Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xrdYVPwoLH2ouvpEX2EEDHs36l0.roa
File:                     xrdYVPwoLH2ouvpEX2EEDHs36l0.roa (raw, json)
Hash identifier:          g3mm+TMrHUdPckIkKuCDLVIaPo0q36gwLjxZJcrmmr8=
Subject key identifier:   C6:B7:58:54:FC:28:2C:7D:A8:BA:FA:44:5F:61:04:0C:7B:37:EA:5D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282354286B0F7116669419FA9C92859B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xrdYVPwoLH2ouvpEX2EEDHs36l0.roa
Signing time:             Thu 02 Jan 2025 17:49:51 +0000
ROA not before:           Thu 02 Jan 2025 17:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136501
IP address blocks:        31.58.172.0/22 maxlen: 24
                          31.59.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:54:28:6b:0f:71:16:66:94:19:fa:9c:92:85:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6b75854fc282c7da8bafa445f61040c7b37ea5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6c:0f:c1:9c:e1:30:17:e4:5d:f9:29:b1:e3:
                    85:62:60:fb:47:13:0d:5d:49:86:30:0d:fe:cf:70:
                    8c:7d:c8:6f:f0:0e:08:8b:ad:55:94:ab:88:a4:d9:
                    bf:38:01:10:f5:73:54:b7:10:ae:66:1a:cb:c6:e9:
                    c1:53:cf:d1:61:79:38:53:e5:9e:2b:82:e7:a8:93:
                    28:71:aa:ed:60:8b:f9:9e:f6:c4:22:09:f7:a1:5a:
                    a0:d6:ef:cf:57:c3:9b:70:a5:4a:c5:8a:13:ea:bf:
                    a6:b2:3f:18:58:f3:7f:eb:50:ea:23:2e:e9:e8:8d:
                    83:fd:73:b0:0c:fb:34:5c:0c:51:cd:f0:c4:e2:ca:
                    72:93:45:de:92:46:d2:2e:90:0a:df:e7:17:d1:71:
                    90:35:a3:3e:77:2e:af:9d:92:64:3d:75:be:b2:ed:
                    95:74:e6:c0:af:bb:7f:bb:92:fb:e9:57:fe:51:42:
                    05:7b:c7:37:8b:7b:a8:fe:52:1f:47:8a:dd:d6:18:
                    8a:bf:ce:2e:f9:04:e3:bd:89:71:91:e9:21:70:42:
                    7b:69:72:9a:8c:4c:87:fc:31:24:e2:e6:dd:8f:5a:
                    9d:5e:9d:04:75:19:88:9c:f3:33:01:57:7b:9f:46:
                    a2:73:47:78:3b:96:99:fc:cb:1e:b4:ed:78:23:8a:
                    ab:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B7:58:54:FC:28:2C:7D:A8:BA:FA:44:5F:61:04:0C:7B:37:EA:5D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xrdYVPwoLH2ouvpEX2EEDHs36l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.172.0/22
                  31.59.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:96:89:49:22:80:f3:f9:3c:6d:aa:a4:03:82:a6:c1:52:e6:
         01:43:a3:04:9b:4c:95:bd:1a:6b:96:b3:b0:15:c8:99:4b:9c:
         cc:7b:d7:12:33:49:ef:e5:3d:b3:d7:5a:ff:f9:f2:a5:a0:81:
         cc:5d:56:7a:00:75:a1:84:6d:9e:74:92:f8:49:c2:d6:4a:39:
         1e:56:b1:0e:d8:ad:f9:4c:09:f6:7d:fc:b8:16:0e:a4:19:20:
         67:82:40:fb:97:6f:a5:33:7d:9e:dd:e3:11:d3:89:d2:fe:37:
         e9:25:e1:6d:e8:4a:c3:5b:e4:7c:ab:e1:c1:d5:f7:82:ac:9d:
         d9:f7:21:96:64:6d:20:20:89:fd:d3:34:cb:6a:13:fc:24:69:
         6c:78:57:59:c5:ef:1a:49:7f:b6:75:fa:2d:1e:d0:94:ec:2d:
         ac:33:03:33:8e:6c:34:9c:e7:6c:07:68:47:12:20:a8:0c:d1:
         65:ed:00:53:f2:89:0a:dd:e7:59:c8:63:cd:26:9f:de:ab:52:
         06:40:f0:a8:c4:14:57:eb:d4:5c:7c:a2:d6:2f:cb:d2:d2:b0:
         fc:ac:5c:82:9a:25:ab:39:e1:d1:c4:ed:9f:69:a0:09:74:5a:
         9e:ee:07:d4:e8:2b:a0:f7:b3:b0:fd:1b:44:95:24:47:9d:c1:
         6d:ff:65:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI1Qoaw9xFmaUGfqckoWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI3NTg1NGZjMjgyYzdkYThiYWZhNDQ1ZjYxMDQwYzdiMzdlYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmwPwZzhMBfkXfkpseOFYmD7RxMN
XUmGMA3+z3CMfchv8A4Ii61VlKuIpNm/OAEQ9XNUtxCuZhrLxunBU8/RYXk4U+We
K4LnqJMocartYIv5nvbEIgn3oVqg1u/PV8ObcKVKxYoT6r+msj8YWPN/61DqIy7p
6I2D/XOwDPs0XAxRzfDE4spyk0XekkbSLpAK3+cX0XGQNaM+dy6vnZJkPXW+su2V
dObAr7t/u5L76Vf+UUIFe8c3i3uo/lIfR4rd1hiKv84u+QTjvYlxkekhcEJ7aXKa
jEyH/DEk4ubdj1qdXp0EdRmInPMzAVd7n0aic0d4O5aZ/MsetO14I4qrVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMa3WFT8KCx9qLr6RF9hBAx7N+pdMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveHJkWVZQd29MSDJvdXZwRVgyRUVESHMzNmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCHzqsAwQC
HztMMA0GCSqGSIb3DQEBCwUAA4IBAQBIlolJIoDz+TxtqqQDgqbBUuYBQ6MEm0yV
vRprlrOwFciZS5zMe9cSM0nv5T2z11r/+fKloIHMXVZ6AHWhhG2edJL4ScLWSjke
VrEO2K35TAn2ffy4Fg6kGSBngkD7l2+lM32e3eMR04nS/jfpJeFt6ErDW+R8q+HB
1feCrJ3Z9yGWZG0gIIn90zTLahP8JGlseFdZxe8aSX+2dfotHtCU7C2sMwMzjmw0
nOdsB2hHEiCoDNFl7QBT8okK3edZyGPNJp/eq1IGQPCoxBRX69RcfKLWL8vS0rD8
rFyCmiWrOeHRxO2faaAJdFqe7gfU6Cug97Ow/RtElSRHncFt/2WF
-----END CERTIFICATE-----