Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ok0kjkmSorkFKSSnUuMWj5Jmi6s.roa
File:                     ok0kjkmSorkFKSSnUuMWj5Jmi6s.roa (raw, json)
Hash identifier:          KGMQzk/+W2QhyIpwQuziCztx+tqLftR6leg8fkw6i9E=
Subject key identifier:   A2:4D:24:8E:49:92:A2:B9:05:29:24:A7:52:E3:16:8F:92:66:8B:AB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428236C1F04C0B6A7D56AA46EC2F98503
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ok0kjkmSorkFKSSnUuMWj5Jmi6s.roa
Signing time:             Thu 02 Jan 2025 17:49:57 +0000
ROA not before:           Thu 02 Jan 2025 17:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213929
IP address blocks:        31.59.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:6c:1f:04:c0:b6:a7:d5:6a:a4:6e:c2:f9:85:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a24d248e4992a2b9052924a752e3168f92668bab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:67:b7:b2:12:0b:64:4b:8c:cf:b7:af:28:96:
                    51:e9:6e:da:e4:68:87:91:dd:fc:74:33:c3:d9:6b:
                    22:45:63:05:ea:fd:8e:9d:ee:32:fc:e4:fb:aa:d4:
                    5a:a3:c8:02:7a:a5:a6:5a:5a:11:99:a9:f9:43:68:
                    6e:46:b0:73:b0:74:f5:c6:83:a1:32:fb:4a:5c:ad:
                    88:0b:70:75:b2:09:6e:6a:5c:f0:f4:d9:70:34:b2:
                    e1:fa:61:88:74:d6:87:5b:57:82:d0:69:25:63:7f:
                    4e:50:ae:6e:cf:87:c1:80:59:f0:b9:81:23:b8:24:
                    47:a4:6f:3d:e3:66:0f:36:e8:cf:0c:f3:e3:15:cb:
                    77:f9:91:61:0a:c9:d9:c2:b1:82:f0:bd:a3:04:cf:
                    f3:b6:6c:ad:14:b7:25:ca:95:df:42:86:2c:cb:c0:
                    0b:ef:82:45:81:00:a5:23:97:f4:e8:c7:2b:59:66:
                    31:e5:45:65:80:0b:2f:4f:d0:f0:d6:90:07:3b:2d:
                    5f:36:2e:68:a8:12:41:ec:f5:92:4d:c0:3e:9c:7c:
                    bd:27:cf:9b:6b:96:bf:cc:f3:dd:52:16:6d:5a:75:
                    21:a3:71:8e:8d:f9:61:4d:17:ef:f4:db:a8:8f:f6:
                    6e:38:2e:d9:d2:88:21:95:3c:55:2f:34:9f:02:b1:
                    6a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4D:24:8E:49:92:A2:B9:05:29:24:A7:52:E3:16:8F:92:66:8B:AB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/ok0kjkmSorkFKSSnUuMWj5Jmi6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:3c:8f:c1:6d:b5:33:18:5b:eb:02:96:f0:30:c3:18:77:03:
         5a:13:4b:61:a4:3c:9d:35:4e:cd:4c:b9:0d:98:1a:8f:40:c6:
         66:42:56:0f:c5:d6:d3:51:45:1d:de:41:7d:05:52:21:d8:e1:
         f3:69:0c:1b:21:85:22:73:d0:41:d5:13:ea:a8:34:45:a6:ad:
         bf:e5:ba:c4:6e:de:fe:7d:15:c7:fb:ed:fd:06:56:53:3e:8e:
         ee:e7:cd:b5:a7:b9:3c:8f:70:b3:20:f0:1d:b8:f0:6f:c6:86:
         0e:2f:4c:8f:c1:db:02:44:13:56:1b:b5:30:78:1e:91:56:c5:
         c9:06:6a:cf:66:3b:47:b0:fe:49:57:0c:30:31:cc:2a:1a:a0:
         3c:aa:81:2e:6d:00:d3:ea:9d:b3:c3:71:b1:f5:68:a8:06:c7:
         10:e6:3d:70:8f:f3:60:b6:a9:64:7f:48:c5:79:19:0d:b8:33:
         f7:f0:7c:3d:a6:4a:ab:e9:39:5a:1e:cf:30:4b:4c:82:1e:12:
         87:d0:1c:45:3d:c7:57:4f:58:33:0d:ef:14:ea:00:76:2d:65:
         63:bc:e0:81:e6:91:a7:2d:fb:df:3d:9d:18:78:46:f7:6d:11:
         3e:28:0e:9c:80:8a:ae:e0:05:60:4e:32:e7:8a:0a:f1:9f:4c:
         9d:66:d6:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2wfBMC2p9VqpG7C+YUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRkMjQ4ZTQ5OTJhMmI5MDUyOTI0YTc1MmUzMTY4ZjkyNjY4YmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWe3shILZEuMz7evKJZR6W7a5GiH
kd38dDPD2WsiRWMF6v2One4y/OT7qtRao8gCeqWmWloRman5Q2huRrBzsHT1xoOh
MvtKXK2IC3B1sglualzw9NlwNLLh+mGIdNaHW1eC0GklY39OUK5uz4fBgFnwuYEj
uCRHpG8942YPNujPDPPjFct3+ZFhCsnZwrGC8L2jBM/ztmytFLclypXfQoYsy8AL
74JFgQClI5f06McrWWYx5UVlgAsvT9Dw1pAHOy1fNi5oqBJB7PWSTcA+nHy9J8+b
a5a/zPPdUhZtWnUho3GOjflhTRfv9Nuoj/ZuOC7Z0oghlTxVLzSfArFqNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJNJI5JkqK5BSkkp1LjFo+SZourMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb2swa2prbVNvcmtGS1NTblV1TVdqNUptaTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztkMA0G
CSqGSIb3DQEBCwUAA4IBAQCjPI/BbbUzGFvrApbwMMMYdwNaE0thpDydNU7NTLkN
mBqPQMZmQlYPxdbTUUUd3kF9BVIh2OHzaQwbIYUic9BB1RPqqDRFpq2/5brEbt7+
fRXH++39BlZTPo7u5821p7k8j3CzIPAduPBvxoYOL0yPwdsCRBNWG7UweB6RVsXJ
BmrPZjtHsP5JVwwwMcwqGqA8qoEubQDT6p2zw3Gx9WioBscQ5j1wj/Ngtqlkf0jF
eRkNuDP38Hw9pkqr6TlaHs8wS0yCHhKH0BxFPcdXT1gzDe8U6gB2LWVjvOCB5pGn
LfvfPZ0YeEb3bRE+KA6cgIqu4AVgTjLnigrxn0ydZtYe
-----END CERTIFICATE-----