Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s0xaxFw3PL_bzZv4cgZPYJffQf8.roa
File:                     s0xaxFw3PL_bzZv4cgZPYJffQf8.roa (raw, json)
Hash identifier:          W0ySRydXhQSDwqVLrFz2odP/t7+q/cMfC0tQ17ZyKCo=
Subject key identifier:   B3:4C:5A:C4:5C:37:3C:BF:DB:CD:9B:F8:72:06:4F:60:97:DF:41:FF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019668EF8A73A6BA6AD69D173DEB6EC0820A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s0xaxFw3PL_bzZv4cgZPYJffQf8.roa
Signing time:             Thu 24 Apr 2025 17:54:11 +0000
ROA not before:           Thu 24 Apr 2025 17:54:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137897
IP address blocks:        31.57.222.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 10:32:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:ef:8a:73:a6:ba:6a:d6:9d:17:3d:eb:6e:c0:82:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 24 17:54:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b34c5ac45c373cbfdbcd9bf872064f6097df41ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:30:cc:e4:5d:01:1a:81:26:47:86:17:08:ea:
                    56:31:12:77:25:ce:5e:28:cb:1f:e4:09:75:c6:20:
                    7f:d9:e6:0c:f5:73:3f:97:b1:d5:45:51:47:6c:1b:
                    f8:df:12:63:c1:70:53:91:d2:66:6b:de:a7:34:fa:
                    75:fc:92:ba:60:b1:d6:ce:1b:8c:15:1d:79:78:c1:
                    72:8b:ff:bb:3c:fc:2c:51:85:52:a7:d1:be:83:f3:
                    6d:e2:9d:9c:b5:be:37:59:61:78:6f:b9:4c:33:da:
                    ce:22:35:a1:4c:da:41:73:a5:bb:cc:bb:e8:07:2a:
                    05:22:ff:e5:72:a3:a7:e4:ab:ae:da:a6:0e:8a:c8:
                    cd:2f:4f:34:68:90:17:f8:18:59:0e:54:b6:22:a4:
                    c7:2e:99:5c:6e:cb:8a:a6:06:29:c0:61:d1:c6:86:
                    f2:12:31:30:7e:03:f9:57:dd:ba:f6:ec:d1:aa:5f:
                    e9:ba:19:75:70:c0:1b:98:ae:37:4a:f2:38:45:6a:
                    3a:e0:19:92:15:5c:f9:8c:24:3d:16:ef:f6:29:f2:
                    e9:2c:b3:d9:0d:85:a9:54:62:24:0b:b1:e9:e8:b9:
                    bc:4f:ca:2b:3e:c6:f2:e4:a6:2d:b3:74:d3:38:df:
                    00:19:4a:10:cb:87:5b:40:47:a6:51:26:19:11:58:
                    58:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:4C:5A:C4:5C:37:3C:BF:DB:CD:9B:F8:72:06:4F:60:97:DF:41:FF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/s0xaxFw3PL_bzZv4cgZPYJffQf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:2d:10:07:8a:4d:2e:ce:f9:42:13:37:58:76:47:0b:f1:7c:
         75:93:bc:a5:61:40:f5:59:b8:2b:cf:c5:5e:b8:40:98:68:24:
         53:d5:f1:d7:61:27:6b:8b:8e:ef:29:2e:ae:66:77:e5:15:65:
         02:7e:04:f4:58:b8:ba:da:fc:4e:b9:b7:01:be:3d:f9:bd:d3:
         91:21:d9:37:8f:b8:fe:87:32:07:19:95:18:c6:03:ae:c5:ea:
         f1:b8:72:c1:2a:c3:1e:41:c8:bf:1e:9b:89:b0:0a:2d:43:6a:
         86:6d:eb:c1:80:b6:86:4d:74:22:33:2a:7d:f7:71:ce:7a:7d:
         dc:3f:da:62:f2:5e:bb:51:4d:9f:63:94:7e:ea:ec:ae:db:8f:
         ea:ba:08:12:27:81:ca:bd:ba:cd:3b:db:b0:97:b5:12:db:ed:
         06:19:3c:28:77:30:4d:15:52:d7:a8:71:c4:36:bc:5d:92:c5:
         44:52:db:61:8f:d7:40:e9:8b:c7:a4:24:38:07:fb:e4:c4:d9:
         6f:86:f6:46:be:62:7d:e3:2b:a0:b9:c5:76:c6:90:4d:22:43:
         36:26:3b:af:71:36:60:f6:8b:53:6c:a6:08:66:77:4f:ce:61:
         d6:45:a9:8b:a8:e5:3c:c7:bd:ef:97:b8:0b:8c:fd:b3:bf:42:
         fe:3b:2c:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZo74pzprpq1p0XPetuwIIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDI0MTc1NDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzRjNWFjNDVjMzczY2JmZGJjZDliZjg3MjA2NGY2MDk3ZGY0MWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTDM5F0BGoEmR4YXCOpWMRJ3Jc5e
KMsf5Al1xiB/2eYM9XM/l7HVRVFHbBv43xJjwXBTkdJma96nNPp1/JK6YLHWzhuM
FR15eMFyi/+7PPwsUYVSp9G+g/Nt4p2ctb43WWF4b7lMM9rOIjWhTNpBc6W7zLvo
ByoFIv/lcqOn5Kuu2qYOisjNL080aJAX+BhZDlS2IqTHLplcbsuKpgYpwGHRxoby
EjEwfgP5V9269uzRql/puhl1cMAbmK43SvI4RWo64BmSFVz5jCQ9Fu/2KfLpLLPZ
DYWpVGIkC7Hp6Lm8T8orPsby5KYts3TTON8AGUoQy4dbQEemUSYZEVhYlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNMWsRcNzy/282b+HIGT2CX30H/MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvczB4YXhGdzNQTF9ielp2NGNnWlBZSmZmUWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzneMA0G
CSqGSIb3DQEBCwUAA4IBAQCzLRAHik0uzvlCEzdYdkcL8Xx1k7ylYUD1Wbgrz8Ve
uECYaCRT1fHXYSdri47vKS6uZnflFWUCfgT0WLi62vxOubcBvj35vdORIdk3j7j+
hzIHGZUYxgOuxerxuHLBKsMeQci/HpuJsAotQ2qGbevBgLaGTXQiMyp993HOen3c
P9pi8l67UU2fY5R+6uyu24/quggSJ4HKvbrNO9uwl7US2+0GGTwodzBNFVLXqHHE
NrxdksVEUtthj9dA6YvHpCQ4B/vkxNlvhvZGvmJ94yugucV2xpBNIkM2JjuvcTZg
9otTbKYIZndPzmHWRamLqOU8x73vl7gLjP2zv0L+OyxA
-----END CERTIFICATE-----