Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mZxBUkmd3EO17dDHSTonoAffOVo.roa
File:                     mZxBUkmd3EO17dDHSTonoAffOVo.roa (raw, json)
Hash identifier:          pZmUS2vxlBbjrWXx1QKB7Amzj8WWhf9RgTM8SjsOKnM=
Subject key identifier:   99:9C:41:52:49:9D:DC:43:B5:ED:D0:C7:49:3A:27:A0:07:DF:39:5A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01930D06AD4CC443562F549069ACAFAB8DFA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mZxBUkmd3EO17dDHSTonoAffOVo.roa
Signing time:             Fri 08 Nov 2024 18:26:01 +0000
ROA not before:           Fri 08 Nov 2024 18:26:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214279
IP address blocks:        31.57.240.0/22 maxlen: 24
                          31.57.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:23:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0d:06:ad:4c:c4:43:56:2f:54:90:69:ac:af:ab:8d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  8 18:26:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=999c4152499ddc43b5edd0c7493a27a007df395a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6b:06:c2:ef:9a:dc:fb:ec:b6:91:71:4a:93:
                    c7:cc:67:84:2c:e6:6e:9d:08:10:5f:cf:ab:e7:aa:
                    6b:2c:a5:c0:fe:4c:34:b5:62:b2:0a:1b:f7:2b:7d:
                    21:eb:7b:3c:e5:3e:ee:99:81:f8:39:9a:05:f2:59:
                    69:b1:6e:70:db:0f:eb:86:e5:bd:71:fb:fb:8d:61:
                    7c:fd:e4:8b:01:e0:fa:5b:67:b8:b0:b2:8f:2f:e4:
                    7c:c5:1d:66:e0:a8:ac:3b:9f:63:74:3d:cd:d3:e0:
                    16:0f:5f:67:47:31:34:6b:4b:47:53:bc:68:81:1c:
                    cd:20:21:6e:c1:30:d2:70:91:16:8d:73:3e:4f:02:
                    a9:c1:59:eb:1b:74:a8:a9:06:12:36:10:f0:fd:cf:
                    db:45:b8:e3:bc:74:bd:4f:25:eb:64:d0:dd:f9:71:
                    2c:39:77:cd:b5:78:bb:f8:86:dd:94:f2:e2:ce:1c:
                    14:c8:ec:a4:0c:d4:f8:93:d7:48:80:a3:44:ae:94:
                    44:07:2d:c4:94:78:02:61:67:79:d7:70:9f:8f:86:
                    86:33:3b:a8:89:df:24:ba:6a:5d:de:1e:de:03:be:
                    14:99:c0:d3:7e:28:3c:ff:bd:3f:49:1c:8e:af:01:
                    83:2d:99:51:9c:90:fb:62:60:50:a4:ca:6d:cf:f4:
                    d4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:9C:41:52:49:9D:DC:43:B5:ED:D0:C7:49:3A:27:A0:07:DF:39:5A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/mZxBUkmd3EO17dDHSTonoAffOVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:bc:78:39:5a:e6:56:5b:1b:1e:5e:c9:50:93:06:22:88:1a:
         13:c0:1d:ab:d9:34:b2:be:32:36:f3:aa:a5:99:03:58:45:d8:
         e6:7d:14:b4:c6:fa:32:b7:87:2d:85:28:49:7f:c4:b4:9e:10:
         c3:e2:cb:87:a4:ed:3a:9f:e0:7d:bf:9e:af:87:94:9f:ab:84:
         f3:53:ce:83:24:21:c4:bc:f1:ce:42:83:64:52:90:27:ab:e7:
         5c:46:5b:90:7b:bf:29:1b:63:76:f6:92:f1:4a:c8:9e:ea:4f:
         7c:87:5b:af:a2:a2:35:c7:09:20:04:bd:d7:32:ac:09:44:52:
         d2:3c:07:65:99:da:f9:54:db:94:45:c1:cb:8f:21:2f:86:b9:
         f4:c0:28:b8:42:9a:5b:5f:8f:07:0c:0a:9a:9e:4e:80:85:db:
         44:40:75:98:17:0b:e4:42:3b:c4:f7:a2:44:dc:00:c6:f6:11:
         dd:55:62:e9:a8:ea:0f:3b:16:a4:8c:13:51:79:ac:81:80:b2:
         20:54:0d:fb:3d:b5:b7:00:9a:13:f2:9c:74:de:ba:25:b4:87:
         14:d3:02:9e:36:79:d2:e7:04:e8:ac:01:e2:5a:5f:02:7c:3f:
         a0:d2:97:77:0d:29:0d:a9:17:1d:95:48:a0:2b:9c:72:dd:6b:
         70:1b:f1:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMNBq1MxENWL1SQaayvq436MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTA4MTgyNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTljNDE1MjQ5OWRkYzQzYjVlZGQwYzc0OTNhMjdhMDA3ZGYzOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmsGwu+a3PvstpFxSpPHzGeELOZu
nQgQX8+r56prLKXA/kw0tWKyChv3K30h63s85T7umYH4OZoF8llpsW5w2w/rhuW9
cfv7jWF8/eSLAeD6W2e4sLKPL+R8xR1m4KisO59jdD3N0+AWD19nRzE0a0tHU7xo
gRzNICFuwTDScJEWjXM+TwKpwVnrG3SoqQYSNhDw/c/bRbjjvHS9TyXrZNDd+XEs
OXfNtXi7+IbdlPLizhwUyOykDNT4k9dIgKNErpREBy3ElHgCYWd513Cfj4aGMzuo
id8kumpd3h7eA74UmcDTfig8/70/SRyOrwGDLZlRnJD7YmBQpMptz/TU3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmcQVJJndxDte3Qx0k6J6AH3zlaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbVp4QlVrbWQzRU8xN2RESFNUb25vQWZmT1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHznwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCvHg5WuZWWxseXslQkwYiiBoTwB2r2TSyvjI286ql
mQNYRdjmfRS0xvoyt4cthShJf8S0nhDD4suHpO06n+B9v56vh5Sfq4TzU86DJCHE
vPHOQoNkUpAnq+dcRluQe78pG2N29pLxSsie6k98h1uvoqI1xwkgBL3XMqwJRFLS
PAdlmdr5VNuURcHLjyEvhrn0wCi4QppbX48HDAqank6AhdtEQHWYFwvkQjvE96JE
3ADG9hHdVWLpqOoPOxakjBNReayBgLIgVA37PbW3AJoT8px03roltIcU0wKeNnnS
5wTorAHiWl8CfD+g0pd3DSkNqRcdlUigK5xy3WtwG/Hm
-----END CERTIFICATE-----