Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y2fupYe3Tdx_DRoUremtaBPIq3Q.roa
File:                     y2fupYe3Tdx_DRoUremtaBPIq3Q.roa (raw, json)
Hash identifier:          qWsKOzPrfjOueY16Ec7ByUcfEOLbUtUdBHwOFK5UscI=
Subject key identifier:   CB:67:EE:A5:87:B7:4D:DC:7F:0D:1A:14:AD:E9:AD:68:13:C8:AB:74
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194B78E44AA41D5D02F9DF2CF038AA6F9E9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y2fupYe3Tdx_DRoUremtaBPIq3Q.roa
Signing time:             Thu 30 Jan 2025 14:12:21 +0000
ROA not before:           Thu 30 Jan 2025 14:12:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213799
IP address blocks:        31.58.211.0/24 maxlen: 24
                          31.58.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:8e:44:aa:41:d5:d0:2f:9d:f2:cf:03:8a:a6:f9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan 30 14:12:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb67eea587b74ddc7f0d1a14ade9ad6813c8ab74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e5:68:a3:ee:33:92:f0:be:ce:33:14:4d:b3:
                    c1:64:01:04:6d:5a:e3:b7:42:ac:05:d1:ce:31:f0:
                    fa:32:de:64:5d:26:eb:71:5e:9d:d7:d8:1f:0e:13:
                    5d:3b:a7:55:5b:58:cb:41:b3:44:46:6d:b4:0a:bd:
                    06:55:43:0a:86:27:07:3d:8c:a0:78:9b:91:28:be:
                    aa:f8:ca:75:a9:9b:cc:bc:e1:36:a8:13:cd:fb:75:
                    e1:ad:14:e5:52:6a:a6:f4:4a:bf:6d:17:49:0d:41:
                    cf:c9:1e:f3:60:c5:a1:4d:d7:63:ac:da:28:40:c8:
                    1f:a1:85:f2:dd:02:96:73:4b:68:4f:09:6e:86:1e:
                    93:c4:d8:2e:f7:8c:a2:0a:e0:66:d8:6c:5c:31:8b:
                    63:2d:98:a9:30:8f:f9:cb:d2:d6:92:e5:1a:08:da:
                    75:d9:62:b1:5b:26:a3:32:8a:98:9b:26:02:1c:99:
                    60:9d:fa:7c:2b:b0:03:26:ab:c1:d2:ec:d3:43:5a:
                    60:68:c7:4e:fc:0e:71:62:91:ed:29:7e:22:a3:59:
                    30:a3:36:7f:2b:0b:8a:17:78:44:52:ee:b0:4f:08:
                    37:5b:dc:f2:99:fb:18:2b:8b:88:31:81:fb:89:51:
                    f6:37:38:dc:cf:df:8e:d9:39:4b:02:5d:ed:09:77:
                    d3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:67:EE:A5:87:B7:4D:DC:7F:0D:1A:14:AD:E9:AD:68:13:C8:AB:74
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y2fupYe3Tdx_DRoUremtaBPIq3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.211.0/24
                  31.58.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:ad:83:29:23:f6:6e:6b:df:7a:3f:9e:f7:06:b5:94:5a:fc:
         b0:fb:14:af:30:cd:cc:10:7a:5b:91:d2:e9:1f:92:5c:bc:42:
         52:e8:04:1d:0c:3a:09:b2:c6:42:23:6f:b1:31:8a:2a:5d:e0:
         0a:f4:92:4e:4e:21:9c:57:74:eb:c0:cb:ff:99:09:a2:e6:b8:
         5e:fc:50:c4:84:b6:b5:46:eb:f2:9b:4b:07:f9:07:ae:ee:ed:
         f9:30:9b:69:fd:21:5c:9e:38:3b:77:f4:5d:d4:82:db:73:2d:
         5b:97:19:73:fe:6e:9c:06:b5:c2:c3:c2:b3:32:bc:78:de:96:
         e8:fa:0c:54:f9:e4:72:94:11:82:0f:5e:4b:70:b5:af:73:f1:
         53:0e:1f:1b:00:cf:6b:e0:ad:f7:b0:2b:4c:73:35:53:af:e9:
         c1:4a:e1:91:75:16:43:2b:36:d7:be:11:ba:d7:77:81:d6:44:
         d5:f9:8c:26:34:18:07:50:93:23:de:0e:ed:dc:ed:3c:74:37:
         69:7e:55:0e:02:34:87:16:c1:0e:c3:91:11:8b:a6:09:d2:fe:
         97:86:c4:ac:2c:a0:0e:9c:95:f0:aa:f9:af:7c:23:87:ab:93:
         0c:d6:6f:2d:e0:f5:cf:c2:4a:d0:de:13:95:ff:99:0b:33:23:
         3c:7e:85:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZS3jkSqQdXQL53yzwOKpvnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTMwMTQxMjIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjY3ZWVhNTg3Yjc0ZGRjN2YwZDFhMTRhZGU5YWQ2ODEzYzhhYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOVoo+4zkvC+zjMUTbPBZAEEbVrj
t0KsBdHOMfD6Mt5kXSbrcV6d19gfDhNdO6dVW1jLQbNERm20Cr0GVUMKhicHPYyg
eJuRKL6q+Mp1qZvMvOE2qBPN+3XhrRTlUmqm9Eq/bRdJDUHPyR7zYMWhTddjrNoo
QMgfoYXy3QKWc0toTwluhh6TxNgu94yiCuBm2GxcMYtjLZipMI/5y9LWkuUaCNp1
2WKxWyajMoqYmyYCHJlgnfp8K7ADJqvB0uzTQ1pgaMdO/A5xYpHtKX4io1kwozZ/
KwuKF3hEUu6wTwg3W9zymfsYK4uIMYH7iVH2Nzjcz9+O2TlLAl3tCXfTuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMtn7qWHt03cfw0aFK3prWgTyKt0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveTJmdXBZZTNUZHhfRFJvVXJlbXRhQlBJcTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzrTAwQA
Hzr6MA0GCSqGSIb3DQEBCwUAA4IBAQCkrYMpI/Zua996P573BrWUWvyw+xSvMM3M
EHpbkdLpH5JcvEJS6AQdDDoJssZCI2+xMYoqXeAK9JJOTiGcV3TrwMv/mQmi5rhe
/FDEhLa1Ruvym0sH+Qeu7u35MJtp/SFcnjg7d/Rd1ILbcy1blxlz/m6cBrXCw8Kz
Mrx43pbo+gxU+eRylBGCD15LcLWvc/FTDh8bAM9r4K33sCtMczVTr+nBSuGRdRZD
KzbXvhG613eB1kTV+YwmNBgHUJMj3g7t3O08dDdpflUOAjSHFsEOw5ERi6YJ0v6X
hsSsLKAOnJXwqvmvfCOHq5MM1m8t4PXPwkrQ3hOV/5kLMyM8foWs
-----END CERTIFICATE-----