Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qwkWZsEc2RXktXmhl7eUhhy6DaE.roa
File:                     qwkWZsEc2RXktXmhl7eUhhy6DaE.roa (raw, json)
Hash identifier:          n3FiuI5fxOVK5r2OMG0i+arxWVI/MXYNjPvmJQdrn8A=
Subject key identifier:   AB:09:16:66:C1:1C:D9:15:E4:B5:79:A1:97:B7:94:86:1C:BA:0D:A1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234B248242CA0F362B9B111F4ADCDA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qwkWZsEc2RXktXmhl7eUhhy6DaE.roa
Signing time:             Thu 02 Jan 2025 17:49:49 +0000
ROA not before:           Thu 02 Jan 2025 17:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        31.57.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:4b:24:82:42:ca:0f:36:2b:9b:11:1f:4a:dc:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab091666c11cd915e4b579a197b794861cba0da1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7e:80:da:32:55:b8:dd:be:ce:84:b9:5a:b8:
                    95:fd:26:b8:a4:5f:c8:91:7a:73:5a:f6:0e:17:c4:
                    b6:f4:6b:84:8d:b3:39:00:da:d2:90:e2:b1:67:bd:
                    6f:cc:ed:b4:95:d4:ac:39:0b:c6:79:2e:90:ad:40:
                    05:d7:f1:a6:cf:55:41:91:37:fe:ff:7d:76:ed:bd:
                    1a:f7:c5:0f:5b:8d:85:0d:4f:21:57:9a:21:f2:ef:
                    9c:3c:0b:87:be:40:66:9e:4b:aa:b0:2a:0b:28:92:
                    dc:ac:e8:11:f5:07:69:cf:02:e2:ef:34:c9:04:b0:
                    06:20:fa:af:d2:df:cb:3a:06:9f:b7:39:ae:c2:79:
                    81:6e:96:b6:76:92:85:85:61:ec:0d:cd:f5:5e:ba:
                    c9:94:8d:1a:e3:cb:57:4c:05:25:de:6e:5d:d0:d4:
                    f3:af:88:7b:18:ae:df:67:77:98:29:bd:fa:c3:c0:
                    5e:77:c0:f5:55:90:e1:95:cf:e6:53:d9:68:90:b2:
                    82:4c:ac:ee:f0:22:cd:61:3e:4f:6e:3f:b5:3c:2f:
                    3d:51:4a:54:60:e8:60:38:d7:99:b2:08:8c:7b:e4:
                    4e:5a:5f:fd:dc:87:ae:1f:46:b9:a7:ab:a2:b3:89:
                    a8:e8:89:1e:ca:6a:b4:11:85:a1:e5:13:99:f4:05:
                    3d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:09:16:66:C1:1C:D9:15:E4:B5:79:A1:97:B7:94:86:1C:BA:0D:A1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/qwkWZsEc2RXktXmhl7eUhhy6DaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:b1:da:30:74:78:ea:53:24:98:1f:05:e9:af:0f:7b:8d:da:
         f5:e8:48:a7:75:2b:14:d7:e4:39:1f:2c:10:32:24:30:2d:e2:
         31:09:14:bc:9d:da:a1:82:af:49:00:3b:50:c9:ce:a0:2c:aa:
         d0:b4:4d:b6:85:cf:6d:cf:c4:d8:8d:84:0e:a1:5d:88:eb:bd:
         b2:ea:f6:67:b8:1b:7a:34:d5:d7:bb:03:b6:0e:16:bf:7f:03:
         34:6d:27:11:41:52:cc:1f:b9:d6:77:fc:33:1e:f5:1e:7d:e8:
         1a:af:ef:29:9a:fc:c9:f9:f4:ec:02:7e:f2:4f:1d:84:87:ed:
         27:cd:1e:23:62:01:33:51:18:fb:6c:de:79:90:d3:86:d1:7f:
         8e:85:ee:81:85:ff:32:47:e9:33:39:1f:39:88:d8:53:8e:2d:
         0f:91:cc:e4:f5:80:d1:e3:b8:db:c2:f6:7e:1f:f8:f5:10:4d:
         ad:e0:23:7a:dd:fb:44:3d:98:52:55:25:6f:cb:9f:21:24:2d:
         e5:8c:8e:42:f4:dd:63:de:57:05:81:a3:9f:85:39:2d:8e:4c:
         70:39:4f:93:dc:dc:cf:db:bd:11:4f:06:49:9a:53:e6:56:f9:
         8c:31:cf:f8:b9:51:47:90:48:d9:bb:bf:f1:21:70:07:5b:1f:
         9c:c1:b5:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0skgkLKDzYrmxEfStzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA5MTY2NmMxMWNkOTE1ZTRiNTc5YTE5N2I3OTQ4NjFjYmEwZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp36A2jJVuN2+zoS5WriV/Sa4pF/I
kXpzWvYOF8S29GuEjbM5ANrSkOKxZ71vzO20ldSsOQvGeS6QrUAF1/Gmz1VBkTf+
/3127b0a98UPW42FDU8hV5oh8u+cPAuHvkBmnkuqsCoLKJLcrOgR9QdpzwLi7zTJ
BLAGIPqv0t/LOgaftzmuwnmBbpa2dpKFhWHsDc31XrrJlI0a48tXTAUl3m5d0NTz
r4h7GK7fZ3eYKb36w8Bed8D1VZDhlc/mU9lokLKCTKzu8CLNYT5Pbj+1PC89UUpU
YOhgONeZsgiMe+ROWl/93IeuH0a5p6uis4mo6Ikeymq0EYWh5ROZ9AU9SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsJFmbBHNkV5LV5oZe3lIYcug2hMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcXdrV1pzRWMyUlhrdFhtaGw3ZVVoaHk2RGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzm+MA0G
CSqGSIb3DQEBCwUAA4IBAQCIsdowdHjqUySYHwXprw97jdr16EindSsU1+Q5HywQ
MiQwLeIxCRS8ndqhgq9JADtQyc6gLKrQtE22hc9tz8TYjYQOoV2I672y6vZnuBt6
NNXXuwO2Dha/fwM0bScRQVLMH7nWd/wzHvUefegar+8pmvzJ+fTsAn7yTx2Eh+0n
zR4jYgEzURj7bN55kNOG0X+Ohe6Bhf8yR+kzOR85iNhTji0Pkczk9YDR47jbwvZ+
H/j1EE2t4CN63ftEPZhSVSVvy58hJC3ljI5C9N1j3lcFgaOfhTktjkxwOU+T3NzP
270RTwZJmlPmVvmMMc/4uVFHkEjZu7/xIXAHWx+cwbUo
-----END CERTIFICATE-----