Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oPY4M-o3MaOozGLc39lU9L-rLJE.roa
File:                     oPY4M-o3MaOozGLc39lU9L-rLJE.roa (raw, json)
Hash identifier:          V28qXAUhVuwoEXOP1wIALm2Df1q/XE54W8Izr0W+oPI=
Subject key identifier:   A0:F6:38:33:EA:37:31:A3:A8:CC:62:DC:DF:D9:54:F4:BF:AB:2C:91
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195F61F22F6AEDC74BD37AA581CA124C802
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oPY4M-o3MaOozGLc39lU9L-rLJE.roa
Signing time:             Wed 02 Apr 2025 10:49:50 +0000
ROA not before:           Wed 02 Apr 2025 10:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     262287
IP address blocks:        31.57.243.0/24 maxlen: 24
                          31.59.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f6:1f:22:f6:ae:dc:74:bd:37:aa:58:1c:a1:24:c8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  2 10:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0f63833ea3731a3a8cc62dcdfd954f4bfab2c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ed:c1:0c:52:c4:8d:d9:91:dc:78:75:ad:32:
                    ae:14:c4:04:07:83:7f:78:c2:c2:f0:2a:14:7d:35:
                    27:b4:ff:d6:a8:e1:90:a7:62:64:42:56:54:bd:81:
                    3c:ce:cd:9f:9c:a8:90:2b:89:f6:e6:07:45:f0:3d:
                    5d:de:17:27:54:76:6b:b3:3b:9b:6a:08:88:12:1f:
                    a9:3b:27:f4:4d:2a:7c:90:a8:bd:c1:f8:ca:15:23:
                    1c:f5:19:b1:d4:94:50:c2:ec:f7:d7:bf:7a:f9:1f:
                    3f:90:37:48:95:30:aa:e7:87:a9:aa:9b:15:b1:29:
                    b6:38:75:24:8d:09:96:f5:91:86:84:bc:ac:59:06:
                    f2:54:72:78:1e:9d:12:48:b1:17:b2:e8:41:47:33:
                    7e:05:1a:c0:80:4b:b4:af:58:ca:a9:82:63:89:66:
                    58:c3:5f:b8:33:c4:26:45:3b:ac:84:26:b6:e0:5c:
                    fc:e0:04:3f:ec:88:a3:4e:d6:22:36:5b:ba:08:d5:
                    d1:3f:aa:71:14:97:90:73:f4:46:3b:87:73:fa:78:
                    21:d5:34:66:15:03:e1:6c:73:d9:f5:13:6f:dd:69:
                    64:65:23:ea:2d:01:9b:6a:9e:f6:d5:ca:d8:f3:8f:
                    3a:80:30:ef:14:c9:bd:46:52:4c:f2:92:e1:99:bd:
                    0d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F6:38:33:EA:37:31:A3:A8:CC:62:DC:DF:D9:54:F4:BF:AB:2C:91
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oPY4M-o3MaOozGLc39lU9L-rLJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.243.0/24
                  31.59.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f1:0d:4a:55:fb:4a:ec:2f:e1:03:16:8c:f8:9a:4d:ca:66:
         e2:e9:ab:fe:e2:69:a8:92:66:5b:70:5c:88:38:5d:a0:0d:0d:
         fc:50:82:cc:76:e0:c6:eb:a1:0b:44:22:b5:f8:32:40:6e:f8:
         72:f5:10:4e:ed:c3:c7:b5:97:a7:11:df:ee:c3:49:80:62:87:
         01:4c:1a:43:f0:61:b9:36:01:e2:2f:a9:58:d0:cf:6b:06:18:
         85:07:35:ed:e2:0c:9a:a4:95:9f:4d:d7:11:77:eb:ca:7d:46:
         ab:ba:1a:cd:7a:65:59:6b:d0:0c:be:5a:c8:77:55:28:23:4e:
         50:12:64:c3:09:64:ea:81:51:82:9d:a6:61:83:c5:ed:9b:33:
         6d:d6:68:8a:b9:72:31:e3:6d:d0:3f:f1:4d:3c:39:3c:7c:b7:
         a2:cb:1f:69:78:03:1c:36:e8:cf:a5:f7:63:f7:b5:74:ff:db:
         f0:8a:2a:b4:d4:92:23:ac:45:cd:f8:3e:ff:0a:39:73:d6:ab:
         9b:e6:57:ec:70:94:bf:6d:28:97:38:e4:35:2b:3c:5e:5b:65:
         08:d9:54:b1:14:bd:57:6e:e6:5d:2c:b3:0b:13:86:7c:32:4c:
         ec:b1:24:62:59:d3:4e:6c:32:30:63:6d:54:80:2f:ca:b5:69:
         8c:f6:59:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZX2HyL2rtx0vTeqWByhJMgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDAyMTA0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGY2MzgzM2VhMzczMWEzYThjYzYyZGNkZmQ5NTRmNGJmYWIyYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte3BDFLEjdmR3Hh1rTKuFMQEB4N/
eMLC8CoUfTUntP/WqOGQp2JkQlZUvYE8zs2fnKiQK4n25gdF8D1d3hcnVHZrszub
agiIEh+pOyf0TSp8kKi9wfjKFSMc9Rmx1JRQwuz31796+R8/kDdIlTCq54epqpsV
sSm2OHUkjQmW9ZGGhLysWQbyVHJ4Hp0SSLEXsuhBRzN+BRrAgEu0r1jKqYJjiWZY
w1+4M8QmRTushCa24Fz84AQ/7IijTtYiNlu6CNXRP6pxFJeQc/RGO4dz+ngh1TRm
FQPhbHPZ9RNv3WlkZSPqLQGbap721crY8486gDDvFMm9RlJM8pLhmb0NlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKD2ODPqNzGjqMxi3N/ZVPS/qyyRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb1BZNE0tbzNNYU9vekdMYzM5bFU5TC1yTEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHznzAwQA
HztrMA0GCSqGSIb3DQEBCwUAA4IBAQBP8Q1KVftK7C/hAxaM+JpNymbi6av+4mmo
kmZbcFyIOF2gDQ38UILMduDG66ELRCK1+DJAbvhy9RBO7cPHtZenEd/uw0mAYocB
TBpD8GG5NgHiL6lY0M9rBhiFBzXt4gyapJWfTdcRd+vKfUaruhrNemVZa9AMvlrI
d1UoI05QEmTDCWTqgVGCnaZhg8XtmzNt1miKuXIx423QP/FNPDk8fLeiyx9peAMc
NujPpfdj97V0/9vwiiq01JIjrEXN+D7/Cjlz1qub5lfscJS/bSiXOOQ1KzxeW2UI
2VSxFL1XbuZdLLMLE4Z8MkzssSRiWdNObDIwY21UgC/KtWmM9llg
-----END CERTIFICATE-----