Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mJ7Hrsy_gC4rlodu8T1R-2ue1RQ.roa
File:                     mJ7Hrsy_gC4rlodu8T1R-2ue1RQ.roa (raw, json)
Hash identifier:          4xqJGd5bNKhxeTottT05K3bzfTSlN25UzHh9RW2F89I=
Subject key identifier:   98:9E:C7:AE:CC:BF:80:2E:2B:96:87:6E:F1:3D:51:FB:6B:9E:D5:14
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192564B9DB2DE97A5144C51EE955D10054F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mJ7Hrsy_gC4rlodu8T1R-2ue1RQ.roa
Signing time:             Fri 04 Oct 2024 06:50:48 +0000
ROA not before:           Fri 04 Oct 2024 06:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215362
IP address blocks:        31.56.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:4b:9d:b2:de:97:a5:14:4c:51:ee:95:5d:10:05:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  4 06:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=989ec7aeccbf802e2b96876ef13d51fb6b9ed514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3d:44:51:02:70:ce:92:d2:11:15:16:0c:5d:
                    c3:5e:1d:2c:6e:4c:4a:b8:10:86:80:17:c5:f4:ad:
                    4f:eb:49:69:e2:78:f1:da:72:0c:a5:fe:51:27:d3:
                    74:d4:48:b9:d0:3b:2e:17:8c:73:09:7a:ec:7c:ae:
                    65:0e:22:1a:9d:d5:45:05:34:a7:35:55:a9:d7:75:
                    40:8a:ee:c3:2b:f9:86:5d:4d:fb:4e:d8:7f:e2:89:
                    50:43:5c:2e:60:72:7f:cc:1a:2d:72:68:bb:a9:42:
                    d8:16:f9:e3:96:27:34:32:f7:35:6c:81:d8:b1:a7:
                    0e:7c:15:6a:e2:3e:c9:ac:0d:6a:0a:87:91:bd:b7:
                    12:89:86:34:20:50:98:6d:ac:b9:b3:13:22:24:86:
                    85:0a:77:18:62:7b:60:8c:d8:48:68:4f:ae:df:6a:
                    99:f3:fe:8f:bf:26:0d:61:21:7d:de:ee:62:dc:be:
                    f0:78:e2:61:30:0c:f9:bf:9f:79:1e:7d:e5:c0:d4:
                    ff:1b:5b:af:bf:71:f9:1a:d4:13:c1:32:f2:f3:63:
                    f6:fa:93:8c:2e:85:a6:96:b5:87:91:83:d7:d5:13:
                    99:a3:96:df:1c:b2:72:fd:10:36:41:fd:57:c7:19:
                    29:a8:55:ba:7d:1d:32:08:04:57:8e:e1:db:2e:25:
                    df:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:9E:C7:AE:CC:BF:80:2E:2B:96:87:6E:F1:3D:51:FB:6B:9E:D5:14
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mJ7Hrsy_gC4rlodu8T1R-2ue1RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:91:a0:15:82:af:9a:c6:e1:87:dd:15:3b:eb:01:79:80:89:
         13:9d:05:f5:2a:70:fe:34:58:02:88:ab:7d:1b:fc:d5:22:df:
         73:de:e8:72:d5:aa:0a:ea:fe:39:c6:71:a8:4f:19:dd:86:7b:
         0f:f2:8a:03:59:07:cb:58:38:2b:05:0d:0c:c7:a0:ed:91:66:
         67:ae:92:5b:f5:f2:97:c8:aa:34:21:27:4f:29:1e:95:a6:da:
         43:57:cb:89:c5:8a:fe:9f:d0:7a:5b:19:31:b3:31:3b:e2:23:
         03:ae:f1:49:b9:88:a0:89:c7:7c:ed:b7:bf:92:c2:6e:84:21:
         2d:94:6b:e9:78:a9:9b:95:a7:25:8e:19:9a:f2:a1:44:5f:a0:
         c6:d4:65:fa:4d:32:85:dc:4c:f3:28:be:a8:26:39:1c:6b:71:
         49:49:35:7e:83:a5:0c:b1:7b:06:88:45:de:1f:94:01:65:3c:
         dc:98:55:56:2f:8d:ff:48:80:f8:29:1e:15:fd:7c:ad:1a:89:
         02:8c:cd:7f:12:52:56:97:5c:06:a3:d9:70:50:11:a6:9c:af:
         37:9e:1c:32:49:0d:bd:71:fc:1e:e7:c8:e3:5d:67:7c:a1:64:
         1f:5e:e2:d0:06:4a:69:17:18:79:f9:1a:84:69:e3:24:49:c3:
         c9:3a:0f:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJWS52y3pelFExR7pVdEAVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDA0MDY1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODllYzdhZWNjYmY4MDJlMmI5Njg3NmVmMTNkNTFmYjZiOWVkNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j1EUQJwzpLSERUWDF3DXh0sbkxK
uBCGgBfF9K1P60lp4njx2nIMpf5RJ9N01Ei50DsuF4xzCXrsfK5lDiIandVFBTSn
NVWp13VAiu7DK/mGXU37Tth/4olQQ1wuYHJ/zBotcmi7qULYFvnjlic0Mvc1bIHY
sacOfBVq4j7JrA1qCoeRvbcSiYY0IFCYbay5sxMiJIaFCncYYntgjNhIaE+u32qZ
8/6PvyYNYSF93u5i3L7weOJhMAz5v595Hn3lwNT/G1uvv3H5GtQTwTLy82P2+pOM
LoWmlrWHkYPX1ROZo5bfHLJy/RA2Qf1XxxkpqFW6fR0yCARXjuHbLiXfIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiex67Mv4AuK5aHbvE9UftrntUUMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbUo3SHJzeV9nQzRybG9kdThUMVItMnVlMVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHziSMA0G
CSqGSIb3DQEBCwUAA4IBAQAZkaAVgq+axuGH3RU76wF5gIkTnQX1KnD+NFgCiKt9
G/zVIt9z3uhy1aoK6v45xnGoTxndhnsP8ooDWQfLWDgrBQ0Mx6DtkWZnrpJb9fKX
yKo0ISdPKR6VptpDV8uJxYr+n9B6WxkxszE74iMDrvFJuYigicd87be/ksJuhCEt
lGvpeKmblacljhma8qFEX6DG1GX6TTKF3EzzKL6oJjkca3FJSTV+g6UMsXsGiEXe
H5QBZTzcmFVWL43/SID4KR4V/XytGokCjM1/ElJWl1wGo9lwUBGmnK83nhwySQ29
cfwe58jjXWd8oWQfXuLQBkppFxh5+RqEaeMkScPJOg/a
-----END CERTIFICATE-----