Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iN4TnTkPEsIbXMUKx9GPdn64OjA.roa
File:                     iN4TnTkPEsIbXMUKx9GPdn64OjA.roa (raw, json)
Hash identifier:          qZcMKGkQnx3jh3F2xPwnkRT4HbxK7uUnpI+H4RNEh5Y=
Subject key identifier:   88:DE:13:9D:39:0F:12:C2:1B:5C:C5:0A:C7:D1:8F:76:7E:B8:3A:30
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196B568413C37C1757B7AD0F8511C653B4F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iN4TnTkPEsIbXMUKx9GPdn64OjA.roa
Signing time:             Fri 09 May 2025 14:17:10 +0000
ROA not before:           Fri 09 May 2025 14:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213613
IP address blocks:        31.56.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b5:68:41:3c:37:c1:75:7b:7a:d0:f8:51:1c:65:3b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  9 14:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88de139d390f12c21b5cc50ac7d18f767eb83a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e5:d9:aa:2f:bd:66:b6:20:18:44:c3:f5:6a:
                    87:44:73:5f:48:7e:10:5b:4a:a6:45:1c:b2:20:a0:
                    ca:73:d9:41:c4:d8:c3:8a:1a:10:15:0e:55:86:c7:
                    49:ad:1b:31:a6:c2:24:4e:e9:c2:55:66:c7:39:4c:
                    2f:a0:d7:b7:8e:d0:b4:c0:00:87:3a:bf:64:2c:94:
                    1c:51:40:e6:68:1b:aa:75:0a:48:fe:2b:30:e0:e9:
                    0d:6e:4a:78:42:5b:2c:d6:ea:b8:19:b8:dc:f1:eb:
                    23:54:a1:d1:d8:8b:76:82:18:3d:5b:65:f1:7b:72:
                    89:a5:dd:40:63:f9:a4:89:62:e2:cd:f1:92:9d:03:
                    c3:27:bd:ff:7c:b5:3e:12:fa:4b:55:db:dd:41:cc:
                    d3:e5:46:78:93:3a:3c:4e:88:81:4c:40:e2:06:06:
                    bd:21:e3:64:9c:64:de:11:2f:36:7f:6e:0a:fe:42:
                    9b:8f:38:36:36:a9:4f:70:34:15:cd:d3:6f:3a:20:
                    73:ae:f7:58:8a:80:02:5d:9f:87:7b:c4:d8:a4:3d:
                    62:be:54:9d:1f:e8:02:65:6b:de:1d:63:97:a5:bd:
                    de:2f:ec:d8:a5:8f:60:36:46:eb:25:51:b2:68:da:
                    6f:31:de:9c:97:1e:e9:39:26:45:f5:a1:02:4e:e2:
                    9a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:DE:13:9D:39:0F:12:C2:1B:5C:C5:0A:C7:D1:8F:76:7E:B8:3A:30
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/iN4TnTkPEsIbXMUKx9GPdn64OjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:96:77:5f:ab:35:2b:79:83:7c:9f:94:42:69:b8:a7:b1:f0:
         37:31:e0:fc:de:dd:b0:f7:3a:84:90:cc:69:ff:9e:03:1e:cb:
         10:5f:97:2b:86:cf:43:c2:a1:f9:25:c1:ac:4e:03:26:77:36:
         c5:37:d9:2c:8a:64:44:c2:67:12:dc:0d:4e:b9:4f:98:5f:c1:
         a7:4d:c5:62:4c:2d:fc:9c:f1:69:58:00:b1:40:20:4e:c3:ad:
         af:51:67:5f:63:d4:bc:c5:96:0b:0e:eb:21:4f:32:88:47:c6:
         92:8a:1a:b6:4e:58:dc:06:2a:2c:ac:89:9b:7e:08:32:74:48:
         b3:86:82:d6:d3:7a:c2:01:37:32:32:be:24:04:67:63:25:cc:
         3a:3b:3b:24:46:fc:57:a0:c7:70:2a:7e:38:54:e8:17:8b:6e:
         dd:2f:bf:5d:1c:fb:d7:52:2d:33:b2:08:54:9a:4c:1b:96:d4:
         3c:96:9f:27:22:a4:eb:17:cb:24:87:9e:59:79:60:8a:f4:c4:
         cb:b2:df:ba:d3:e7:84:db:80:42:a4:5d:22:09:88:d2:10:28:
         74:b8:56:65:a3:bc:d8:ae:4d:14:c3:8e:44:34:eb:ae:92:59:
         df:ea:1b:58:62:0e:dc:5b:2c:ab:ea:cf:77:79:3b:de:16:2f:
         34:c4:6a:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa1aEE8N8F1e3rQ+FEcZTtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA5MTQxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGRlMTM5ZDM5MGYxMmMyMWI1Y2M1MGFjN2QxOGY3NjdlYjgzYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuXZqi+9ZrYgGETD9WqHRHNfSH4Q
W0qmRRyyIKDKc9lBxNjDihoQFQ5VhsdJrRsxpsIkTunCVWbHOUwvoNe3jtC0wACH
Or9kLJQcUUDmaBuqdQpI/isw4OkNbkp4Qlss1uq4Gbjc8esjVKHR2It2ghg9W2Xx
e3KJpd1AY/mkiWLizfGSnQPDJ73/fLU+EvpLVdvdQczT5UZ4kzo8ToiBTEDiBga9
IeNknGTeES82f24K/kKbjzg2NqlPcDQVzdNvOiBzrvdYioACXZ+He8TYpD1ivlSd
H+gCZWveHWOXpb3eL+zYpY9gNkbrJVGyaNpvMd6clx7pOSZF9aECTuKaIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjeE505DxLCG1zFCsfRj3Z+uDowMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaU40VG5Ua1BFc0liWE1VS3g5R1BkbjY0T2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgwMA0G
CSqGSIb3DQEBCwUAA4IBAQBRlndfqzUreYN8n5RCabinsfA3MeD83t2w9zqEkMxp
/54DHssQX5crhs9DwqH5JcGsTgMmdzbFN9ksimREwmcS3A1OuU+YX8GnTcViTC38
nPFpWACxQCBOw62vUWdfY9S8xZYLDushTzKIR8aSihq2TljcBiosrImbfggydEiz
hoLW03rCATcyMr4kBGdjJcw6OzskRvxXoMdwKn44VOgXi27dL79dHPvXUi0zsghU
mkwbltQ8lp8nIqTrF8skh55ZeWCK9MTLst+60+eE24BCpF0iCYjSECh0uFZlo7zY
rk0Uw45ENOuuklnf6htYYg7cWyyr6s93eTveFi80xGqM
-----END CERTIFICATE-----