Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/O9PWPFzLZgf0aI8rbbkMx5z8OZY.roa
File:                     O9PWPFzLZgf0aI8rbbkMx5z8OZY.roa (raw, json)
Hash identifier:          5JeuYRS3PqzsU2hZvljl7PFz4uXiaHQCPQXOCiZ15Bk=
Subject key identifier:   3B:D3:D6:3C:5C:CB:66:07:F4:68:8F:2B:6D:B9:0C:C7:9C:FC:39:96
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196C442704F3B60114B973EFF5D7BE25D3F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/O9PWPFzLZgf0aI8rbbkMx5z8OZY.roa
Signing time:             Mon 12 May 2025 11:30:10 +0000
ROA not before:           Mon 12 May 2025 11:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202678
IP address blocks:        31.58.211.0/24 maxlen: 24
                          31.58.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:42:70:4f:3b:60:11:4b:97:3e:ff:5d:7b:e2:5d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 12 11:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bd3d63c5ccb6607f4688f2b6db90cc79cfc3996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a9:b0:75:41:48:7e:27:40:b0:b0:3b:07:35:
                    e0:73:0b:de:aa:11:c9:00:f3:77:ff:df:25:f0:29:
                    b1:fd:63:9b:15:25:87:02:6d:92:48:92:69:10:0d:
                    02:43:f0:95:bb:c4:8f:a2:4f:cb:68:ec:9d:2f:92:
                    42:cc:55:e8:52:b2:8b:dc:d0:6a:23:1d:a9:86:66:
                    e1:9b:f9:5d:a3:90:61:6a:b3:6e:20:5e:eb:c2:23:
                    a3:67:63:fa:ab:bf:61:1f:40:c3:0c:99:36:60:b6:
                    a7:2c:71:f0:95:2f:06:f3:ec:88:19:22:d9:5a:6e:
                    9e:13:e1:f5:26:4f:29:6a:62:f6:25:9d:c9:69:ef:
                    35:05:1b:92:d5:c1:87:8d:54:3d:1c:1e:32:35:c6:
                    c3:ba:7f:c5:33:05:c3:62:ec:fd:53:e5:df:2d:dc:
                    2d:db:dc:5e:c7:e5:20:1e:fa:fe:33:ea:16:eb:96:
                    02:9e:bb:6e:e7:e0:f8:13:93:0b:5a:b2:a6:66:f7:
                    a3:a7:ca:54:e7:f6:d2:5e:9f:ac:ff:b1:4f:2d:34:
                    bd:30:4d:da:35:8c:8c:73:8e:4e:f3:9c:31:7a:31:
                    89:cc:b8:8a:46:52:df:f7:c1:87:4d:8c:cd:c3:66:
                    0b:cb:ba:80:f8:34:ca:75:9c:90:66:68:cd:ae:83:
                    2b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D3:D6:3C:5C:CB:66:07:F4:68:8F:2B:6D:B9:0C:C7:9C:FC:39:96
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/O9PWPFzLZgf0aI8rbbkMx5z8OZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.211.0/24
                  31.58.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:a5:8f:d2:dd:73:8c:78:9b:2f:ea:82:6f:43:0f:dc:44:94:
         18:da:f6:f9:a3:d0:8e:14:da:77:12:bc:a3:f5:d5:f5:42:b9:
         b8:70:b0:50:4f:4d:6a:85:59:23:e1:e5:bd:a8:35:ef:bb:a1:
         2d:51:f2:fe:45:00:e4:07:53:81:ad:92:e8:6b:b4:30:cc:10:
         5d:c9:d9:bd:b6:b0:8b:03:73:d4:8e:70:bb:0e:53:21:87:a4:
         71:6c:5b:b6:96:9a:16:f5:56:4d:3d:16:f6:be:7c:de:0c:37:
         64:7f:92:1f:80:e6:19:8d:2b:e6:07:b9:55:c1:2f:1f:e7:97:
         dc:4a:b8:c0:18:3f:78:43:08:0a:70:1f:e2:1e:3d:2f:6a:a4:
         31:5a:ae:da:dc:1d:d9:1e:c2:30:02:a1:ae:92:37:14:8d:bd:
         1f:42:d6:f1:23:d7:2b:00:f2:48:3f:e1:2d:23:f7:3a:9a:9b:
         d7:7a:02:4d:aa:d2:26:a8:83:8c:a4:66:9c:3c:9b:15:c9:82:
         d5:23:c2:bd:62:e7:06:fb:1c:82:10:28:a1:e1:36:5f:b5:89:
         04:5f:a1:13:9e:32:0c:67:83:89:44:45:6f:a3:f7:95:d2:fb:
         43:90:05:07:da:c8:cc:8d:8e:93:4d:55:31:4c:67:de:49:81:
         ca:da:80:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbEQnBPO2ARS5c+/1174l0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTEyMTEzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQzZDYzYzVjY2I2NjA3ZjQ2ODhmMmI2ZGI5MGNjNzljZmMzOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKmwdUFIfidAsLA7BzXgcwveqhHJ
APN3/98l8Cmx/WObFSWHAm2SSJJpEA0CQ/CVu8SPok/LaOydL5JCzFXoUrKL3NBq
Ix2phmbhm/ldo5BharNuIF7rwiOjZ2P6q79hH0DDDJk2YLanLHHwlS8G8+yIGSLZ
Wm6eE+H1Jk8pamL2JZ3Jae81BRuS1cGHjVQ9HB4yNcbDun/FMwXDYuz9U+XfLdwt
29xex+UgHvr+M+oW65YCnrtu5+D4E5MLWrKmZvejp8pU5/bSXp+s/7FPLTS9ME3a
NYyMc45O85wxejGJzLiKRlLf98GHTYzNw2YLy7qA+DTKdZyQZmjNroMr2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDvT1jxcy2YH9GiPK225DMec/DmWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTzlQV1BGekxaZ2YwYUk4cmJia014NXo4T1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzrTAwQA
Hzr3MA0GCSqGSIb3DQEBCwUAA4IBAQC+pY/S3XOMeJsv6oJvQw/cRJQY2vb5o9CO
FNp3Eryj9dX1Qrm4cLBQT01qhVkj4eW9qDXvu6EtUfL+RQDkB1OBrZLoa7QwzBBd
ydm9trCLA3PUjnC7DlMhh6RxbFu2lpoW9VZNPRb2vnzeDDdkf5IfgOYZjSvmB7lV
wS8f55fcSrjAGD94QwgKcB/iHj0vaqQxWq7a3B3ZHsIwAqGukjcUjb0fQtbxI9cr
APJIP+EtI/c6mpvXegJNqtImqIOMpGacPJsVyYLVI8K9YucG+xyCECih4TZftYkE
X6ETnjIMZ4OJREVvo/eV0vtDkAUH2sjMjY6TTVUxTGfeSYHK2oBE
-----END CERTIFICATE-----