Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y3wvifofm5nJrq73oIKUAiSdm_I.roa
File:                     y3wvifofm5nJrq73oIKUAiSdm_I.roa (raw, json)
Hash identifier:          4BwaxpRDkN0EFAgYWcC2Pt4nQZWompfeXXemYz/1hA0=
Subject key identifier:   CB:7C:2F:89:FA:1F:9B:99:C9:AE:AE:F7:A0:82:94:02:24:9D:9B:F2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0192F118697A33E4C24C1E693AF08022AE25
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y3wvifofm5nJrq73oIKUAiSdm_I.roa
Signing time:             Sun 03 Nov 2024 08:16:01 +0000
ROA not before:           Sun 03 Nov 2024 08:16:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140224
IP address blocks:        31.56.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f1:18:69:7a:33:e4:c2:4c:1e:69:3a:f0:80:22:ae:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov  3 08:16:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb7c2f89fa1f9b99c9aeaef7a0829402249d9bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2f:b5:ab:9a:6a:34:d5:fd:9f:19:19:04:a4:
                    2a:15:3c:8f:93:af:75:b7:e9:89:d7:55:f2:27:c5:
                    28:af:c4:40:c9:12:dd:71:16:55:74:47:3a:ea:fb:
                    be:73:3c:d7:16:0e:af:a3:0b:89:65:c4:a5:f1:ed:
                    1f:30:82:30:9f:01:32:32:57:0b:46:2a:df:1c:27:
                    6f:8f:49:fd:a3:63:7b:39:e7:04:61:35:93:bd:f1:
                    8b:80:3e:d5:d2:73:89:67:7b:84:24:96:77:a2:b2:
                    92:07:c8:e1:d2:87:6e:8f:18:44:13:db:e7:05:99:
                    92:bc:e8:d4:41:d6:da:fe:96:4f:dd:3e:48:d2:7d:
                    7f:e6:f6:d2:d8:1c:14:e1:60:ab:d2:42:bf:3f:30:
                    69:b2:6e:96:f6:66:a8:ad:cb:bf:3e:26:22:6a:e9:
                    ed:be:7b:ac:a7:34:6b:56:5f:80:84:9e:8b:03:8e:
                    b1:0f:2a:0a:f3:76:2f:16:f0:45:da:c7:b4:19:61:
                    76:9a:1b:59:83:98:b9:1a:2b:ac:47:08:e9:6f:a8:
                    cd:69:a5:92:a3:a4:ca:60:7f:b9:4e:30:c9:bc:7f:
                    e9:c0:97:7e:e4:70:47:57:51:79:ac:35:23:a0:cb:
                    15:ba:03:45:79:80:49:4f:3f:aa:c7:2f:7a:f9:2f:
                    03:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:7C:2F:89:FA:1F:9B:99:C9:AE:AE:F7:A0:82:94:02:24:9D:9B:F2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y3wvifofm5nJrq73oIKUAiSdm_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:f9:a6:ae:2f:f3:b7:34:69:b0:a9:9c:86:09:c7:3d:cb:17:
         0b:f1:ac:98:21:2a:bc:6d:e1:2c:fd:8b:26:0e:6a:85:07:32:
         0d:ea:1a:a2:4a:76:9b:45:e0:d4:41:7e:e3:42:06:6c:a0:37:
         e7:c0:8a:58:d8:f6:92:32:4a:03:5e:85:da:d5:bd:b4:32:c9:
         50:1e:29:cd:e4:ca:3c:ca:fc:9f:92:9f:e8:e8:61:a9:3f:ab:
         a5:f1:d6:3d:a3:c1:9d:d4:e5:af:bf:10:a9:b6:6a:84:ef:f4:
         f3:42:46:55:aa:62:dc:b7:cc:bb:68:b8:1e:99:2f:38:49:74:
         d8:cc:fd:b9:ab:da:26:50:4a:34:76:08:c5:6d:e4:73:bd:5f:
         8a:f3:44:7f:e8:6c:67:bc:22:f0:3e:b9:e2:2a:ac:8f:5d:b5:
         93:96:85:80:d5:84:c7:3d:d7:3a:37:79:ea:a7:dd:29:2e:71:
         fb:ef:08:1a:95:0e:b9:04:9e:13:83:8b:5d:ff:7a:d7:db:55:
         59:8d:79:ce:2c:57:a9:d8:3c:9d:6b:c7:26:71:31:4b:34:1d:
         46:a4:f7:1a:66:f5:65:fd:03:4b:ed:75:68:42:93:7d:52:e6:
         be:c7:13:21:ea:5d:76:8b:2e:6b:6c:83:08:e7:46:d5:44:c3:
         43:81:c4:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLxGGl6M+TCTB5pOvCAIq4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTAzMDgxNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjdjMmY4OWZhMWY5Yjk5YzlhZWFlZjdhMDgyOTQwMjI0OWQ5YmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAki+1q5pqNNX9nxkZBKQqFTyPk691
t+mJ11XyJ8Uor8RAyRLdcRZVdEc66vu+czzXFg6vowuJZcSl8e0fMIIwnwEyMlcL
RirfHCdvj0n9o2N7OecEYTWTvfGLgD7V0nOJZ3uEJJZ3orKSB8jh0odujxhEE9vn
BZmSvOjUQdba/pZP3T5I0n1/5vbS2BwU4WCr0kK/PzBpsm6W9maorcu/PiYiaunt
vnuspzRrVl+AhJ6LA46xDyoK83YvFvBF2se0GWF2mhtZg5i5GiusRwjpb6jNaaWS
o6TKYH+5TjDJvH/pwJd+5HBHV1F5rDUjoMsVugNFeYBJTz+qxy96+S8DewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMt8L4n6H5uZya6u96CClAIknZvyMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveTN3dmlmb2ZtNW5KcnE3M29JS1VBaVNkbV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzglMA0G
CSqGSIb3DQEBCwUAA4IBAQAD+aauL/O3NGmwqZyGCcc9yxcL8ayYISq8beEs/Ysm
DmqFBzIN6hqiSnabReDUQX7jQgZsoDfnwIpY2PaSMkoDXoXa1b20MslQHinN5Mo8
yvyfkp/o6GGpP6ul8dY9o8Gd1OWvvxCptmqE7/TzQkZVqmLct8y7aLgemS84SXTY
zP25q9omUEo0dgjFbeRzvV+K80R/6GxnvCLwPrniKqyPXbWTloWA1YTHPdc6N3nq
p90pLnH77wgalQ65BJ4Tg4td/3rX21VZjXnOLFep2Dyda8cmcTFLNB1GpPcaZvVl
/QNL7XVoQpN9Uua+xxMh6l12iy5rbIMI50bVRMNDgcRz
-----END CERTIFICATE-----