Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vMO-R3SZ4U-8dvZcbYbA7jKaIOU.roa
File:                     vMO-R3SZ4U-8dvZcbYbA7jKaIOU.roa (raw, json)
Hash identifier:          /dCua/6s7Whv4vG+3AlPPF979LrlWLPcQhrl935ttXU=
Subject key identifier:   BC:C3:BE:47:74:99:E1:4F:BC:76:F6:5C:6D:86:C0:EE:32:9A:20:E5
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01933ABC2B79165E0A316A342E297B51A1CE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vMO-R3SZ4U-8dvZcbYbA7jKaIOU.roa
Signing time:             Sun 17 Nov 2024 15:27:10 +0000
ROA not before:           Sun 17 Nov 2024 15:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215703
IP address blocks:        31.56.39.0/24 maxlen: 24
                          31.58.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:23:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3a:bc:2b:79:16:5e:0a:31:6a:34:2e:29:7b:51:a1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 17 15:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcc3be477499e14fbc76f65c6d86c0ee329a20e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b9:59:63:73:98:3e:50:cd:3d:eb:51:92:5c:
                    69:ca:0e:81:4f:6e:ea:ca:97:ed:93:4c:92:b4:e1:
                    52:29:5f:8d:8b:89:ea:92:da:9c:33:19:16:ef:a7:
                    a3:09:92:40:07:e9:f4:9c:db:37:7c:b3:4c:72:18:
                    e0:4b:03:d6:fb:5a:bf:59:6f:6f:6e:7f:ae:9e:b4:
                    46:8e:b2:d5:2b:2c:0a:cf:90:d1:cf:31:0e:9b:6e:
                    66:97:98:df:12:16:af:05:c5:8f:d8:be:d8:2a:14:
                    fc:23:37:74:db:dd:76:ec:40:52:a6:7f:d6:66:34:
                    c6:c1:64:5c:3a:a7:78:7d:71:ba:fd:40:94:63:1b:
                    52:7e:77:62:03:54:ce:73:5e:91:39:ed:ab:e5:c3:
                    ba:8a:2f:ce:fd:88:06:e6:64:ed:e2:9a:ae:5b:10:
                    48:29:f9:22:9f:0a:73:32:a5:cc:54:ee:65:f9:70:
                    e4:80:67:10:98:c2:7a:46:e3:6d:26:ad:00:9d:e8:
                    f4:c0:ee:5f:4a:12:c4:6b:6c:0c:8c:2f:fa:62:e9:
                    39:80:d0:b8:06:02:80:a3:64:1b:c8:a4:cd:41:fa:
                    e5:8d:ff:9f:e4:88:bd:eb:00:14:56:ed:a3:96:7f:
                    f9:2a:81:44:4a:df:dc:d1:68:f2:a1:a4:37:5a:5e:
                    01:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C3:BE:47:74:99:E1:4F:BC:76:F6:5C:6D:86:C0:EE:32:9A:20:E5
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vMO-R3SZ4U-8dvZcbYbA7jKaIOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.39.0/24
                  31.58.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:2e:d1:d7:d2:f4:7e:d5:04:c9:05:ad:94:24:a4:7e:4b:fe:
         d3:28:8c:08:95:e9:49:a6:bb:cd:2b:fa:bf:16:45:35:d8:3f:
         f5:0a:c1:53:1a:5f:a2:4b:6c:bd:3f:1d:74:27:e0:ae:20:66:
         2c:f9:5e:8d:18:e7:32:48:60:0c:e8:13:05:ba:7d:54:9e:a4:
         37:d0:6d:7e:67:41:3e:d2:11:fb:cc:c5:26:86:20:44:f2:a9:
         c6:d1:01:a5:79:41:21:3e:dd:5d:7d:b8:d7:a3:5b:32:bb:14:
         d3:e6:17:4b:e6:5b:52:8b:02:5d:61:f9:98:58:b7:9a:50:df:
         d9:06:6b:c7:19:4e:0b:e7:eb:76:f5:b5:b9:88:0e:c2:be:05:
         05:28:f4:e7:43:78:98:24:76:9a:e7:92:1e:fb:17:8f:9a:0e:
         29:e8:20:c6:9e:a4:88:98:1f:ab:e4:f7:2d:6e:bd:6d:c1:e1:
         2a:d6:9c:74:81:ba:b4:c3:53:7d:bf:c2:dc:52:0b:96:f4:f3:
         0a:97:63:40:4e:cf:9a:33:a1:c6:15:f6:ef:3a:21:a0:13:c1:
         b0:f3:cf:6d:81:ea:8c:b5:c6:5b:46:14:d0:af:cf:aa:13:d8:
         8d:dc:8c:b5:13:6b:d3:94:96:92:e7:da:4a:e2:83:fd:80:00:
         c2:bf:bf:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZM6vCt5Fl4KMWo0Lil7UaHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTE3MTUyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2MzYmU0Nzc0OTllMTRmYmM3NmY2NWM2ZDg2YzBlZTMyOWEyMGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrlZY3OYPlDNPetRklxpyg6BT27q
ypftk0yStOFSKV+Ni4nqktqcMxkW76ejCZJAB+n0nNs3fLNMchjgSwPW+1q/WW9v
bn+unrRGjrLVKywKz5DRzzEOm25ml5jfEhavBcWP2L7YKhT8Izd029127EBSpn/W
ZjTGwWRcOqd4fXG6/UCUYxtSfndiA1TOc16ROe2r5cO6ii/O/YgG5mTt4pquWxBI
KfkinwpzMqXMVO5l+XDkgGcQmMJ6RuNtJq0Anej0wO5fShLEa2wMjC/6Yuk5gNC4
BgKAo2QbyKTNQfrljf+f5Ii96wAUVu2jln/5KoFESt/c0WjyoaQ3Wl4BQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLzDvkd0meFPvHb2XG2GwO4ymiDlMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdk1PLVIzU1o0VS04ZHZaY2JZYkE3akthSU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgnAwQA
Hzo6MA0GCSqGSIb3DQEBCwUAA4IBAQCkLtHX0vR+1QTJBa2UJKR+S/7TKIwIlelJ
prvNK/q/FkU12D/1CsFTGl+iS2y9Px10J+CuIGYs+V6NGOcySGAM6BMFun1UnqQ3
0G1+Z0E+0hH7zMUmhiBE8qnG0QGleUEhPt1dfbjXo1syuxTT5hdL5ltSiwJdYfmY
WLeaUN/ZBmvHGU4L5+t29bW5iA7CvgUFKPTnQ3iYJHaa55Ie+xePmg4p6CDGnqSI
mB+r5Pctbr1tweEq1px0gbq0w1N9v8LcUguW9PMKl2NATs+aM6HGFfbvOiGgE8Gw
889tgeqMtcZbRhTQr8+qE9iN3Iy1E2vTlJaS59pK4oP9gADCv79c
-----END CERTIFICATE-----