Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/udwzz31rKO4Gp60xD0z2zGTR4UE.roa
File:                     udwzz31rKO4Gp60xD0z2zGTR4UE.roa (raw, json)
Hash identifier:          SaT+/jAuf+z91L4pmohan6+5oNIbkKKakHSqK926TLc=
Subject key identifier:   B9:DC:33:CF:7D:6B:28:EE:06:A7:AD:31:0F:4C:F6:CC:64:D1:E1:41
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428235F2F47304F7E510628DC765AF227
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/udwzz31rKO4Gp60xD0z2zGTR4UE.roa
Signing time:             Thu 02 Jan 2025 17:49:54 +0000
ROA not before:           Thu 02 Jan 2025 17:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202662
IP address blocks:        31.56.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:5f:2f:47:30:4f:7e:51:06:28:dc:76:5a:f2:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9dc33cf7d6b28ee06a7ad310f4cf6cc64d1e141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a6:4e:46:82:d4:b3:b2:c4:fb:9d:33:25:32:
                    db:da:16:8a:56:f2:3a:3e:5c:63:8c:8a:c3:c3:13:
                    6b:2e:eb:9b:92:34:40:09:b9:72:67:df:d9:05:2b:
                    21:04:b9:e1:90:7b:a0:f5:b9:6d:1c:21:09:78:af:
                    11:3e:bc:55:fd:d4:e8:c3:1e:7f:91:99:65:50:01:
                    7e:eb:4a:20:94:a0:25:2c:4b:a9:6a:2b:45:43:29:
                    78:b0:23:dd:99:ee:ee:a2:10:cf:14:c6:66:ba:1e:
                    e3:af:cd:9d:ab:a2:53:34:4a:2e:d6:3b:37:e2:c9:
                    07:1b:7d:ce:da:c8:15:4f:2a:51:a3:6d:36:dc:a0:
                    28:84:d9:2f:63:7e:63:82:33:1c:60:f1:20:ec:b9:
                    0a:9e:24:b3:27:d3:66:45:78:72:05:86:8e:ff:32:
                    dc:ef:38:29:eb:0b:24:56:18:28:80:71:ab:57:da:
                    2c:70:63:43:d1:c3:58:17:e6:f4:e8:07:4d:5f:24:
                    fe:a0:53:4d:78:25:da:7a:f9:ad:3f:67:7e:4d:59:
                    4e:11:8f:88:d2:a8:29:13:4a:01:46:af:b5:1b:60:
                    18:e6:e9:81:f8:a5:1b:cf:e6:9f:0f:d8:92:8a:1b:
                    3d:b7:38:eb:63:b0:c0:86:35:48:3e:68:66:ad:9b:
                    20:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:DC:33:CF:7D:6B:28:EE:06:A7:AD:31:0F:4C:F6:CC:64:D1:E1:41
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/udwzz31rKO4Gp60xD0z2zGTR4UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:78:f5:7f:f1:cb:d0:b4:c5:c0:39:69:a8:c1:38:36:0b:83:
         f3:f1:f6:c2:c4:76:09:23:82:9f:d2:e8:bf:95:73:a3:ae:e4:
         19:81:86:c7:4c:e4:58:3d:76:dd:cf:4a:26:cf:d8:3d:1f:72:
         aa:80:7c:12:d5:a5:c7:bf:78:d2:9b:1f:db:62:fa:2b:db:54:
         69:f5:60:0d:bb:6a:02:7f:6a:89:cc:1a:a7:76:f9:b9:09:db:
         fe:d4:af:ee:83:6c:07:49:f3:11:50:02:e0:2d:79:b0:66:98:
         95:dc:cf:3f:d7:e6:87:22:eb:a8:9a:0e:60:03:3a:88:88:a0:
         11:c5:52:72:67:01:4a:59:53:fa:06:a2:0e:28:43:0d:15:19:
         58:98:be:2b:e6:05:02:00:a0:0c:9c:6c:71:25:a3:cb:26:e2:
         c2:fd:41:4c:60:da:08:7a:37:9d:57:1c:76:3c:21:82:62:b7:
         e8:4b:7b:08:ca:11:81:26:76:2d:0e:5b:3f:84:f0:7f:d0:e5:
         87:b3:9b:8b:6a:57:b1:f0:c5:31:42:e1:73:c4:91:f7:53:8b:
         e9:d8:e5:e0:f1:fa:56:9e:bb:8b:72:cf:60:31:87:fc:1a:a0:
         f4:55:43:e1:0a:18:db:07:e4:3e:b7:1e:d9:0c:68:68:08:64:
         d1:70:ae:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI18vRzBPflEGKNx2WvInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWRjMzNjZjdkNmIyOGVlMDZhN2FkMzEwZjRjZjZjYzY0ZDFlMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46ZORoLUs7LE+50zJTLb2haKVvI6
PlxjjIrDwxNrLuubkjRACblyZ9/ZBSshBLnhkHug9bltHCEJeK8RPrxV/dTowx5/
kZllUAF+60oglKAlLEupaitFQyl4sCPdme7uohDPFMZmuh7jr82dq6JTNEou1js3
4skHG33O2sgVTypRo2023KAohNkvY35jgjMcYPEg7LkKniSzJ9NmRXhyBYaO/zLc
7zgp6wskVhgogHGrV9oscGND0cNYF+b06AdNXyT+oFNNeCXaevmtP2d+TVlOEY+I
0qgpE0oBRq+1G2AY5umB+KUbz+afD9iSihs9tzjrY7DAhjVIPmhmrZsgUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLncM899ayjuBqetMQ9M9sxk0eFBMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdWR3enozMXJLTzRHcDYweEQwejJ6R1RSNFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzhpMA0G
CSqGSIb3DQEBCwUAA4IBAQAyePV/8cvQtMXAOWmowTg2C4Pz8fbCxHYJI4Kf0ui/
lXOjruQZgYbHTORYPXbdz0omz9g9H3KqgHwS1aXHv3jSmx/bYvor21Rp9WANu2oC
f2qJzBqndvm5Cdv+1K/ug2wHSfMRUALgLXmwZpiV3M8/1+aHIuuomg5gAzqIiKAR
xVJyZwFKWVP6BqIOKEMNFRlYmL4r5gUCAKAMnGxxJaPLJuLC/UFMYNoIejedVxx2
PCGCYrfoS3sIyhGBJnYtDls/hPB/0OWHs5uLalex8MUxQuFzxJH3U4vp2OXg8fpW
nruLcs9gMYf8GqD0VUPhChjbB+Q+tx7ZDGhoCGTRcK4q
-----END CERTIFICATE-----