Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/twYe4hhUfrU3w1dG_9mbUq3EO3c.roa
File:                     twYe4hhUfrU3w1dG_9mbUq3EO3c.roa (raw, json)
Hash identifier:          V0atBIn7VwMwriIpWqAcy5q43spTLHfAiNUUv89jBQU=
Subject key identifier:   B7:06:1E:E2:18:54:7E:B5:37:C3:57:46:FF:D9:9B:52:AD:C4:3B:77
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0191BEC367E468625491039483574E086693
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/twYe4hhUfrU3w1dG_9mbUq3EO3c.roa
Signing time:             Wed 04 Sep 2024 20:39:22 +0000
ROA not before:           Wed 04 Sep 2024 20:39:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215415
IP address blocks:        31.56.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:be:c3:67:e4:68:62:54:91:03:94:83:57:4e:08:66:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  4 20:39:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7061ee218547eb537c35746ffd99b52adc43b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cc:8e:60:a9:ce:fd:c0:b6:0c:90:9e:e4:d5:
                    4c:51:5c:5f:ba:84:39:48:ff:63:d0:50:ef:0c:81:
                    21:d9:ba:bb:b7:53:62:f8:56:8c:2d:a0:27:53:23:
                    9a:8e:3f:bf:a1:28:b0:f4:01:22:b6:dd:cb:53:61:
                    6d:cd:61:90:d6:a9:bc:84:e0:92:18:55:e8:76:43:
                    1e:f1:48:c0:a3:d6:35:49:17:0d:39:c7:38:74:24:
                    d1:73:54:68:ed:f7:25:61:dc:db:8c:56:0c:d4:1e:
                    70:03:48:c3:4e:6d:2b:b9:51:33:c9:12:7c:24:9e:
                    61:d9:c8:8c:24:ea:45:19:d8:a9:c5:a6:12:50:5b:
                    f6:4c:93:e3:8d:48:1a:61:34:58:cc:5d:e9:c9:1b:
                    47:e9:41:ed:f0:b1:5a:18:b8:37:0b:c8:2e:0e:c8:
                    7a:7e:3c:bc:ed:cc:01:99:db:bd:05:70:0c:19:a2:
                    c4:b8:4a:47:24:37:b0:b5:4a:11:56:d8:42:f3:91:
                    a2:da:a2:4d:4b:0b:ab:bd:40:1e:cd:78:3a:6c:83:
                    4e:8c:9a:1d:b3:39:26:7d:78:62:68:df:e6:2e:dd:
                    c0:ba:5c:32:f9:9c:33:24:bf:f8:1c:2f:9d:ea:6c:
                    2e:4f:9d:8b:60:3d:8b:89:48:45:b0:0b:7d:2a:c4:
                    2c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:06:1E:E2:18:54:7E:B5:37:C3:57:46:FF:D9:9B:52:AD:C4:3B:77
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/twYe4hhUfrU3w1dG_9mbUq3EO3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f8:e7:fc:cc:cd:c4:85:bc:07:2c:f6:bd:20:e3:be:a6:7c:
         c8:cd:6d:22:56:91:cb:ae:2a:6a:22:20:73:38:24:45:58:c8:
         cb:61:d0:71:09:87:06:fe:86:67:7d:48:03:fe:95:1b:2b:07:
         36:a5:fa:f5:57:c1:b4:42:c7:b7:fc:fd:e0:69:4d:f3:71:63:
         2d:9b:9b:9a:08:88:19:58:9f:2d:74:bd:9c:2b:b4:94:7d:45:
         4d:18:12:09:f3:a7:11:c3:9a:8f:e4:2f:a8:87:58:f1:be:ae:
         fe:92:cb:50:26:49:98:9c:9b:de:81:d4:73:11:19:3c:46:ed:
         36:89:8e:25:b1:c5:ee:06:fd:90:54:fe:e4:43:f5:a6:bc:9b:
         d8:14:6d:02:45:1c:b6:0b:d5:64:57:91:72:72:47:ef:5b:85:
         e7:bc:bf:c3:40:a2:e6:c2:38:43:95:f6:eb:62:9a:06:71:b0:
         64:97:71:91:a1:8b:b1:73:c2:19:e3:79:ea:ce:46:83:45:98:
         cb:10:96:0c:40:2a:7e:0e:37:6e:92:46:fa:96:f0:8e:02:2f:
         15:96:f9:98:90:4f:69:b8:a9:28:7e:ab:3d:6f:46:b4:4b:32:
         03:1c:35:c3:85:c0:8e:5c:f0:18:84:a8:24:fe:73:bb:b5:a7:
         be:23:16:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG+w2fkaGJUkQOUg1dOCGaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTA0MjAzOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA2MWVlMjE4NTQ3ZWI1MzdjMzU3NDZmZmQ5OWI1MmFkYzQzYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcyOYKnO/cC2DJCe5NVMUVxfuoQ5
SP9j0FDvDIEh2bq7t1Ni+FaMLaAnUyOajj+/oSiw9AEitt3LU2FtzWGQ1qm8hOCS
GFXodkMe8UjAo9Y1SRcNOcc4dCTRc1Ro7fclYdzbjFYM1B5wA0jDTm0ruVEzyRJ8
JJ5h2ciMJOpFGdipxaYSUFv2TJPjjUgaYTRYzF3pyRtH6UHt8LFaGLg3C8guDsh6
fjy87cwBmdu9BXAMGaLEuEpHJDewtUoRVthC85Gi2qJNSwurvUAezXg6bINOjJod
szkmfXhiaN/mLt3Aulwy+ZwzJL/4HC+d6mwuT52LYD2LiUhFsAt9KsQsXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcGHuIYVH61N8NXRv/Zm1KtxDt3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdHdZZTRoaFVmclUzdzFkR185bWJVcTNFTzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHziQMA0G
CSqGSIb3DQEBCwUAA4IBAQAI+Of8zM3EhbwHLPa9IOO+pnzIzW0iVpHLripqIiBz
OCRFWMjLYdBxCYcG/oZnfUgD/pUbKwc2pfr1V8G0Qse3/P3gaU3zcWMtm5uaCIgZ
WJ8tdL2cK7SUfUVNGBIJ86cRw5qP5C+oh1jxvq7+kstQJkmYnJvegdRzERk8Ru02
iY4lscXuBv2QVP7kQ/WmvJvYFG0CRRy2C9VkV5FyckfvW4XnvL/DQKLmwjhDlfbr
YpoGcbBkl3GRoYuxc8IZ43nqzkaDRZjLEJYMQCp+Djdukkb6lvCOAi8VlvmYkE9p
uKkofqs9b0a0SzIDHDXDhcCOXPAYhKgk/nO7tae+IxYM
-----END CERTIFICATE-----