Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/t8tzelUwnR7cP3wwJ3pnUPfl0zM.roa
File:                     t8tzelUwnR7cP3wwJ3pnUPfl0zM.roa (raw, json)
Hash identifier:          75B4McQN4k8c/FYtzxi22pHf6P+8NiPFD8LS2loqXGI=
Subject key identifier:   B7:CB:73:7A:55:30:9D:1E:DC:3F:7C:30:27:7A:67:50:F7:E5:D3:33
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428236C741F6A913F3FB5C7D11995AFE4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/t8tzelUwnR7cP3wwJ3pnUPfl0zM.roa
Signing time:             Thu 02 Jan 2025 17:49:57 +0000
ROA not before:           Thu 02 Jan 2025 17:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213930
IP address blocks:        31.57.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:6c:74:1f:6a:91:3f:3f:b5:c7:d1:19:95:af:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7cb737a55309d1edc3f7c30277a6750f7e5d333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:af:50:28:5e:b9:1e:98:bc:ae:53:e4:58:80:
                    bf:a3:99:ef:5f:07:22:00:92:17:d7:70:09:e5:d1:
                    4d:a3:4c:40:00:4e:93:ba:49:e0:c3:16:32:82:5b:
                    45:34:53:5f:cf:b1:c7:ef:b4:d3:a2:55:78:8b:4a:
                    e3:a5:09:4d:ba:95:3e:30:2c:c7:c1:8f:11:db:0a:
                    cd:f8:5e:b4:d4:67:2d:e5:87:4b:b1:e0:98:94:de:
                    e1:72:56:e8:d6:a9:ef:81:bb:ff:a6:98:c6:99:15:
                    ef:ab:b4:0c:b4:82:fe:40:47:fe:0a:ec:22:b2:97:
                    a4:b5:d3:70:41:07:99:7a:2f:67:dd:9c:88:92:73:
                    c7:24:39:45:56:72:cf:b3:d3:a6:de:c4:88:ee:27:
                    a7:47:fb:f8:38:85:07:45:41:70:3c:c8:8c:9d:9b:
                    ed:8d:0f:e2:2b:46:3c:c7:ab:15:c7:2a:a8:78:f9:
                    f8:0f:2f:db:1f:71:b9:7d:f1:ae:44:02:36:c4:62:
                    f5:d2:fb:2f:98:69:03:10:01:39:5d:d4:15:20:c6:
                    11:3f:1b:d5:8e:25:d6:5d:86:31:c2:12:a7:b8:0c:
                    12:f3:ae:84:d7:24:2e:8a:c9:bc:aa:c5:ed:cb:b6:
                    21:b3:fc:40:c0:4c:04:ce:37:4f:56:33:3d:c0:8d:
                    58:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CB:73:7A:55:30:9D:1E:DC:3F:7C:30:27:7A:67:50:F7:E5:D3:33
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/t8tzelUwnR7cP3wwJ3pnUPfl0zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:ab:4c:95:ec:2d:80:88:24:9d:91:93:ff:fa:88:a9:18:0c:
         09:97:dd:61:40:6c:bf:87:04:f0:78:6e:76:e8:b7:4e:62:64:
         da:64:3c:a4:1c:01:6b:6e:90:af:57:c5:02:da:ee:64:57:96:
         f9:f9:95:97:e9:b6:9f:9d:e9:7b:97:ff:30:b1:c2:31:7a:8f:
         c1:2f:75:c5:0a:53:12:26:91:67:9f:15:60:1f:24:6f:0a:84:
         82:4f:2a:80:67:6a:e9:23:56:36:92:5a:d9:89:2a:70:f0:8d:
         f1:be:fa:31:84:b0:98:30:6d:23:76:89:fe:3e:c7:04:62:db:
         db:8d:4f:ef:aa:8e:5b:59:05:65:4e:fb:9a:83:d3:dc:a2:15:
         7a:31:d6:2f:39:c3:69:35:66:e6:50:41:e5:af:79:e4:ad:23:
         d8:2e:42:57:16:18:e3:77:4e:8a:39:c1:fc:4c:05:e3:b8:1d:
         c8:c0:3d:b7:f9:1e:af:7a:45:d7:61:15:fd:c1:e8:d7:71:6b:
         42:3c:b9:44:bb:e0:44:f9:0c:27:90:9e:8e:7b:b1:8a:c8:fe:
         83:84:a2:1d:b6:40:fa:ff:e5:e4:61:9f:d6:60:d7:92:3d:05:
         2c:85:71:24:32:11:39:c7:0f:fe:33:e6:58:c4:6c:d9:f1:7c:
         24:0c:b6:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2x0H2qRPz+1x9EZla/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2NiNzM3YTU1MzA5ZDFlZGMzZjdjMzAyNzdhNjc1MGY3ZTVkMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyq9QKF65Hpi8rlPkWIC/o5nvXwci
AJIX13AJ5dFNo0xAAE6TukngwxYygltFNFNfz7HH77TTolV4i0rjpQlNupU+MCzH
wY8R2wrN+F601Gct5YdLseCYlN7hclbo1qnvgbv/ppjGmRXvq7QMtIL+QEf+Cuwi
spektdNwQQeZei9n3ZyIknPHJDlFVnLPs9Om3sSI7ienR/v4OIUHRUFwPMiMnZvt
jQ/iK0Y8x6sVxyqoePn4Dy/bH3G5ffGuRAI2xGL10vsvmGkDEAE5XdQVIMYRPxvV
jiXWXYYxwhKnuAwS866E1yQuism8qsXty7Yhs/xAwEwEzjdPVjM9wI1YowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfLc3pVMJ0e3D98MCd6Z1D35dMzMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdDh0emVsVXduUjdjUDN3d0ozcG5VUGZsMHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHznyMA0G
CSqGSIb3DQEBCwUAA4IBAQC7q0yV7C2AiCSdkZP/+oipGAwJl91hQGy/hwTweG52
6LdOYmTaZDykHAFrbpCvV8UC2u5kV5b5+ZWX6bafnel7l/8wscIxeo/BL3XFClMS
JpFnnxVgHyRvCoSCTyqAZ2rpI1Y2klrZiSpw8I3xvvoxhLCYMG0jdon+PscEYtvb
jU/vqo5bWQVlTvuag9PcohV6MdYvOcNpNWbmUEHlr3nkrSPYLkJXFhjjd06KOcH8
TAXjuB3IwD23+R6vekXXYRX9wejXcWtCPLlEu+BE+QwnkJ6Oe7GKyP6DhKIdtkD6
/+XkYZ/WYNeSPQUshXEkMhE5xw/+M+ZYxGzZ8XwkDLZK
-----END CERTIFICATE-----