Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rXaayNC2V3j5cppwCBVC6SKsc7U.roa
File:                     rXaayNC2V3j5cppwCBVC6SKsc7U.roa (raw, json)
Hash identifier:          oz7o1629KvAOXfmgxxGWTPN5SkHLmHoJqyIE2iqR1xg=
Subject key identifier:   AD:76:9A:C8:D0:B6:57:78:F9:72:9A:70:08:15:42:E9:22:AC:73:B5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192E696983370B5C15DA8106C7398ACA52B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rXaayNC2V3j5cppwCBVC6SKsc7U.roa
Signing time:             Fri 01 Nov 2024 07:18:01 +0000
ROA not before:           Fri 01 Nov 2024 07:18:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61254
IP address blocks:        31.58.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e6:96:98:33:70:b5:c1:5d:a8:10:6c:73:98:ac:a5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  1 07:18:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad769ac8d0b65778f9729a70081542e922ac73b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:2e:5b:eb:46:44:a2:1c:ad:60:d3:fb:45:6f:
                    e8:fa:85:e8:63:d0:44:25:b4:0d:2d:c2:a1:13:3c:
                    7a:41:aa:07:51:0e:7a:81:af:0c:34:8d:97:96:e8:
                    4c:69:d1:6e:1d:22:b6:82:38:34:40:75:99:a9:43:
                    30:16:ec:4d:f0:47:3d:e1:ef:f6:99:38:f7:c1:c0:
                    c5:cc:d0:bc:41:ac:14:69:cf:ae:46:cc:9e:d9:fa:
                    da:00:42:ec:be:40:84:c9:ea:aa:b0:ed:6c:8b:73:
                    10:c2:cc:e2:0e:a5:aa:6b:c9:a8:e8:f9:87:0e:32:
                    d2:28:95:f8:ac:b0:7c:0f:68:9d:bd:24:86:9a:88:
                    5c:ba:8e:5a:74:4c:d4:1f:37:f0:16:ac:57:b4:a3:
                    92:e3:bb:e2:54:22:37:30:5e:44:a0:72:4b:ab:3a:
                    11:6a:9a:f5:97:91:7e:2e:67:60:47:6e:8c:e8:f5:
                    ea:18:d5:e6:18:b6:f9:b8:06:2f:d3:41:bc:6d:8d:
                    9a:e5:cf:e7:c4:39:e6:6f:ee:96:c3:fe:32:ca:6d:
                    5c:bd:18:bd:3c:88:ed:cd:0d:4f:c4:a4:d8:61:87:
                    6e:7b:55:56:b8:ed:d0:33:87:5c:c0:8f:ee:1d:ad:
                    d3:20:9f:6b:a8:01:60:a9:3c:62:a8:1e:d7:fb:64:
                    56:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:76:9A:C8:D0:B6:57:78:F9:72:9A:70:08:15:42:E9:22:AC:73:B5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rXaayNC2V3j5cppwCBVC6SKsc7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:63:1a:88:cf:fc:ea:b4:4b:dc:e2:7c:8f:85:db:87:a5:8d:
         d6:7b:88:6c:fd:a1:35:9a:52:a9:9f:28:38:9a:91:de:87:b3:
         8d:a3:04:fe:82:b1:d4:33:c6:00:3c:9b:30:78:68:0a:d3:11:
         4d:af:a0:83:79:ca:cc:50:a0:4b:49:fe:6d:7f:d3:c5:8a:9f:
         e8:29:78:4d:3a:5a:a9:29:36:ca:a1:76:52:57:73:44:6d:6f:
         c4:5d:25:a3:27:bc:c1:a5:6c:ad:09:6c:31:82:58:d6:c5:07:
         e1:64:f1:9b:5c:85:85:b1:25:50:e8:f3:f4:2a:67:61:e0:38:
         75:ff:7c:99:bd:63:37:25:17:af:22:fd:33:30:d8:9c:d5:d9:
         64:21:cb:93:b9:5c:97:e9:3d:10:62:79:38:31:7c:cf:47:d0:
         64:35:e2:c8:42:72:1b:ec:c6:2b:38:08:dc:40:05:c4:fc:17:
         ea:de:76:d1:51:25:3c:4b:59:7d:b4:c6:c5:c6:aa:ae:e9:8f:
         a0:9f:b2:23:83:5f:77:8e:d8:3c:34:a3:43:dc:2d:34:94:53:
         26:98:d0:e7:87:80:a6:72:33:71:75:66:58:95:bb:c2:4c:73:
         6d:1e:c0:9d:73:b1:57:9a:64:16:a6:0e:cc:3e:c2:83:49:ee:
         f2:d1:54:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLmlpgzcLXBXagQbHOYrKUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTAxMDcxODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDc2OWFjOGQwYjY1Nzc4Zjk3MjlhNzAwODE1NDJlOTIyYWM3M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9C5b60ZEohytYNP7RW/o+oXoY9BE
JbQNLcKhEzx6QaoHUQ56ga8MNI2XluhMadFuHSK2gjg0QHWZqUMwFuxN8Ec94e/2
mTj3wcDFzNC8QawUac+uRsye2fraAELsvkCEyeqqsO1si3MQwsziDqWqa8mo6PmH
DjLSKJX4rLB8D2idvSSGmohcuo5adEzUHzfwFqxXtKOS47viVCI3MF5EoHJLqzoR
apr1l5F+LmdgR26M6PXqGNXmGLb5uAYv00G8bY2a5c/nxDnmb+6Ww/4yym1cvRi9
PIjtzQ1PxKTYYYdue1VWuO3QM4dcwI/uHa3TIJ9rqAFgqTxiqB7X+2RWOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK12msjQtld4+XKacAgVQukirHO1MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvclhhYXlOQzJWM2o1Y3Bwd0NCVkM2U0tzYzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzqGMA0G
CSqGSIb3DQEBCwUAA4IBAQBcYxqIz/zqtEvc4nyPhduHpY3We4hs/aE1mlKpnyg4
mpHeh7ONowT+grHUM8YAPJsweGgK0xFNr6CDecrMUKBLSf5tf9PFip/oKXhNOlqp
KTbKoXZSV3NEbW/EXSWjJ7zBpWytCWwxgljWxQfhZPGbXIWFsSVQ6PP0Kmdh4Dh1
/3yZvWM3JRevIv0zMNic1dlkIcuTuVyX6T0QYnk4MXzPR9BkNeLIQnIb7MYrOAjc
QAXE/Bfq3nbRUSU8S1l9tMbFxqqu6Y+gn7Ijg193jtg8NKND3C00lFMmmNDnh4Cm
cjNxdWZYlbvCTHNtHsCdc7FXmmQWpg7MPsKDSe7y0VQ+
-----END CERTIFICATE-----