:0C:E4:46
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lHgL9zIOmk3gpqdQ5s-o8o4M5EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.190.0/24
                  31.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:73:f2:a9:b9:fc:6a:b6:78:27:ea:16:6d:c7:5c:22:e6:89:
         72:25:a5:57:33:fd:68:d2:13:d9:da:c1:2f:33:b2:21:80:e0:
         08:c4:7d:b9:89:29:52:8f:38:d7:5e:63:71:eb:2b:b9:a1:59:
         15:8b:51:44:bd:33:9a:47:b0:9c:44:c1:ea:e9:d0:8d:71:9e:
         b8:e4:93:21:8e:59:af:17:99:5c:7a:54:ee:9b:1d:52:04:a5:
         7a:08:67:8f:69:7c:82:bc:c6:0c:1b:e5:93:42:82:bc:ed:37:
         34:21:71:ff:c9:60:a8:d3:dd:4f:77:de:02:33:a5:32:c3:85:
         7c:df:17:ee:30:cb:30:f8:77:12:1b:07:55:8d:6a:90:29:88:
         8f:a9:29:d8:b0:83:e3:24:4d:55:ca:0d:7d:ce:8a:3f:1b:1e:
         b7:17:58:fc:5f:94:da:f7:d8:09:82:b9:90:5d:93:f4:d8:89:
         e3:4a:8b:fe:7b:f7:bb:db:a5:40:6f:7b:95:ce:a2:45:1b:ff:
         d0:19:06:3a:33:ca:28:1e:ac:d9:91:e5:37:a3:72:f8:c1:0d:
         52:3f:dd:79:d3:27:b6:e2:64:fd:74:a7:94:fe:e2:3e:53:be:
         3e:4d:7d:6b:da:93:1c:2a:b3:f0:5b:77:89:55:a2:35:dc:00:
         02:1f:3a:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcCMyM//LdN1h4yrin7MKMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTI0MTIwOTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc4MGJmNzMyMGU5YTRkZTBhNmE3NTBlNmNmYThmMjhlMGNlNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY6poC9peovcpXbOhL5LyMa2ccDi
RJu1L40jvC4p11+hlt23q4/jmPoXmbGT/dLYV8aAdw7C6JGJVs7iQ0x2KhLFKAcm
yEcbrlXNvNbBHAlJJ2riCE1ny24mL6r1/KOY5VMQF+Iie2Y7oC9+WbB183A9EdEy
daCVE24B1jCZ/0XL7nHwXNkFStnwRJSgSbkQmQDRT94LiKucrYlXKba03pj6QMbP
qa/qWBvfKF/m7uBVTxu8D9m8hVpdP0KE2P4ErPJwoRM1jkZhqMS3WIJbhNo2aOVG
k8fmpQsekd8uttK64tB84XrhC0ar5Pf+kfGsVqABwf3ipxy/Y/ZKJEwUFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJR4C/cyDppN4KanUObPqPKODORGMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbEhnTDl6SU9tazNncHFkUTVzLW84bzRNNUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzm+AwQA
HzqQMA0GCSqGSIb3DQEBCwUAA4IBAQAGc/Kpufxqtngn6hZtx1wi5olyJaVXM/1o
0hPZ2sEvM7IhgOAIxH25iSlSjzjXXmNx6yu5oVkVi1FEvTOaR7CcRMHq6dCNcZ64
5JMhjlmvF5lcelTumx1SBKV6CGePaXyCvMYMG+WTQoK87Tc0IXH/yWCo091Pd94C
M6Uyw4V83xfuMMsw+HcSGwdVjWqQKYiPqSnYsIPjJE1Vyg19zoo/Gx63F1j8X5Ta
99gJgrmQXZP02InjSov+e/e726VAb3uVzqJFG//QGQY6M8ooHqzZkeU3o3L4wQ1S
P9150ye24mT9dKeU/uI+U74+TX1r2pMcKrPwW3eJVaI13AACHzr0
-----END CERTIFICATE-----