Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z1kPC6xSyBslIdbl4Fiv_WN0tVE.roa
File:                     z1kPC6xSyBslIdbl4Fiv_WN0tVE.roa (raw, json)
Hash identifier:          /3WrS0V9Eyo4l4wxq4/wuz2fXsUD297DJyN3ywX4vwo=
Subject key identifier:   CF:59:0F:0B:AC:52:C8:1B:25:21:D6:E5:E0:58:AF:FD:63:74:B5:51
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823733DB85D4E6C04DBD3E6DC0FF954
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z1kPC6xSyBslIdbl4Fiv_WN0tVE.roa
Signing time:             Thu 02 Jan 2025 17:49:59 +0000
ROA not before:           Thu 02 Jan 2025 17:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214240
IP address blocks:        31.57.244.0/22 maxlen: 24
                          31.57.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:73:3d:b8:5d:4e:6c:04:db:d3:e6:dc:0f:f9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf590f0bac52c81b2521d6e5e058affd6374b551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a9:c8:cb:bd:22:2f:ef:87:79:03:5f:41:37:
                    23:63:a5:cd:bb:ff:22:d1:4b:3d:a1:4f:2c:13:8b:
                    af:35:7d:51:e9:31:cd:78:83:82:eb:09:b9:a9:f8:
                    38:21:1f:4a:a0:ef:24:31:f5:d0:e4:47:e8:91:ed:
                    2c:44:6e:d4:dd:c9:de:87:5f:ba:3b:cb:81:e0:c3:
                    c1:1f:42:91:73:ca:5e:89:46:e4:f4:61:b9:f0:c5:
                    2f:0c:1b:11:00:b7:bb:48:46:e0:ca:07:4a:22:4f:
                    2e:95:49:d1:e8:29:86:17:94:96:f2:aa:f9:18:e7:
                    f6:3d:65:64:0b:25:49:9a:a5:2b:a7:d2:c1:30:94:
                    03:3f:94:85:6e:ec:ea:20:db:b4:88:18:ea:87:b7:
                    3f:00:0d:55:f6:c1:b0:e0:75:b7:a5:90:4c:98:df:
                    85:bb:e1:a1:7c:f5:fc:10:e6:f2:c8:fc:75:22:7b:
                    3f:5e:82:d9:cd:4d:2f:b6:07:eb:53:39:9f:4b:43:
                    b2:31:e5:32:0f:fa:5d:30:23:50:ce:c1:bd:37:39:
                    d4:d0:5d:ee:3b:cc:96:78:7a:35:d6:e5:27:05:c3:
                    60:4c:51:1d:3f:36:90:2b:ef:22:cd:80:31:6f:a0:
                    10:7a:48:0b:5a:27:65:37:e0:6e:cc:62:10:b5:e9:
                    6c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:59:0F:0B:AC:52:C8:1B:25:21:D6:E5:E0:58:AF:FD:63:74:B5:51
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/z1kPC6xSyBslIdbl4Fiv_WN0tVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:33:c3:ef:e9:6a:1d:7c:a8:ec:88:7b:97:80:4f:3e:15:20:
         53:75:75:cb:98:26:ae:7c:ec:c3:7c:a7:8c:1a:7d:e0:00:a3:
         a5:41:b9:cd:ed:8f:0b:49:c2:bf:2f:91:6b:3c:7e:9c:d7:d5:
         94:de:51:99:d7:fc:f3:c7:9c:41:8e:dc:82:1e:3e:ec:67:ed:
         0f:86:01:d8:73:e0:62:e3:5a:0e:b8:02:16:5f:e4:01:08:0d:
         bc:e4:4f:b9:71:85:a5:0b:bb:c5:4e:06:6f:01:71:3e:10:5c:
         17:c6:af:7a:1b:0c:5c:48:04:41:ec:36:1a:37:b4:60:b2:3e:
         75:0b:11:ec:e1:fa:89:6c:2f:e0:25:4c:0d:26:55:09:f7:03:
         4d:cd:82:c6:70:a5:43:1a:8d:28:d4:67:eb:11:f1:42:44:28:
         7f:8c:9a:bb:b7:97:19:d0:fc:66:bd:f0:a1:08:47:8e:14:1c:
         3f:c2:9d:71:38:bb:34:dc:8e:f9:c6:c5:1c:1c:e1:f4:a8:ae:
         8b:11:29:ae:43:13:42:fc:f3:d5:30:e8:46:82:bd:73:a8:9a:
         6f:9d:6e:c1:a0:02:a1:85:08:90:43:fc:c3:c8:28:fc:1c:9f:
         29:08:8a:8b:33:fc:31:06:22:4a:00:92:d3:83:b9:7d:92:00:
         04:b5:0f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI3M9uF1ObATb0+bcD/lUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjU5MGYwYmFjNTJjODFiMjUyMWQ2ZTVlMDU4YWZmZDYzNzRiNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnIy70iL++HeQNfQTcjY6XNu/8i
0Us9oU8sE4uvNX1R6THNeIOC6wm5qfg4IR9KoO8kMfXQ5Efoke0sRG7U3cneh1+6
O8uB4MPBH0KRc8peiUbk9GG58MUvDBsRALe7SEbgygdKIk8ulUnR6CmGF5SW8qr5
GOf2PWVkCyVJmqUrp9LBMJQDP5SFbuzqINu0iBjqh7c/AA1V9sGw4HW3pZBMmN+F
u+GhfPX8EObyyPx1Ins/XoLZzU0vtgfrUzmfS0OyMeUyD/pdMCNQzsG9NznU0F3u
O8yWeHo11uUnBcNgTFEdPzaQK+8izYAxb6AQekgLWidlN+BuzGIQtelsGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9ZDwusUsgbJSHW5eBYr/1jdLVRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvejFrUEM2eFN5QnNsSWRibDRGaXZfV04wdFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHzn0MA0G
CSqGSIb3DQEBCwUAA4IBAQALM8Pv6WodfKjsiHuXgE8+FSBTdXXLmCaufOzDfKeM
Gn3gAKOlQbnN7Y8LScK/L5FrPH6c19WU3lGZ1/zzx5xBjtyCHj7sZ+0PhgHYc+Bi
41oOuAIWX+QBCA285E+5cYWlC7vFTgZvAXE+EFwXxq96GwxcSARB7DYaN7Rgsj51
CxHs4fqJbC/gJUwNJlUJ9wNNzYLGcKVDGo0o1GfrEfFCRCh/jJq7t5cZ0PxmvfCh
CEeOFBw/wp1xOLs03I75xsUcHOH0qK6LESmuQxNC/PPVMOhGgr1zqJpvnW7BoAKh
hQiQQ/zDyCj8HJ8pCIqLM/wxBiJKAJLTg7l9kgAEtQ/w
-----END CERTIFICATE-----