Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pIs0g7bmbOEasyOm_jaOiVYxNqI.roa
File:                     pIs0g7bmbOEasyOm_jaOiVYxNqI.roa (raw, json)
Hash identifier:          NzpIbuACOLXS36iAx7Zp+nqQW+rq05mRek8mz7C7IqE=
Subject key identifier:   A4:8B:34:83:B6:E6:6C:E1:1A:B3:23:A6:FE:36:8E:89:56:31:36:A2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01926CEB987716650195677A4A62D861CD30
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pIs0g7bmbOEasyOm_jaOiVYxNqI.roa
Signing time:             Tue 08 Oct 2024 16:17:12 +0000
ROA not before:           Tue 08 Oct 2024 16:17:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216221
IP address blocks:        31.57.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:eb:98:77:16:65:01:95:67:7a:4a:62:d8:61:cd:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  8 16:17:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a48b3483b6e66ce11ab323a6fe368e89563136a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:84:41:20:a7:6e:4c:ed:bb:ed:d9:58:be:66:
                    a3:be:f5:bd:5c:79:3d:bd:2e:c0:05:1a:1e:b7:59:
                    ec:b8:f3:ed:96:72:c0:78:13:6b:7e:a6:7c:6a:02:
                    b0:a6:39:be:ba:60:2d:4b:eb:b2:85:bd:79:35:ca:
                    e1:f4:fd:9b:63:92:84:95:49:ad:d8:8e:0a:1b:20:
                    2c:2b:62:12:89:48:1d:d8:74:a1:4b:ae:ee:b6:27:
                    4a:d7:70:15:fb:32:36:55:80:1f:14:3f:45:17:db:
                    28:a4:58:7c:8c:7c:94:77:76:8e:65:07:1d:af:a7:
                    91:da:c8:38:b5:3d:10:27:99:f7:a0:59:f2:1a:6d:
                    d9:11:49:2c:09:4d:e4:64:54:b1:1f:e0:f1:f5:d4:
                    b6:3e:67:b5:d8:19:70:4e:ce:f3:57:e9:be:e1:71:
                    a1:67:27:c7:57:1e:bf:2b:92:7b:f6:7d:0e:71:84:
                    b4:b0:7c:d9:0a:6a:2f:dd:ee:88:a4:73:ee:77:47:
                    23:53:06:93:b9:28:c2:67:01:63:b4:4e:96:ce:7b:
                    eb:f8:34:86:3a:4d:43:d4:79:46:fb:fc:d1:3d:80:
                    5c:fe:a4:d5:4a:c1:f5:e1:1b:c5:5d:06:fc:02:a5:
                    92:00:08:5f:2a:cd:ce:a9:81:87:14:7c:cd:2e:9e:
                    69:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:8B:34:83:B6:E6:6C:E1:1A:B3:23:A6:FE:36:8E:89:56:31:36:A2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pIs0g7bmbOEasyOm_jaOiVYxNqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:3f:1e:e5:70:64:87:ab:3d:1e:5b:af:ed:0f:cf:11:5e:3f:
         3d:cb:c9:03:12:3c:1f:9b:6f:79:02:8c:65:1c:ad:ee:5a:b4:
         65:45:ce:2f:6e:e3:dd:f1:69:a0:bf:f5:60:02:f3:29:e9:3b:
         f8:39:b9:98:6a:be:26:93:5a:cc:89:b7:04:cc:61:c6:45:9f:
         cb:46:24:eb:10:13:5c:26:da:ce:cb:a0:b5:f2:38:97:93:9e:
         2f:2d:55:38:29:ad:df:a3:c1:1f:3e:5d:6a:ff:2d:cc:3d:ac:
         10:37:1d:a7:8f:7d:77:58:15:cd:16:3a:c0:d7:a2:d0:6a:f2:
         6f:ec:cb:0d:68:0d:7a:17:1e:85:e4:65:79:ed:2e:a7:96:05:
         7c:26:42:42:c0:c8:bf:cb:cf:13:e4:3d:a6:4b:b7:47:81:9f:
         80:d8:ba:b4:26:48:05:e8:ac:bd:2e:77:35:84:55:55:a8:b5:
         d9:45:fd:58:06:62:22:a1:03:d5:8b:58:47:d3:1c:35:29:c8:
         6e:4b:45:95:7d:0f:8b:d3:00:0b:71:e8:17:32:c9:ac:17:80:
         26:bf:a7:b2:ae:73:ad:16:56:e8:6a:dc:8f:b5:d5:15:e3:31:
         60:88:e5:e2:3f:82:9e:5c:48:cc:d7:81:13:d1:cf:49:91:4a:
         3e:3c:92:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJs65h3FmUBlWd6SmLYYc0wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDA4MTYxNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhiMzQ4M2I2ZTY2Y2UxMWFiMzIzYTZmZTM2OGU4OTU2MzEzNmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IRBIKduTO277dlYvmajvvW9XHk9
vS7ABRoet1nsuPPtlnLAeBNrfqZ8agKwpjm+umAtS+uyhb15Ncrh9P2bY5KElUmt
2I4KGyAsK2ISiUgd2HShS67utidK13AV+zI2VYAfFD9FF9sopFh8jHyUd3aOZQcd
r6eR2sg4tT0QJ5n3oFnyGm3ZEUksCU3kZFSxH+Dx9dS2Pme12BlwTs7zV+m+4XGh
ZyfHVx6/K5J79n0OcYS0sHzZCmov3e6IpHPud0cjUwaTuSjCZwFjtE6Wznvr+DSG
Ok1D1HlG+/zRPYBc/qTVSsH14RvFXQb8AqWSAAhfKs3OqYGHFHzNLp5pLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSLNIO25mzhGrMjpv42jolWMTaiMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcElzMGc3Ym1iT0Vhc3lPbV9qYU9pVll4TnFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlwMA0G
CSqGSIb3DQEBCwUAA4IBAQCMPx7lcGSHqz0eW6/tD88RXj89y8kDEjwfm295Aoxl
HK3uWrRlRc4vbuPd8Wmgv/VgAvMp6Tv4ObmYar4mk1rMibcEzGHGRZ/LRiTrEBNc
JtrOy6C18jiXk54vLVU4Ka3fo8EfPl1q/y3MPawQNx2nj313WBXNFjrA16LQavJv
7MsNaA16Fx6F5GV57S6nlgV8JkJCwMi/y88T5D2mS7dHgZ+A2Lq0JkgF6Ky9Lnc1
hFVVqLXZRf1YBmIioQPVi1hH0xw1KchuS0WVfQ+L0wALcegXMsmsF4Amv6eyrnOt
FlboatyPtdUV4zFgiOXiP4KeXEjM14ET0c9JkUo+PJIH
-----END CERTIFICATE-----