Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/squ_tl4DUHah-As9FXIixAzKCzQ.roa
File:                     squ_tl4DUHah-As9FXIixAzKCzQ.roa (raw, json)
Hash identifier:          MROQm5xRqGAH4p19gXUm7UzZ7p+aj5O+p2M6ebgGcFM=
Subject key identifier:   B2:AB:BF:B6:5E:03:50:76:A1:F8:0B:3D:15:72:22:C4:0C:CA:0B:34
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823854C3CC482EBD2C522A653BB7DC8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/squ_tl4DUHah-As9FXIixAzKCzQ.roa
Signing time:             Thu 02 Jan 2025 17:50:03 +0000
ROA not before:           Thu 02 Jan 2025 17:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     265005
IP address blocks:        31.56.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:85:4c:3c:c4:82:eb:d2:c5:22:a6:53:bb:7d:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2abbfb65e035076a1f80b3d157222c40cca0b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:47:9d:ce:e4:a2:4f:d2:45:8f:1c:33:ff:07:
                    85:28:09:99:da:98:9b:31:84:1e:d3:02:8e:da:ae:
                    e4:b4:99:14:95:a1:0b:3a:a9:c9:b4:23:59:09:a4:
                    1b:0f:09:f7:d4:73:43:b7:eb:f7:29:99:d4:f5:e8:
                    dc:e7:65:e8:fa:27:f7:0f:d0:04:a9:d2:06:94:2d:
                    15:22:e0:90:4a:fe:2c:95:25:53:46:96:39:db:f4:
                    0a:47:84:ea:51:54:a5:e4:b8:d3:8a:3e:d7:0b:55:
                    78:6a:2d:6f:61:60:bc:a4:a5:d1:0a:27:62:18:b6:
                    9e:0b:db:09:b5:08:d8:a8:23:a8:ad:66:dc:a9:db:
                    22:b6:49:0e:98:9f:62:25:59:a8:7d:97:7f:ff:7c:
                    50:28:e1:28:8c:20:84:e1:b8:93:72:81:69:e2:51:
                    ab:f4:6c:70:eb:4f:c5:6f:b5:c0:fc:5e:82:99:af:
                    81:0c:77:1c:47:fc:21:0e:ff:a7:c6:f3:2d:11:cd:
                    9b:61:7e:6c:7e:43:7e:13:1f:8e:cc:fc:c4:28:83:
                    bc:a7:fa:29:12:c8:40:14:c2:ed:93:7a:69:cf:c5:
                    ee:c5:f2:a8:d1:ff:8f:3b:9f:9d:04:cc:ae:be:ee:
                    3c:7e:86:e0:87:88:ff:9d:de:68:ae:73:00:3f:ca:
                    a1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:AB:BF:B6:5E:03:50:76:A1:F8:0B:3D:15:72:22:C4:0C:CA:0B:34
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/squ_tl4DUHah-As9FXIixAzKCzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:6f:1d:35:53:ba:01:b2:4e:54:86:51:d3:e9:0a:22:1e:f3:
         08:fc:34:95:96:dd:2f:f5:cb:6b:cc:3c:36:f4:94:54:04:87:
         e9:9f:39:5e:71:ba:a2:3e:4c:94:d4:f9:65:d1:0e:b6:5b:ec:
         42:c6:cb:77:1f:b6:59:ea:2f:c3:d9:b6:27:ea:c6:99:4e:e7:
         50:9d:bd:12:35:96:a1:2a:9a:0d:cf:ef:b4:d7:91:e1:1f:c1:
         93:6c:62:30:d7:de:93:56:19:32:6d:fd:ae:94:5d:f8:5e:86:
         6f:54:27:02:17:f0:96:c8:6d:ff:10:0a:17:fa:08:cf:e2:a2:
         e7:d6:c5:6e:27:7f:07:6d:ee:a1:ad:19:71:14:97:c9:dd:fd:
         e8:35:31:ff:3b:c7:a8:70:9c:93:6a:bd:67:a5:b6:26:f6:f2:
         63:e8:db:11:c8:1e:ab:54:06:65:7f:99:2a:8a:00:f8:87:50:
         f7:42:fe:b7:f5:ee:3a:a2:30:eb:01:84:67:94:da:e4:dc:d9:
         18:32:b4:b2:b5:4a:09:d2:91:17:5c:69:9d:63:80:b1:d2:0f:
         9d:50:df:25:d2:18:98:fa:d7:0c:16:66:da:13:b6:fc:31:d8:
         3d:9e:9b:e8:a2:86:18:85:26:ec:a3:d3:cf:c8:37:c8:1c:54:
         f6:c2:34:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4VMPMSC69LFIqZTu33IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmFiYmZiNjVlMDM1MDc2YTFmODBiM2QxNTcyMjJjNDBjY2EwYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EedzuSiT9JFjxwz/weFKAmZ2pib
MYQe0wKO2q7ktJkUlaELOqnJtCNZCaQbDwn31HNDt+v3KZnU9ejc52Xo+if3D9AE
qdIGlC0VIuCQSv4slSVTRpY52/QKR4TqUVSl5LjTij7XC1V4ai1vYWC8pKXRCidi
GLaeC9sJtQjYqCOorWbcqdsitkkOmJ9iJVmofZd//3xQKOEojCCE4biTcoFp4lGr
9Gxw60/Fb7XA/F6Cma+BDHccR/whDv+nxvMtEc2bYX5sfkN+Ex+OzPzEKIO8p/op
EshAFMLtk3ppz8XuxfKo0f+PO5+dBMyuvu48fobgh4j/nd5ornMAP8qhpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKrv7ZeA1B2ofgLPRVyIsQMygs0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvc3F1X3RsNERVSGFoLUFzOUZYSWl4QXpLQ3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgCMA0G
CSqGSIb3DQEBCwUAA4IBAQBRbx01U7oBsk5UhlHT6QoiHvMI/DSVlt0v9ctrzDw2
9JRUBIfpnzlecbqiPkyU1Pll0Q62W+xCxst3H7ZZ6i/D2bYn6saZTudQnb0SNZah
KpoNz++015HhH8GTbGIw196TVhkybf2ulF34XoZvVCcCF/CWyG3/EAoX+gjP4qLn
1sVuJ38Hbe6hrRlxFJfJ3f3oNTH/O8eocJyTar1npbYm9vJj6NsRyB6rVAZlf5kq
igD4h1D3Qv639e46ojDrAYRnlNrk3NkYMrSytUoJ0pEXXGmdY4Cx0g+dUN8l0hiY
+tcMFmbaE7b8Mdg9npvoooYYhSbso9PPyDfIHFT2wjQY
-----END CERTIFICATE-----