Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/tIKZbDnYjq0gfGcoyn4X20swFAw.roa
File:                     tIKZbDnYjq0gfGcoyn4X20swFAw.roa (raw, json)
Hash identifier:          +/emIBl2EXj19NJwvUPeKYpVxdfW8sS6//NsNdJxOqM=
Subject key identifier:   B4:82:99:6C:39:D8:8E:AD:20:7C:67:28:CA:7E:17:DB:4B:30:14:0C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195FAC37C54E5501D746FDBAC464BF16427
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/tIKZbDnYjq0gfGcoyn4X20swFAw.roa
Signing time:             Thu 03 Apr 2025 08:27:50 +0000
ROA not before:           Thu 03 Apr 2025 08:27:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395878
IP address blocks:        31.56.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fa:c3:7c:54:e5:50:1d:74:6f:db:ac:46:4b:f1:64:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  3 08:27:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b482996c39d88ead207c6728ca7e17db4b30140c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:08:20:1f:1f:2e:05:dc:c6:1a:69:17:0a:dc:
                    d7:e8:c2:59:cf:e8:32:e1:44:d3:d7:f6:19:42:ad:
                    cc:e6:60:50:98:c3:6c:24:f8:d9:dd:9d:10:be:f9:
                    1c:8c:eb:e1:28:36:5a:0c:4c:b6:f6:ac:f9:88:ea:
                    d0:9a:31:6f:a3:cd:be:48:a1:9a:e3:d2:3e:30:1b:
                    a5:dd:77:39:a4:b2:cc:6a:16:44:85:26:a4:be:c1:
                    f5:b4:88:e4:60:33:2a:46:ad:64:dd:38:80:85:57:
                    34:2e:6b:cf:4d:aa:49:6c:58:0e:a6:42:ae:0f:20:
                    f7:4d:1b:55:65:e8:88:75:08:fe:58:6c:5a:5c:ad:
                    ee:64:90:f1:d7:3a:7c:47:da:94:59:57:e0:61:b0:
                    c6:3d:a5:91:ba:21:cb:ee:c6:ff:49:d1:c1:73:e7:
                    49:e7:91:91:a0:9e:c2:78:c2:3e:9e:f0:d3:ca:97:
                    22:82:b7:a1:95:48:ab:5b:bf:08:f3:d9:7e:6b:b3:
                    50:3c:3f:bd:b2:6f:29:04:ac:e2:65:a3:68:74:24:
                    ad:67:5e:d6:a9:f1:51:f4:51:66:48:01:49:74:46:
                    e7:1c:49:a7:b1:eb:28:c2:24:dc:f3:11:f9:b7:af:
                    a5:e6:89:4b:bb:9c:86:8b:f3:9a:6f:52:90:d6:2d:
                    59:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:82:99:6C:39:D8:8E:AD:20:7C:67:28:CA:7E:17:DB:4B:30:14:0C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/tIKZbDnYjq0gfGcoyn4X20swFAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:87:05:ae:ba:da:04:90:6a:e3:1e:73:ba:79:e0:f9:2e:b2:
         4b:35:9e:2d:ff:91:8c:35:6f:ae:79:b9:5c:d5:57:66:ca:d0:
         15:69:e6:46:6c:3f:a6:f4:4e:65:da:e7:a6:9b:29:2d:22:c9:
         53:62:96:84:13:7c:b5:b6:d2:2b:e1:5a:6c:1a:02:d3:d0:34:
         09:34:7c:31:1a:30:06:c0:ec:f4:a5:a4:be:68:0d:b0:ac:92:
         9e:f2:80:5c:69:18:08:cc:fc:93:60:d9:aa:43:c7:b6:69:30:
         43:7f:11:b3:89:fb:96:57:ea:7b:fc:32:c9:79:b7:55:67:08:
         20:36:b7:e5:ba:b5:69:ec:a5:d4:9b:9e:44:09:d0:b4:5c:96:
         dc:fc:5b:6b:2a:68:78:2c:f4:63:01:68:5a:26:15:e9:6c:37:
         cd:96:07:95:5f:22:b9:64:eb:75:91:83:4e:05:9e:56:e2:00:
         3f:68:f7:dc:8b:8e:8b:bc:73:60:77:06:33:10:a5:fe:d5:0c:
         e9:7f:3f:20:85:03:bb:15:24:31:21:64:2d:96:7e:dd:f8:7e:
         1a:79:e8:50:96:92:bd:29:7e:d9:41:a2:d8:4b:1a:50:67:fd:
         91:38:2b:99:58:d8:f9:17:a1:06:7d:88:e7:30:32:af:34:da:
         14:5a:46:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX6w3xU5VAddG/brEZL8WQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDAzMDgyNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDgyOTk2YzM5ZDg4ZWFkMjA3YzY3MjhjYTdlMTdkYjRiMzAxNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigggHx8uBdzGGmkXCtzX6MJZz+gy
4UTT1/YZQq3M5mBQmMNsJPjZ3Z0QvvkcjOvhKDZaDEy29qz5iOrQmjFvo82+SKGa
49I+MBul3Xc5pLLMahZEhSakvsH1tIjkYDMqRq1k3TiAhVc0LmvPTapJbFgOpkKu
DyD3TRtVZeiIdQj+WGxaXK3uZJDx1zp8R9qUWVfgYbDGPaWRuiHL7sb/SdHBc+dJ
55GRoJ7CeMI+nvDTypcigrehlUirW78I89l+a7NQPD+9sm8pBKziZaNodCStZ17W
qfFR9FFmSAFJdEbnHEmnsesowiTc8xH5t6+l5olLu5yGi/Oab1KQ1i1ZGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSCmWw52I6tIHxnKMp+F9tLMBQMMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdElLWmJEbllqcTBnZkdjb3luNFgyMHN3RkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhXMA0G
CSqGSIb3DQEBCwUAA4IBAQB2hwWuutoEkGrjHnO6eeD5LrJLNZ4t/5GMNW+ueblc
1VdmytAVaeZGbD+m9E5l2uemmyktIslTYpaEE3y1ttIr4VpsGgLT0DQJNHwxGjAG
wOz0paS+aA2wrJKe8oBcaRgIzPyTYNmqQ8e2aTBDfxGzifuWV+p7/DLJebdVZwgg
NrflurVp7KXUm55ECdC0XJbc/FtrKmh4LPRjAWhaJhXpbDfNlgeVXyK5ZOt1kYNO
BZ5W4gA/aPfci46LvHNgdwYzEKX+1Qzpfz8ghQO7FSQxIWQtln7d+H4aeehQlpK9
KX7ZQaLYSxpQZ/2ROCuZWNj5F6EGfYjnMDKvNNoUWkZl
-----END CERTIFICATE-----