Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oT3iJp8pdGKZ0x-UxMeC4YdPaOo.roa
File:                     oT3iJp8pdGKZ0x-UxMeC4YdPaOo.roa (raw, json)
Hash identifier:          cz2bmF/laP1MuJwt2sw6ZV1VHSP1rwr/EQTILkLwm+E=
Subject key identifier:   A1:3D:E2:26:9F:29:74:62:99:D3:1F:94:C4:C7:82:E1:87:4F:68:EA
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192CA294C7D928D9981A43D2AF0F9E44834
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oT3iJp8pdGKZ0x-UxMeC4YdPaOo.roa
Signing time:             Sat 26 Oct 2024 18:49:17 +0000
ROA not before:           Sat 26 Oct 2024 18:49:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213962
IP address blocks:        31.58.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ca:29:4c:7d:92:8d:99:81:a4:3d:2a:f0:f9:e4:48:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 26 18:49:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a13de2269f29746299d31f94c4c782e1874f68ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:58:79:d4:3a:38:6b:c0:fd:83:96:07:d2:35:
                    e6:35:89:36:48:50:8d:67:d3:71:ee:a1:f7:f7:1b:
                    7f:d9:86:76:62:e5:bf:21:f8:41:4b:e5:06:07:46:
                    ae:64:10:e5:6f:de:60:ea:9b:d2:64:a3:ac:ff:55:
                    d0:91:1b:ec:0d:3c:f7:8d:17:80:e0:bb:14:ba:bb:
                    c8:ad:8c:25:a3:7c:ec:df:97:70:56:8b:09:95:15:
                    2b:98:14:2b:1b:00:2d:73:22:15:5e:5f:1c:5c:bf:
                    7f:7f:1d:6d:8d:c1:62:b4:44:3a:17:ff:96:7a:ff:
                    18:35:3f:9e:0c:e4:97:5e:08:74:84:55:a4:4c:79:
                    03:93:9d:6b:e4:e5:58:27:25:6f:f5:fb:48:a8:e5:
                    81:a2:07:68:7e:b5:c7:26:e3:c3:0a:49:11:0d:21:
                    f8:a9:fe:00:dd:46:fe:22:5c:c1:92:75:5b:07:34:
                    df:7f:8a:b3:18:66:7f:60:ba:c7:65:08:55:a2:53:
                    78:67:19:61:8a:01:5b:90:4a:d6:1e:38:f6:d6:71:
                    48:70:4e:96:88:28:05:f8:0c:ac:73:f9:81:2f:e8:
                    14:a7:2d:5f:17:92:fb:05:f1:94:6b:66:1e:40:df:
                    4b:5e:b3:f9:4f:c8:9f:18:a1:10:c8:d2:0d:0d:85:
                    8e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:3D:E2:26:9F:29:74:62:99:D3:1F:94:C4:C7:82:E1:87:4F:68:EA
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/oT3iJp8pdGKZ0x-UxMeC4YdPaOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:b5:4d:bf:ee:ec:78:51:42:06:5b:07:ee:f8:9f:34:97:88:
         30:b6:f3:dc:32:f0:11:60:48:b1:8e:a1:14:58:74:80:66:bc:
         61:e8:06:8f:7f:41:0f:e3:0b:99:5c:9d:6f:2c:5a:ab:ba:64:
         3f:5f:3d:f2:94:97:a9:14:b2:2e:b5:63:93:d5:6e:98:4a:2b:
         ea:1c:93:0a:6e:92:74:c0:48:3f:c9:e2:0f:9d:a1:33:83:de:
         ac:fc:10:96:36:f9:42:21:c9:fb:e4:ad:83:7a:9d:d9:dd:d5:
         b0:24:ae:83:42:66:95:e6:a5:b6:50:da:d9:86:c4:cc:23:fb:
         5e:db:75:6d:d9:6c:9e:ff:78:06:d6:db:2c:aa:c5:b6:05:b2:
         95:49:33:54:36:64:2f:7e:32:b1:97:f2:78:67:89:68:43:99:
         bf:1e:9a:68:1a:8d:fd:3f:86:f6:36:44:87:2f:d0:bc:21:77:
         99:76:38:c8:03:fb:13:80:68:90:43:57:f9:38:9f:7c:79:a2:
         83:d2:1f:81:0d:90:b2:c6:c6:6a:6f:31:a3:5d:ea:68:f0:d7:
         52:ee:95:ec:c0:a7:f1:38:2c:f9:0f:7c:18:c7:42:8b:18:3f:
         4f:60:62:58:c7:17:42:35:28:a8:fa:58:8b:fc:fa:5f:40:3a:
         5d:7d:af:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLKKUx9ko2ZgaQ9KvD55Eg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDI2MTg0OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTNkZTIyNjlmMjk3NDYyOTlkMzFmOTRjNGM3ODJlMTg3NGY2OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlh51Do4a8D9g5YH0jXmNYk2SFCN
Z9Nx7qH39xt/2YZ2YuW/IfhBS+UGB0auZBDlb95g6pvSZKOs/1XQkRvsDTz3jReA
4LsUurvIrYwlo3zs35dwVosJlRUrmBQrGwAtcyIVXl8cXL9/fx1tjcFitEQ6F/+W
ev8YNT+eDOSXXgh0hFWkTHkDk51r5OVYJyVv9ftIqOWBogdofrXHJuPDCkkRDSH4
qf4A3Ub+IlzBknVbBzTff4qzGGZ/YLrHZQhVolN4ZxlhigFbkErWHjj21nFIcE6W
iCgF+Aysc/mBL+gUpy1fF5L7BfGUa2YeQN9LXrP5T8ifGKEQyNINDYWO3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKE94iafKXRimdMflMTHguGHT2jqMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb1QzaUpwOHBkR0taMHgtVXhNZUM0WWRQYU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzpbMA0G
CSqGSIb3DQEBCwUAA4IBAQCktU2/7ux4UUIGWwfu+J80l4gwtvPcMvARYEixjqEU
WHSAZrxh6AaPf0EP4wuZXJ1vLFqrumQ/Xz3ylJepFLIutWOT1W6YSivqHJMKbpJ0
wEg/yeIPnaEzg96s/BCWNvlCIcn75K2Dep3Z3dWwJK6DQmaV5qW2UNrZhsTMI/te
23Vt2Wye/3gG1tssqsW2BbKVSTNUNmQvfjKxl/J4Z4loQ5m/HppoGo39P4b2NkSH
L9C8IXeZdjjIA/sTgGiQQ1f5OJ98eaKD0h+BDZCyxsZqbzGjXepo8NdS7pXswKfx
OCz5D3wYx0KLGD9PYGJYxxdCNSio+liL/PpfQDpdfa+D
-----END CERTIFICATE-----