Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oOiGQg-P01zz4Ar_ANdgBsCNzyo.roa
File:                     oOiGQg-P01zz4Ar_ANdgBsCNzyo.roa (raw, json)
Hash identifier:          8AtH6FjvSQ9EaW5oH0HNUUUS21UAnzMUa5LweFg5QuA=
Subject key identifier:   A0:E8:86:42:0F:8F:D3:5C:F3:E0:0A:FF:00:D7:60:06:C0:8D:CF:2A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192BA6113DF2592CFE011B5C014DC74E4E4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oOiGQg-P01zz4Ar_ANdgBsCNzyo.roa
Signing time:             Wed 23 Oct 2024 17:16:17 +0000
ROA not before:           Wed 23 Oct 2024 17:16:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     401171
IP address blocks:        31.57.64.0/21 maxlen: 24
                          31.57.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ba:61:13:df:25:92:cf:e0:11:b5:c0:14:dc:74:e4:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 23 17:16:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0e886420f8fd35cf3e00aff00d76006c08dcf2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:84:32:d6:e3:64:bc:8a:30:ca:b9:2a:ac:e2:
                    19:97:c0:09:28:51:32:b3:04:91:12:ee:3c:d8:9e:
                    6c:f7:08:f5:3e:75:6f:b2:28:4c:dc:40:22:fb:9e:
                    1d:17:0d:a1:42:dc:4d:c4:17:5d:cc:c4:21:53:11:
                    f4:19:7d:e7:6a:1a:97:4f:5f:5e:e5:20:05:9b:cb:
                    fc:3d:27:cb:b7:3d:f4:4e:6b:8f:f2:be:ed:e9:53:
                    d8:cb:d4:05:c2:a1:01:42:b9:b8:73:02:1e:8c:02:
                    4c:ec:f3:06:c2:e7:d3:97:7f:cf:89:8d:06:9f:ac:
                    d8:47:87:43:44:df:d4:88:c5:bb:b2:37:e2:89:27:
                    9b:d5:3c:60:ca:e0:8a:e9:1b:0e:a3:19:ec:93:16:
                    a5:c8:02:34:40:be:04:ec:44:d4:86:6a:bd:b9:b4:
                    f5:81:cc:54:3f:d7:fc:0d:56:29:17:aa:ea:ec:5e:
                    9c:36:6d:80:4c:fc:cd:3f:66:1c:aa:d7:3d:4b:04:
                    98:58:97:2a:d6:01:df:d9:af:92:77:9a:37:da:9a:
                    10:b5:d3:d9:a6:3e:fa:c1:c0:a9:47:08:25:de:c6:
                    64:45:b1:51:dd:0d:5e:ea:11:ba:8f:61:32:55:c0:
                    9e:28:57:5d:3a:cf:10:34:e0:f1:95:79:4d:e3:98:
                    da:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E8:86:42:0F:8F:D3:5C:F3:E0:0A:FF:00:D7:60:06:C0:8D:CF:2A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oOiGQg-P01zz4Ar_ANdgBsCNzyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6d:19:fc:ab:00:81:eb:53:37:68:23:21:8a:7e:ae:b4:ee:ca:
         11:5d:e9:33:fb:b8:43:91:b6:ae:d6:c3:48:22:af:b3:4b:7e:
         8c:6d:81:1e:3e:e2:fb:a3:66:a7:60:c8:50:5f:1a:26:49:cf:
         cb:44:bc:7a:e0:df:cf:5a:ae:40:cb:dc:3f:fa:2f:4c:ee:94:
         75:c6:f8:50:2e:0b:5f:db:a6:67:12:72:4b:60:e2:91:84:63:
         20:a9:64:d9:ea:18:8d:ba:ec:5b:89:4d:ef:07:65:7f:c4:ab:
         64:6f:3d:4f:d4:04:9e:92:48:67:23:e7:ba:05:ac:c3:ff:18:
         ae:5c:77:5b:a7:85:97:ef:97:63:96:5a:fa:d0:84:e8:ed:79:
         2f:60:2e:af:b1:be:50:00:4b:c4:75:08:c4:50:8c:6a:40:61:
         dd:58:ad:49:ca:76:f9:8d:57:05:26:73:07:2a:08:ac:ee:b7:
         e7:1f:cb:7b:84:05:19:56:b1:ea:d0:7d:1b:f8:87:3d:e8:98:
         82:75:87:df:94:71:0e:53:a8:a1:ac:d0:f7:13:7b:2a:39:63:
         30:2c:1e:26:88:b5:2f:5f:43:ff:bc:c5:b4:a5:32:01:73:3b:
         09:26:34:6b:57:f8:1d:02:7b:10:2f:53:ce:76:ef:bd:7c:bf:
         8a:27:93:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK6YRPfJZLP4BG1wBTcdOTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDIzMTcxNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGU4ODY0MjBmOGZkMzVjZjNlMDBhZmYwMGQ3NjAwNmMwOGRjZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IQy1uNkvIowyrkqrOIZl8AJKFEy
swSREu482J5s9wj1PnVvsihM3EAi+54dFw2hQtxNxBddzMQhUxH0GX3nahqXT19e
5SAFm8v8PSfLtz30TmuP8r7t6VPYy9QFwqEBQrm4cwIejAJM7PMGwufTl3/PiY0G
n6zYR4dDRN/UiMW7sjfiiSeb1TxgyuCK6RsOoxnskxalyAI0QL4E7ETUhmq9ubT1
gcxUP9f8DVYpF6rq7F6cNm2ATPzNP2Ycqtc9SwSYWJcq1gHf2a+Sd5o32poQtdPZ
pj76wcCpRwgl3sZkRbFR3Q1e6hG6j2EyVcCeKFddOs8QNODxlXlN45jasQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDohkIPj9Nc8+AK/wDXYAbAjc8qMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb09pR1FnLVAwMXp6NEFyX0FOZGdCc0NOenlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHzlAMA0G
CSqGSIb3DQEBCwUAA4IBAQBtGfyrAIHrUzdoIyGKfq607soRXekz+7hDkbau1sNI
Iq+zS36MbYEePuL7o2anYMhQXxomSc/LRLx64N/PWq5Ay9w/+i9M7pR1xvhQLgtf
26ZnEnJLYOKRhGMgqWTZ6hiNuuxbiU3vB2V/xKtkbz1P1ASekkhnI+e6BazD/xiu
XHdbp4WX75djllr60ITo7XkvYC6vsb5QAEvEdQjEUIxqQGHdWK1Jynb5jVcFJnMH
Kgis7rfnH8t7hAUZVrHq0H0b+Ic96JiCdYfflHEOU6ihrND3E3sqOWMwLB4miLUv
X0P/vMW0pTIBczsJJjRrV/gdAnsQL1POdu+9fL+KJ5O8
-----END CERTIFICATE-----