Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/n7st0XlWm-UGw5tCcSCpKVo1q1Q.roa
File:                     n7st0XlWm-UGw5tCcSCpKVo1q1Q.roa (raw, json)
Hash identifier:          5THJ5CGXnBxYcSynW+BTuvsWOt2uK6/B+naoje26I70=
Subject key identifier:   9F:BB:2D:D1:79:56:9B:E5:06:C3:9B:42:71:20:A9:29:5A:35:AB:54
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019437882FBC27B4E8563B170E086EBC5CDE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/n7st0XlWm-UGw5tCcSCpKVo1q1Q.roa
Signing time:             Sun 05 Jan 2025 17:34:19 +0000
ROA not before:           Sun 05 Jan 2025 17:34:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213899
IP address blocks:        31.57.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:37:88:2f:bc:27:b4:e8:56:3b:17:0e:08:6e:bc:5c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  5 17:34:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fbb2dd179569be506c39b427120a9295a35ab54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8b:40:70:99:54:ee:1e:a0:1b:ba:29:24:61:
                    98:ed:55:c0:e2:a2:6b:38:31:8a:34:25:28:f7:04:
                    3d:ac:be:1b:41:70:1c:eb:75:59:88:eb:73:cf:fe:
                    e6:8d:3a:ec:ce:15:b2:ea:8c:b4:30:10:03:35:b5:
                    c6:fe:67:04:ea:88:04:80:e8:b0:ec:b0:6c:4e:4f:
                    10:69:13:06:11:3a:e9:27:5e:5b:b9:79:b7:6b:5f:
                    fc:df:f2:1c:65:55:a8:e3:06:69:69:db:10:77:c1:
                    bb:b3:a9:8a:25:6b:0c:ef:0a:c0:70:cf:63:ac:5d:
                    f7:32:09:d3:78:98:ca:af:bc:ad:8f:6e:99:dd:39:
                    ae:23:e6:5b:84:c4:39:08:ec:bc:44:69:95:1b:42:
                    9a:06:78:2d:de:af:51:dd:80:71:f6:0f:3e:95:d4:
                    4d:4b:0b:6e:1f:4f:d1:a1:a1:22:c8:0f:0c:92:51:
                    5c:6d:ff:a3:44:12:d6:de:9e:e9:d3:fc:59:d2:1c:
                    9f:85:62:b6:67:72:25:86:ff:50:31:c3:e6:b6:6a:
                    03:1c:4d:fd:ac:54:2b:5b:96:1c:55:ef:55:84:99:
                    a4:ee:04:26:43:46:10:ee:2a:4c:5f:0d:ef:7e:87:
                    38:89:25:6b:b1:59:78:f6:92:bf:a9:fc:ba:3a:5f:
                    c2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BB:2D:D1:79:56:9B:E5:06:C3:9B:42:71:20:A9:29:5A:35:AB:54
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/n7st0XlWm-UGw5tCcSCpKVo1q1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:8e:4f:42:e9:ca:b9:7d:54:fe:79:d2:50:22:01:97:9e:2d:
         e6:99:61:56:98:2f:15:23:85:8d:3f:11:8f:10:9a:57:7a:32:
         8b:ae:5b:67:16:6f:8e:96:4c:79:fc:4a:f9:20:20:8f:7d:16:
         9a:85:11:20:ee:16:a8:92:2a:aa:5f:7c:0e:1c:83:f0:6c:9c:
         94:13:f1:55:25:04:57:19:8b:4d:2f:25:7e:0a:05:69:a1:37:
         33:f8:79:92:ca:83:5f:8a:06:02:a9:01:35:56:36:ef:66:e5:
         27:db:78:63:f1:5d:5e:80:67:b2:d4:5f:6e:ec:46:a6:fa:5a:
         30:ad:fb:07:00:fd:8f:b7:8b:c4:dd:0f:d0:95:e9:b5:8e:cd:
         25:25:e9:60:de:b3:ff:ee:43:72:8a:6e:4a:78:3d:37:ea:cd:
         df:fe:40:1b:30:06:64:25:87:71:c5:c1:a2:c8:82:7a:88:b2:
         56:4a:06:4b:94:0e:5f:3f:32:43:89:aa:10:45:09:8d:8c:9a:
         35:8e:e1:e0:1e:61:82:a9:d3:15:8f:96:65:d3:93:52:4e:21:
         68:37:ad:cb:3b:4a:94:18:64:94:ef:53:cd:c4:f2:81:3f:da:
         78:c0:3b:94:af:c9:b3:27:67:07:81:29:7a:e8:8f:cc:7c:6e:
         f2:5f:a6:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ3iC+8J7ToVjsXDghuvFzeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTA1MTczNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJiMmRkMTc5NTY5YmU1MDZjMzliNDI3MTIwYTkyOTVhMzVhYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34tAcJlU7h6gG7opJGGY7VXA4qJr
ODGKNCUo9wQ9rL4bQXAc63VZiOtzz/7mjTrszhWy6oy0MBADNbXG/mcE6ogEgOiw
7LBsTk8QaRMGETrpJ15buXm3a1/83/IcZVWo4wZpadsQd8G7s6mKJWsM7wrAcM9j
rF33MgnTeJjKr7ytj26Z3TmuI+ZbhMQ5COy8RGmVG0KaBngt3q9R3YBx9g8+ldRN
SwtuH0/RoaEiyA8MklFcbf+jRBLW3p7p0/xZ0hyfhWK2Z3Ilhv9QMcPmtmoDHE39
rFQrW5YcVe9VhJmk7gQmQ0YQ7ipMXw3vfoc4iSVrsVl49pK/qfy6Ol/CVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+7LdF5VpvlBsObQnEgqSlaNatUMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbjdzdDBYbFdtLVVHdzV0Q2NTQ3BLVm8xcTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznwMA0G
CSqGSIb3DQEBCwUAA4IBAQBvjk9C6cq5fVT+edJQIgGXni3mmWFWmC8VI4WNPxGP
EJpXejKLrltnFm+Olkx5/Er5ICCPfRaahREg7haokiqqX3wOHIPwbJyUE/FVJQRX
GYtNLyV+CgVpoTcz+HmSyoNfigYCqQE1VjbvZuUn23hj8V1egGey1F9u7Eam+low
rfsHAP2Pt4vE3Q/Qlem1js0lJelg3rP/7kNyim5KeD036s3f/kAbMAZkJYdxxcGi
yIJ6iLJWSgZLlA5fPzJDiaoQRQmNjJo1juHgHmGCqdMVj5Zl05NSTiFoN63LO0qU
GGSU71PNxPKBP9p4wDuUr8mzJ2cHgSl66I/MfG7yX6Y0
-----END CERTIFICATE-----