Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PQ3VZyzaBmnM10tQraAtk3Mq0WM.roa
File:                     PQ3VZyzaBmnM10tQraAtk3Mq0WM.roa (raw, json)
Hash identifier:          p9WbSvLkpWyLUOh4eJnl5MeU404Ot76wTw93TPz4RHI=
Subject key identifier:   3D:0D:D5:67:2C:DA:06:69:CC:D7:4B:50:AD:A0:2D:93:73:2A:D1:63
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196C4921A8727F2D06338A216EC37961D87
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PQ3VZyzaBmnM10tQraAtk3Mq0WM.roa
Signing time:             Mon 12 May 2025 12:57:11 +0000
ROA not before:           Mon 12 May 2025 12:57:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        31.57.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:92:1a:87:27:f2:d0:63:38:a2:16:ec:37:96:1d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 12 12:57:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d0dd5672cda0669ccd74b50ada02d93732ad163
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:48:50:0f:fe:13:b3:04:41:84:e5:1b:f1:af:
                    aa:df:f9:8e:f1:4b:d2:6d:3d:3b:9e:7d:bc:3a:ca:
                    d9:d8:d6:96:ef:cb:32:a1:ee:46:ce:cd:cc:a7:59:
                    fd:2a:34:9a:03:f0:5d:28:c2:03:43:2a:bc:cf:34:
                    57:89:2a:aa:a6:70:73:bf:1b:71:bf:e5:ca:19:3a:
                    c1:ee:8f:e0:8a:b9:8b:d2:3e:e6:5f:16:2c:91:b4:
                    88:4d:b0:08:5f:3b:6a:78:28:e1:87:07:78:a4:ce:
                    a4:f2:8d:2d:9e:9a:86:d4:6a:3e:89:c7:06:e4:f6:
                    cb:be:57:c4:a3:d8:4e:f2:e2:e8:e5:27:67:ba:80:
                    3e:0d:a9:09:3d:ae:4e:e9:e1:57:c8:46:ad:9d:98:
                    cd:db:75:3d:54:aa:93:bf:01:45:f5:cf:1f:4e:df:
                    7a:1d:46:be:c8:1b:53:de:07:de:82:3e:d5:dd:b4:
                    e1:29:64:3b:18:d1:88:35:91:32:2d:06:5d:ec:39:
                    7c:7a:d7:a8:e5:6a:bb:44:14:ee:4d:8a:2e:0e:ac:
                    b7:46:63:0f:55:e2:52:2a:d8:8b:d5:6d:14:29:83:
                    f9:92:0a:a9:29:69:87:9c:69:89:be:21:f4:2a:56:
                    d9:9a:32:fb:38:95:9b:e0:74:8f:6c:23:58:f8:84:
                    71:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0D:D5:67:2C:DA:06:69:CC:D7:4B:50:AD:A0:2D:93:73:2A:D1:63
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/PQ3VZyzaBmnM10tQraAtk3Mq0WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:54:6b:af:33:2c:dc:38:62:16:33:a7:70:a5:ff:52:7e:b9:
         c8:0c:f8:89:a6:24:13:a9:2d:6e:9c:8c:9b:82:fb:b6:f6:bc:
         44:ea:00:f8:1e:35:d4:aa:3d:47:a6:c5:ca:c4:b3:af:4a:17:
         e4:f8:81:aa:ec:86:ba:ad:70:06:a4:59:05:ed:40:1b:85:b3:
         2c:46:fd:7c:9c:4b:1b:a5:c3:68:51:bf:c7:ce:f8:3c:63:af:
         0f:f0:e4:68:92:6e:7f:12:44:38:ac:03:19:29:43:39:3a:5b:
         4c:1f:05:d3:b3:96:9c:b3:72:a4:6d:8b:5a:2a:f3:05:ff:ec:
         c2:72:aa:0d:9a:5b:0e:57:56:e7:52:e5:14:8f:49:8b:9c:b4:
         77:c7:f7:3c:7b:3c:c3:e9:4d:3d:dc:68:48:c7:28:c1:ba:96:
         9b:8d:07:ad:3a:54:cc:24:c0:7d:66:15:26:4e:cb:7a:6a:60:
         1a:83:98:b7:56:e1:8a:0c:2f:94:10:1d:cf:94:60:00:ba:41:
         3b:0d:34:6f:63:4d:17:9f:61:10:c9:50:91:2c:0d:eb:91:1a:
         ef:0e:c7:2b:3f:0b:04:68:2f:8f:41:a8:ee:55:c8:62:09:24:
         d0:92:24:a1:dd:6f:51:22:05:62:81:e9:b7:c6:b7:2f:3c:0e:
         42:06:73:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbEkhqHJ/LQYziiFuw3lh2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTEyMTI1NzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBkZDU2NzJjZGEwNjY5Y2NkNzRiNTBhZGEwMmQ5MzczMmFkMTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykhQD/4TswRBhOUb8a+q3/mO8UvS
bT07nn28OsrZ2NaW78syoe5Gzs3Mp1n9KjSaA/BdKMIDQyq8zzRXiSqqpnBzvxtx
v+XKGTrB7o/girmL0j7mXxYskbSITbAIXztqeCjhhwd4pM6k8o0tnpqG1Go+iccG
5PbLvlfEo9hO8uLo5SdnuoA+DakJPa5O6eFXyEatnZjN23U9VKqTvwFF9c8fTt96
HUa+yBtT3gfegj7V3bThKWQ7GNGINZEyLQZd7Dl8eteo5Wq7RBTuTYouDqy3RmMP
VeJSKtiL1W0UKYP5kgqpKWmHnGmJviH0KlbZmjL7OJWb4HSPbCNY+IRxdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0N1Wcs2gZpzNdLUK2gLZNzKtFjMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUFEzVlp5emFCbW5NMTB0UXJhQXRrM01xMFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzl7MA0G
CSqGSIb3DQEBCwUAA4IBAQBwVGuvMyzcOGIWM6dwpf9SfrnIDPiJpiQTqS1unIyb
gvu29rxE6gD4HjXUqj1HpsXKxLOvShfk+IGq7Ia6rXAGpFkF7UAbhbMsRv18nEsb
pcNoUb/Hzvg8Y68P8ORokm5/EkQ4rAMZKUM5OltMHwXTs5acs3KkbYtaKvMF/+zC
cqoNmlsOV1bnUuUUj0mLnLR3x/c8ezzD6U093GhIxyjBupabjQetOlTMJMB9ZhUm
Tst6amAag5i3VuGKDC+UEB3PlGAAukE7DTRvY00Xn2EQyVCRLA3rkRrvDscrPwsE
aC+PQajuVchiCSTQkiSh3W9RIgVigem3xrcvPA5CBnMN
-----END CERTIFICATE-----