Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r9CxAJEgx6h6YFZUHTGWVh--vbQ.roa
File:                     r9CxAJEgx6h6YFZUHTGWVh--vbQ.roa (raw, json)
Hash identifier:          KZRdadE+bd3vEPap6Erw6EVyyzwj7yVpj//PgpqbjOc=
Subject key identifier:   AF:D0:B1:00:91:20:C7:A8:7A:60:56:54:1D:31:96:56:1F:BE:BD:B4
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428233AB022C6147C40650963A58E34A9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r9CxAJEgx6h6YFZUHTGWVh--vbQ.roa
Signing time:             Thu 02 Jan 2025 17:49:44 +0000
ROA not before:           Thu 02 Jan 2025 17:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        31.57.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:3a:b0:22:c6:14:7c:40:65:09:63:a5:8e:34:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afd0b1009120c7a87a6056541d3196561fbebdb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:74:ce:c8:ef:95:00:7b:88:f3:a1:4d:89:a2:
                    98:0e:d3:6d:bf:f6:50:fa:ee:ce:46:95:9c:e2:f5:
                    cd:1e:ed:71:75:45:60:c8:f6:d4:31:1d:1b:38:ab:
                    67:ea:f1:ad:a6:c7:57:d2:43:ec:20:cb:1f:2c:ab:
                    27:75:a2:bc:d5:e5:5b:c6:b8:ca:44:68:59:cc:b7:
                    16:6a:f0:40:a3:f6:80:b3:a8:5c:01:76:42:5b:7f:
                    66:68:32:99:35:78:5a:cd:e7:f2:69:08:1a:9f:0c:
                    d3:d2:a2:22:50:1c:9b:b3:6f:91:b5:5a:84:58:a2:
                    ee:8d:82:91:ed:e2:08:a7:0e:77:02:03:12:93:dc:
                    9b:e3:33:cf:ac:f1:3f:ba:5c:54:17:ce:d8:63:71:
                    ed:4e:4f:10:4d:88:06:82:23:2d:1d:c7:cb:1c:82:
                    90:5f:a6:68:b2:a6:8e:8a:9a:17:66:da:4e:a9:df:
                    44:bb:ac:a6:65:ae:28:53:cd:52:ed:03:73:fe:d9:
                    dd:2f:23:04:ea:09:6a:41:f7:ce:2d:16:5b:da:bc:
                    1d:41:2a:54:e6:c5:86:9c:da:a5:f5:a6:3f:e1:b6:
                    f2:8c:87:b0:3d:3a:5b:f9:eb:e5:37:7b:7c:11:c0:
                    f9:60:0a:f5:54:af:27:61:d1:bf:79:6e:e3:cf:4a:
                    3c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D0:B1:00:91:20:C7:A8:7A:60:56:54:1D:31:96:56:1F:BE:BD:B4
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r9CxAJEgx6h6YFZUHTGWVh--vbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:30:6e:cd:d1:3e:04:1c:73:74:7d:48:71:ba:55:30:af:a9:
         48:3d:48:0b:e1:11:17:12:6b:2f:f1:8f:ad:16:9c:9e:f3:1c:
         16:7f:14:16:1b:96:f3:01:3d:53:a9:76:df:d4:d1:5b:55:97:
         3c:16:93:8f:13:d0:e6:d4:14:5f:06:16:d0:7e:44:0c:74:39:
         75:e2:8b:db:ab:3c:e5:b1:53:12:fc:dd:46:64:f4:3b:30:14:
         2c:c9:d0:97:bf:4a:93:49:df:18:9d:22:37:7d:4a:4f:bf:a1:
         e6:9c:a3:dc:ed:ad:3b:ef:9a:b9:29:8c:52:72:48:94:03:a1:
         3b:b1:66:1d:ea:63:9e:dc:0d:2d:38:af:3d:5e:91:a8:5a:b8:
         2f:84:5e:71:cd:83:5a:3e:fc:04:37:e1:0b:e8:aa:f8:2f:83:
         49:f1:d6:86:2e:12:98:7f:5e:c8:39:06:f4:9e:ef:2c:29:3c:
         d2:62:c5:84:1b:6a:a6:ff:bd:b5:cb:d2:86:e6:c3:22:85:1a:
         39:5a:93:ca:0e:64:55:b2:0e:8e:29:2d:d8:85:e1:0c:e4:f4:
         93:ac:be:c1:c5:10:17:94:bb:62:ff:77:22:6a:34:4d:9a:30:
         d2:5e:c5:3b:45:73:19:c8:c4:24:29:87:c8:f0:74:f9:ad:6b:
         a5:34:61:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzqwIsYUfEBlCWOljjSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQwYjEwMDkxMjBjN2E4N2E2MDU2NTQxZDMxOTY1NjFmYmViZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HTOyO+VAHuI86FNiaKYDtNtv/ZQ
+u7ORpWc4vXNHu1xdUVgyPbUMR0bOKtn6vGtpsdX0kPsIMsfLKsndaK81eVbxrjK
RGhZzLcWavBAo/aAs6hcAXZCW39maDKZNXhazefyaQganwzT0qIiUBybs2+RtVqE
WKLujYKR7eIIpw53AgMSk9yb4zPPrPE/ulxUF87YY3HtTk8QTYgGgiMtHcfLHIKQ
X6ZosqaOipoXZtpOqd9Eu6ymZa4oU81S7QNz/tndLyME6glqQffOLRZb2rwdQSpU
5sWGnNql9aY/4bbyjIewPTpb+evlN3t8EcD5YAr1VK8nYdG/eW7jz0o82QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/QsQCRIMeoemBWVB0xllYfvr20MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcjlDeEFKRWd4Nmg2WUZaVUhUR1dWaC0tdmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznlMA0G
CSqGSIb3DQEBCwUAA4IBAQCrMG7N0T4EHHN0fUhxulUwr6lIPUgL4REXEmsv8Y+t
Fpye8xwWfxQWG5bzAT1TqXbf1NFbVZc8FpOPE9Dm1BRfBhbQfkQMdDl14ovbqzzl
sVMS/N1GZPQ7MBQsydCXv0qTSd8YnSI3fUpPv6HmnKPc7a0775q5KYxSckiUA6E7
sWYd6mOe3A0tOK89XpGoWrgvhF5xzYNaPvwEN+EL6Kr4L4NJ8daGLhKYf17IOQb0
nu8sKTzSYsWEG2qm/721y9KG5sMihRo5WpPKDmRVsg6OKS3YheEM5PSTrL7BxRAX
lLti/3ciajRNmjDSXsU7RXMZyMQkKYfI8HT5rWulNGEC
-----END CERTIFICATE-----