Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xqKvoougDcyAKr0KlH2LTLhlIHg.roa
File:                     xqKvoougDcyAKr0KlH2LTLhlIHg.roa (raw, json)
Hash identifier:          TJZ3740P6fqUeb9TH2Cqt/Q55MLlkQumiHOVLbrlbP8=
Subject key identifier:   C6:A2:AF:A2:8B:A0:0D:CC:80:2A:BD:0A:94:7D:8B:4C:B8:65:20:78
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01928F9CD09CAA7AEB6B2201379068CEC047
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xqKvoougDcyAKr0KlH2LTLhlIHg.roa
Signing time:             Tue 15 Oct 2024 09:57:51 +0000
ROA not before:           Tue 15 Oct 2024 09:57:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215015
IP address blocks:        31.57.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8f:9c:d0:9c:aa:7a:eb:6b:22:01:37:90:68:ce:c0:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 15 09:57:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6a2afa28ba00dcc802abd0a947d8b4cb8652078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4b:aa:39:88:fc:3b:41:f3:bb:1c:11:43:fc:
                    c6:ad:b8:7b:66:0a:97:27:15:96:23:ce:d5:d1:02:
                    d5:e5:ef:05:24:c2:ae:6e:55:33:e3:28:f3:46:6c:
                    71:d9:73:4b:6d:39:1e:f1:c8:40:2f:ab:64:05:a4:
                    bf:d5:48:51:db:85:3b:86:bd:c1:8b:59:09:0a:fb:
                    8d:11:30:d0:1d:11:3b:17:02:6c:55:43:fb:71:3c:
                    da:01:f5:53:6b:03:5d:53:05:53:67:63:ca:8c:67:
                    1e:a4:19:39:71:ec:a9:91:f8:ef:bb:8a:65:7a:f7:
                    a1:5c:6d:38:9e:90:cf:1f:7e:be:f9:88:ff:10:40:
                    f3:70:b3:34:be:4c:a9:4c:0d:e9:a4:14:bb:fc:ae:
                    95:09:d4:db:e4:45:d5:b8:16:23:8a:e6:06:c1:d5:
                    5b:b0:ba:a7:51:01:64:a0:3f:7b:df:03:33:37:9c:
                    e8:ad:a1:ba:86:2d:a9:06:fe:d1:28:4a:6b:fd:39:
                    2a:e3:e0:1a:0a:f8:b5:10:b2:5a:cc:47:1c:8d:3d:
                    c6:b2:33:c0:81:5a:cf:68:0e:c4:21:5b:73:a9:5f:
                    cc:43:1c:2e:b6:da:c4:eb:68:cc:2a:b5:ba:18:0c:
                    e4:ad:a1:60:c8:6e:1a:0b:f3:14:df:ff:c3:34:42:
                    f0:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:A2:AF:A2:8B:A0:0D:CC:80:2A:BD:0A:94:7D:8B:4C:B8:65:20:78
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xqKvoougDcyAKr0KlH2LTLhlIHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:4d:5f:6b:5c:cc:ee:e0:c6:03:2f:77:bf:a4:39:73:42:26:
         a2:d8:90:8a:cb:a8:b2:1d:d9:ed:eb:d2:77:0b:c2:46:22:a4:
         6c:4a:af:8f:55:77:61:65:4d:42:20:07:ff:29:24:b4:c0:e1:
         de:da:27:c5:87:02:60:7e:a4:1d:1d:4c:06:3f:b4:2c:e0:4e:
         99:65:33:88:d1:00:ca:b7:fa:62:30:b4:c3:84:9b:ab:26:6f:
         2b:2b:e7:82:01:b8:a9:92:75:43:fd:5e:1c:cf:76:3b:00:de:
         61:66:88:40:e7:da:e8:05:1b:8f:01:65:89:4b:56:cf:2e:f1:
         0e:3f:92:27:fd:1a:b6:9d:43:e7:1c:65:e4:e9:35:18:eb:22:
         ec:58:9f:6e:64:91:0b:32:71:b0:28:a1:96:c9:a2:c7:c6:38:
         52:f0:63:66:c7:f1:77:dd:d0:31:e9:97:28:ae:1a:51:a9:cd:
         eb:02:54:12:45:50:72:d7:9a:70:c4:a6:06:46:27:98:10:3b:
         f8:9b:05:00:f2:20:4f:34:49:bb:62:bc:32:dc:e1:38:ec:88:
         7b:bd:0b:4d:35:eb:fe:ea:f5:06:a7:e9:ec:22:a5:3b:00:5f:
         e2:19:4f:f2:fb:95:f1:b8:d8:3a:a5:b2:54:60:66:9f:44:33:
         4c:d9:c1:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKPnNCcqnrrayIBN5BozsBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDE1MDk1NzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmEyYWZhMjhiYTAwZGNjODAyYWJkMGE5NDdkOGI0Y2I4NjUyMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0uqOYj8O0HzuxwRQ/zGrbh7ZgqX
JxWWI87V0QLV5e8FJMKublUz4yjzRmxx2XNLbTke8chAL6tkBaS/1UhR24U7hr3B
i1kJCvuNETDQHRE7FwJsVUP7cTzaAfVTawNdUwVTZ2PKjGcepBk5ceypkfjvu4pl
evehXG04npDPH36++Yj/EEDzcLM0vkypTA3ppBS7/K6VCdTb5EXVuBYjiuYGwdVb
sLqnUQFkoD973wMzN5zoraG6hi2pBv7RKEpr/Tkq4+AaCvi1ELJazEccjT3GsjPA
gVrPaA7EIVtzqV/MQxwuttrE62jMKrW6GAzkraFgyG4aC/MU3//DNELwMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMair6KLoA3MgCq9CpR9i0y4ZSB4MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveHFLdm9vdWdEY3lBS3IwS2xIMkxUTGhsSUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmxMA0G
CSqGSIb3DQEBCwUAA4IBAQBRTV9rXMzu4MYDL3e/pDlzQiai2JCKy6iyHdnt69J3
C8JGIqRsSq+PVXdhZU1CIAf/KSS0wOHe2ifFhwJgfqQdHUwGP7Qs4E6ZZTOI0QDK
t/piMLTDhJurJm8rK+eCAbipknVD/V4cz3Y7AN5hZohA59roBRuPAWWJS1bPLvEO
P5In/Rq2nUPnHGXk6TUY6yLsWJ9uZJELMnGwKKGWyaLHxjhS8GNmx/F33dAx6Zco
rhpRqc3rAlQSRVBy15pwxKYGRieYEDv4mwUA8iBPNEm7Yrwy3OE47Ih7vQtNNev+
6vUGp+nsIqU7AF/iGU/y+5XxuNg6pbJUYGafRDNM2cF4
-----END CERTIFICATE-----