Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R9bqgtfVmbZoG5CMvunQHQrlqVE.roa
File:                     R9bqgtfVmbZoG5CMvunQHQrlqVE.roa (raw, json)
Hash identifier:          r3UObBepcT+y1UOLRbNs6fFMTiXBeuu0MM8PO+QHmhw=
Subject key identifier:   47:D6:EA:82:D7:D5:99:B6:68:1B:90:8C:BE:E9:D0:1D:0A:E5:A9:51
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01968ABE06651C558E8B5907FE4038CE0DFE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R9bqgtfVmbZoG5CMvunQHQrlqVE.roa
Signing time:             Thu 01 May 2025 07:27:11 +0000
ROA not before:           Thu 01 May 2025 07:27:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205733
IP address blocks:        31.57.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8a:be:06:65:1c:55:8e:8b:59:07:fe:40:38:ce:0d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  1 07:27:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47d6ea82d7d599b6681b908cbee9d01d0ae5a951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:00:0b:b6:e4:ee:06:ba:4b:4c:25:2f:4c:98:
                    67:ab:df:95:60:46:c4:cd:ec:84:8f:7e:4f:63:db:
                    40:7a:a9:9b:89:3e:30:ad:49:13:07:cd:1b:ec:95:
                    d7:4b:53:db:78:88:0c:a6:83:14:34:c4:8d:76:8d:
                    96:6e:8b:11:b9:f6:02:17:61:1d:97:9e:43:02:d6:
                    50:ec:98:70:83:1f:b3:f8:88:12:07:f2:a4:a5:d1:
                    72:e5:87:be:8d:29:a0:91:ee:9c:35:98:e2:6d:ea:
                    97:27:15:1a:b0:80:f9:21:43:74:91:e3:bc:c8:10:
                    c7:7a:9a:62:b0:d6:c3:53:5c:16:dd:62:d2:0c:ee:
                    00:40:31:59:4d:26:b9:21:aa:92:3b:09:3e:32:02:
                    19:2c:29:4a:a7:23:6f:e9:c2:6e:bc:a4:4a:6f:cc:
                    e0:2a:3b:2a:0d:7d:90:38:80:24:90:c8:b5:61:41:
                    61:b9:c8:fc:9b:dd:39:c1:0b:70:04:d4:1f:01:b6:
                    22:9b:23:82:9a:d1:c5:53:54:cb:7b:d5:52:99:29:
                    6e:08:5f:45:ea:da:c1:88:6e:4d:33:ac:22:e5:d9:
                    41:e6:45:1f:fa:f6:61:c5:b4:97:33:8f:6f:d2:7a:
                    69:68:3d:1a:ed:39:7e:21:bf:42:a7:4c:e7:3e:47:
                    dd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D6:EA:82:D7:D5:99:B6:68:1B:90:8C:BE:E9:D0:1D:0A:E5:A9:51
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R9bqgtfVmbZoG5CMvunQHQrlqVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:57:bd:9a:6d:73:0c:9a:d3:b6:a5:04:53:a1:58:59:71:
         34:1d:4f:62:2b:c4:43:b5:d9:a3:b3:97:1d:1d:e6:0c:88:9a:
         3a:58:8e:ac:35:c8:90:87:5f:2a:ce:98:d4:3b:27:79:26:a1:
         aa:15:91:2d:d1:27:4b:41:d6:6f:52:b4:13:b2:38:40:fe:cb:
         d6:5a:2d:5f:ab:18:7d:ba:ca:bb:79:39:5e:42:6f:8e:34:9d:
         e7:b3:63:aa:aa:bb:a8:d3:24:e5:84:2f:ac:63:1b:db:86:56:
         f9:39:83:71:fd:22:8b:41:00:7e:1a:7a:18:b2:05:26:f4:1c:
         bd:a5:7c:23:ab:f9:2d:a2:fb:f2:70:8e:33:99:fa:6d:6d:4e:
         01:57:e7:d4:3f:d0:83:2f:0d:0b:85:d4:f9:c0:6f:de:96:30:
         5b:ab:a5:24:f9:3b:e3:f3:87:06:e1:49:be:fd:1a:60:7a:1e:
         30:de:d4:f8:dd:95:2f:ce:3a:fb:1a:c1:cb:c8:c2:00:18:5b:
         62:c7:b5:35:a8:1e:28:74:00:27:89:13:42:ba:9b:f7:20:0b:
         50:22:ba:4f:eb:ec:31:b7:b0:a8:d5:85:61:c1:1d:80:8f:be:
         dc:21:52:90:02:e9:10:91:9b:81:35:61:77:7d:0c:c6:2d:89:
         f2:71:15:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaKvgZlHFWOi1kH/kA4zg3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTAxMDcyNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Q2ZWE4MmQ3ZDU5OWI2NjgxYjkwOGNiZWU5ZDAxZDBhZTVhOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogALtuTuBrpLTCUvTJhnq9+VYEbE
zeyEj35PY9tAeqmbiT4wrUkTB80b7JXXS1PbeIgMpoMUNMSNdo2WbosRufYCF2Ed
l55DAtZQ7Jhwgx+z+IgSB/KkpdFy5Ye+jSmgke6cNZjibeqXJxUasID5IUN0keO8
yBDHeppisNbDU1wW3WLSDO4AQDFZTSa5IaqSOwk+MgIZLClKpyNv6cJuvKRKb8zg
KjsqDX2QOIAkkMi1YUFhucj8m905wQtwBNQfAbYimyOCmtHFU1TLe9VSmSluCF9F
6trBiG5NM6wi5dlB5kUf+vZhxbSXM49v0nppaD0a7Tl+Ib9Cp0znPkfdrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfW6oLX1Zm2aBuQjL7p0B0K5alRMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUjlicWd0ZlZtYlpvRzVDTXZ1blFIUXJscVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmGMA0G
CSqGSIb3DQEBCwUAA4IBAQBHxVe9mm1zDJrTtqUEU6FYWXE0HU9iK8RDtdmjs5cd
HeYMiJo6WI6sNciQh18qzpjUOyd5JqGqFZEt0SdLQdZvUrQTsjhA/svWWi1fqxh9
usq7eTleQm+ONJ3ns2Oqqruo0yTlhC+sYxvbhlb5OYNx/SKLQQB+GnoYsgUm9By9
pXwjq/ktovvycI4zmfptbU4BV+fUP9CDLw0LhdT5wG/eljBbq6Uk+Tvj84cG4Um+
/Rpgeh4w3tT43ZUvzjr7GsHLyMIAGFtix7U1qB4odAAniRNCupv3IAtQIrpP6+wx
t7Co1YVhwR2Aj77cIVKQAukQkZuBNWF3fQzGLYnycRXs
-----END CERTIFICATE-----