Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/p28FhlDwc2pPR7rCxLtKdU6S3v4.roa
File:                     p28FhlDwc2pPR7rCxLtKdU6S3v4.roa (raw, json)
Hash identifier:          LZ9YNFRebAjK+CdaUq2ydD2+e3Cq8Q688x92X9mFstQ=
Subject key identifier:   A7:6F:05:86:50:F0:73:6A:4F:47:BA:C2:C4:BB:4A:75:4E:92:DE:FE
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282373A721A5FD218537CDF0887465DA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/p28FhlDwc2pPR7rCxLtKdU6S3v4.roa
Signing time:             Thu 02 Jan 2025 17:49:59 +0000
ROA not before:           Thu 02 Jan 2025 17:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214279
IP address blocks:        31.57.240.0/22 maxlen: 24
                          31.57.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:73:a7:21:a5:fd:21:85:37:cd:f0:88:74:65:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a76f058650f0736a4f47bac2c4bb4a754e92defe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:18:93:ee:23:82:be:21:13:ea:40:f0:42:30:
                    d8:ae:29:56:5c:05:ea:b5:da:c9:df:4d:4a:bb:9d:
                    a8:a2:54:ee:20:42:a0:f5:eb:8c:24:c3:6b:33:ca:
                    ed:8e:9c:9d:e5:a2:ce:74:e3:47:6e:33:60:ac:93:
                    f9:1c:bd:da:b1:1e:07:f2:d9:4b:0f:56:1a:59:3b:
                    76:df:8d:72:3e:2a:f3:87:c9:e4:83:1a:c8:da:9d:
                    cc:26:28:05:5a:40:5c:f6:b2:f8:05:51:94:c5:ee:
                    b7:9a:fd:66:11:46:5c:1b:41:97:46:a6:9a:7a:47:
                    5b:57:d5:e1:2a:fe:7c:2b:b9:1b:43:00:88:a8:7f:
                    f2:15:8c:a7:ff:c6:22:2d:ad:84:c1:ae:66:4b:34:
                    90:9f:76:d7:9a:1d:8a:22:42:08:22:b1:bf:ce:e7:
                    9e:94:49:26:90:14:bc:09:75:63:8f:70:82:7c:85:
                    26:3f:a2:75:82:26:07:68:53:01:e9:7f:ea:a8:8f:
                    dd:d3:69:dc:27:be:59:47:59:d8:1d:bb:e7:9b:bd:
                    f8:b9:8f:b3:30:d1:f0:36:64:3c:3f:4f:42:98:42:
                    0e:7f:7a:39:ed:d7:e7:1e:d7:69:23:d6:7b:b8:d2:
                    f2:89:24:20:77:72:bc:15:8f:24:c1:2f:95:e4:7e:
                    5b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6F:05:86:50:F0:73:6A:4F:47:BA:C2:C4:BB:4A:75:4E:92:DE:FE
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/p28FhlDwc2pPR7rCxLtKdU6S3v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:04:86:a4:e7:28:1d:2f:c2:f9:80:f5:b8:c1:83:a6:04:84:
         57:bd:96:a9:78:a7:c5:63:34:e6:7d:62:e5:37:33:80:89:5e:
         ec:10:f3:cf:8d:b8:3f:cd:0d:b5:d0:2c:39:93:ea:35:e3:62:
         ea:b1:a4:f7:73:c0:87:4f:f8:84:ce:24:9c:12:4c:a9:d3:81:
         26:c7:11:c8:14:52:bc:35:a6:35:79:92:8c:43:4c:ae:5a:a9:
         5b:54:d2:34:ac:56:71:5f:49:09:f3:46:4f:35:5a:d6:d1:1f:
         76:36:b3:a9:0b:44:f1:91:85:2e:3b:f8:71:ac:18:e9:f6:f0:
         71:1f:34:2c:38:11:b9:21:27:d2:75:9f:3c:7b:8e:44:0d:9a:
         40:2e:ee:7b:9a:8e:ca:c2:b1:18:8a:ec:63:c2:ea:bf:0f:dc:
         04:31:68:e3:75:5f:64:ef:56:95:e2:15:b3:84:80:9a:fd:31:
         9d:40:82:2d:0d:82:fa:b9:56:2b:c5:27:42:7e:65:b4:b0:18:
         6f:24:d0:0e:83:10:0f:6e:18:2f:4f:6c:b5:d2:58:36:39:a3:
         09:3e:27:50:08:bc:71:1b:b4:29:71:5c:97:9b:8d:5f:63:ff:
         c6:54:7e:f3:63:11:4b:0f:bc:5f:40:84:14:ba:ee:2c:62:a6:
         8d:98:4e:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI3OnIaX9IYU3zfCIdGXaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzZmMDU4NjUwZjA3MzZhNGY0N2JhYzJjNGJiNGE3NTRlOTJkZWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBiT7iOCviET6kDwQjDYrilWXAXq
tdrJ301Ku52oolTuIEKg9euMJMNrM8rtjpyd5aLOdONHbjNgrJP5HL3asR4H8tlL
D1YaWTt2341yPirzh8nkgxrI2p3MJigFWkBc9rL4BVGUxe63mv1mEUZcG0GXRqaa
ekdbV9XhKv58K7kbQwCIqH/yFYyn/8YiLa2Ewa5mSzSQn3bXmh2KIkIIIrG/zuee
lEkmkBS8CXVjj3CCfIUmP6J1giYHaFMB6X/qqI/d02ncJ75ZR1nYHbvnm734uY+z
MNHwNmQ8P09CmEIOf3o57dfnHtdpI9Z7uNLyiSQgd3K8FY8kwS+V5H5bhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdvBYZQ8HNqT0e6wsS7SnVOkt7+MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcDI4RmhsRHdjMnBQUjdyQ3hMdEtkVTZTM3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHznwMA0G
CSqGSIb3DQEBCwUAA4IBAQC4BIak5ygdL8L5gPW4wYOmBIRXvZapeKfFYzTmfWLl
NzOAiV7sEPPPjbg/zQ210Cw5k+o142LqsaT3c8CHT/iEziScEkyp04EmxxHIFFK8
NaY1eZKMQ0yuWqlbVNI0rFZxX0kJ80ZPNVrW0R92NrOpC0TxkYUuO/hxrBjp9vBx
HzQsOBG5ISfSdZ88e45EDZpALu57mo7KwrEYiuxjwuq/D9wEMWjjdV9k71aV4hWz
hICa/TGdQIItDYL6uVYrxSdCfmW0sBhvJNAOgxAPbhgvT2y10lg2OaMJPidQCLxx
G7QpcVyXm41fY//GVH7zYxFLD7xfQIQUuu4sYqaNmE5f
-----END CERTIFICATE-----