Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lXQ6xDjvzcs0cvHAph68pMmcGEQ.roa
File:                     lXQ6xDjvzcs0cvHAph68pMmcGEQ.roa (raw, json)
Hash identifier:          NpE96dQlERzctKu2YOJnB+zYI0jS/z8/gT+LfRnGUFY=
Subject key identifier:   95:74:3A:C4:38:EF:CD:CB:34:72:F1:C0:A6:1E:BC:A4:C9:9C:18:44
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428233144F6246E59D89CBB4B49E90016
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lXQ6xDjvzcs0cvHAph68pMmcGEQ.roa
Signing time:             Thu 02 Jan 2025 17:49:42 +0000
ROA not before:           Thu 02 Jan 2025 17:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        31.58.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:31:44:f6:24:6e:59:d8:9c:bb:4b:49:e9:00:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95743ac438efcdcb3472f1c0a61ebca4c99c1844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b0:c0:b1:22:63:0d:e5:74:7c:31:20:78:86:
                    30:f6:9a:ae:f5:95:82:2f:45:6d:da:88:92:61:6f:
                    cc:d2:9d:e5:d1:7f:d6:d0:e2:19:2b:0b:e2:8c:3f:
                    46:cc:27:2e:c4:07:4e:1e:16:ed:5d:8f:32:45:2d:
                    f4:7f:79:ea:f8:1c:44:7c:ce:18:55:5f:c4:c7:24:
                    56:f2:58:90:cb:be:d7:27:c1:b7:60:1b:55:b4:6e:
                    a3:b1:45:54:32:81:0c:f5:17:72:53:d6:9f:cd:54:
                    39:b9:f2:f4:dc:65:7e:b8:3a:27:dc:28:4c:16:68:
                    54:33:89:17:91:01:60:fb:06:1d:08:e5:d2:9c:17:
                    f8:c8:76:dc:8c:07:c8:27:87:de:72:d7:16:b4:27:
                    be:04:54:cd:6d:c0:09:41:d7:58:e7:f1:9b:74:26:
                    c2:82:fa:69:11:5b:47:f6:d9:d8:24:53:b9:31:80:
                    bb:c0:1c:7c:43:0b:10:00:66:7d:e0:b8:b9:aa:1e:
                    21:59:81:fa:a2:18:fa:f4:02:ca:37:93:6e:90:6d:
                    37:c7:be:b7:0c:59:29:b9:ca:de:bd:4d:5e:aa:3a:
                    f8:0d:44:0c:eb:6d:7c:be:22:59:2d:fb:f8:8a:e5:
                    71:3e:42:46:08:f0:31:35:8e:b1:03:89:a7:0e:0c:
                    d0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:74:3A:C4:38:EF:CD:CB:34:72:F1:C0:A6:1E:BC:A4:C9:9C:18:44
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lXQ6xDjvzcs0cvHAph68pMmcGEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:5e:1c:3e:f6:9e:6f:20:6d:e9:14:73:6a:45:de:e6:d8:ce:
         bf:47:66:10:b6:5a:c7:3d:3c:8e:35:41:7b:f9:3d:1c:88:e4:
         20:c3:3d:d6:8b:f0:5a:be:a7:6b:7a:eb:4b:8d:62:82:d0:2a:
         de:37:b7:ae:64:ca:6a:1a:73:27:57:30:27:48:9d:04:9b:92:
         8f:ad:0b:54:4a:cc:80:dd:d8:da:d4:80:63:3d:e9:d1:7c:2d:
         90:cc:a6:54:95:eb:1d:62:2c:c7:d5:ce:95:02:ee:e1:b2:07:
         51:29:84:bf:b7:13:35:c4:11:17:1e:09:cf:13:c1:d3:ac:c0:
         d3:b9:29:f0:4e:21:36:32:63:f6:e1:c9:f5:84:9c:59:36:10:
         68:ce:c7:95:7d:4c:2c:9f:de:a8:a3:f6:72:71:28:a0:8b:6b:
         a8:ec:62:cb:2d:a8:aa:36:ce:af:45:f9:6d:50:aa:a1:55:7a:
         18:29:d6:0b:7b:07:5c:32:4a:b2:5f:18:81:26:c1:fe:34:fe:
         c9:ac:0b:fe:53:38:0c:f5:06:3f:e0:c0:7a:ae:9d:30:66:48:
         71:4e:e6:88:41:fe:f5:b0:95:66:37:14:7a:8c:5b:53:45:e4:
         6c:c8:12:ca:dd:ee:a4:f3:b6:70:a4:62:80:54:e2:2b:87:25:
         d7:fa:d5:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzFE9iRuWdicu0tJ6QAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTc0M2FjNDM4ZWZjZGNiMzQ3MmYxYzBhNjFlYmNhNGM5OWMxODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLDAsSJjDeV0fDEgeIYw9pqu9ZWC
L0Vt2oiSYW/M0p3l0X/W0OIZKwvijD9GzCcuxAdOHhbtXY8yRS30f3nq+BxEfM4Y
VV/ExyRW8liQy77XJ8G3YBtVtG6jsUVUMoEM9RdyU9afzVQ5ufL03GV+uDon3ChM
FmhUM4kXkQFg+wYdCOXSnBf4yHbcjAfIJ4fectcWtCe+BFTNbcAJQddY5/GbdCbC
gvppEVtH9tnYJFO5MYC7wBx8QwsQAGZ94Li5qh4hWYH6ohj69ALKN5NukG03x763
DFkpucrevU1eqjr4DUQM6218viJZLfv4iuVxPkJGCPAxNY6xA4mnDgzQEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJV0OsQ4783LNHLxwKYevKTJnBhEMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbFhRNnhEanZ6Y3MwY3ZIQXBoNjhwTW1jR0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqCMA0G
CSqGSIb3DQEBCwUAA4IBAQBlXhw+9p5vIG3pFHNqRd7m2M6/R2YQtlrHPTyONUF7
+T0ciOQgwz3Wi/BavqdreutLjWKC0CreN7euZMpqGnMnVzAnSJ0Em5KPrQtUSsyA
3dja1IBjPenRfC2QzKZUlesdYizH1c6VAu7hsgdRKYS/txM1xBEXHgnPE8HTrMDT
uSnwTiE2MmP24cn1hJxZNhBozseVfUwsn96oo/ZycSigi2uo7GLLLaiqNs6vRflt
UKqhVXoYKdYLewdcMkqyXxiBJsH+NP7JrAv+UzgM9QY/4MB6rp0wZkhxTuaIQf71
sJVmNxR6jFtTReRsyBLK3e6k87ZwpGKAVOIrhyXX+tXi
-----END CERTIFICATE-----