Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FA_a7gf0TkMPmQOLYkoYVihPx_E.roa
File:                     FA_a7gf0TkMPmQOLYkoYVihPx_E.roa (raw, json)
Hash identifier:          7n47AFTP5YyAybB6tUsdgSNG6I2L+gwwvz5QTZYkTBE=
Subject key identifier:   14:0F:DA:EE:07:F4:4E:43:0F:99:03:8B:62:4A:18:56:28:4F:C7:F1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01962F83AAF00E38FCB5BD35CCF4791D71B8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FA_a7gf0TkMPmQOLYkoYVihPx_E.roa
Signing time:             Sun 13 Apr 2025 14:18:00 +0000
ROA not before:           Sun 13 Apr 2025 14:18:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22612
IP address blocks:        31.59.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:2f:83:aa:f0:0e:38:fc:b5:bd:35:cc:f4:79:1d:71:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 13 14:18:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=140fdaee07f44e430f99038b624a1856284fc7f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d9:37:6f:2a:6d:b3:71:d2:19:1d:b9:0c:8f:
                    b1:ff:b4:e1:ca:ba:b8:fd:8d:10:f3:1c:d7:11:7b:
                    90:e5:22:e8:e7:27:2c:f9:27:50:da:23:62:36:5e:
                    40:f9:f4:ef:da:26:7f:33:65:cb:fc:97:6b:35:14:
                    30:cf:68:e8:bb:9a:b3:a9:96:6a:0a:b3:d6:be:c1:
                    c7:29:0d:79:f2:04:90:e6:db:c2:bc:7c:6f:6b:57:
                    36:d3:ab:6c:28:62:70:f5:11:84:5a:8c:c4:72:ff:
                    e1:af:e5:b1:74:e7:e0:d6:a0:13:8f:3e:5d:e8:c2:
                    16:f1:21:b4:e4:84:ec:f2:5c:56:51:8f:fc:85:22:
                    48:71:bf:80:e5:78:54:eb:ef:dc:f7:fa:11:c6:a0:
                    c7:1f:b8:8e:09:93:ac:3e:5e:7f:0e:f6:81:60:cd:
                    8e:db:a6:0f:e4:81:bb:cb:4c:ef:54:5d:b0:a7:06:
                    fb:8d:e7:f9:b4:b9:86:d6:25:7e:a2:9b:0d:ab:98:
                    90:0f:bf:87:3f:53:27:4e:34:67:bd:18:7a:ae:5c:
                    a3:19:6a:21:af:87:e9:a8:fd:3d:3e:58:71:87:c8:
                    9a:5b:2d:5c:93:d7:de:5c:b6:5d:86:96:be:dc:62:
                    26:19:d9:c6:b2:76:d7:69:6c:c7:c5:c6:53:6e:2e:
                    77:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0F:DA:EE:07:F4:4E:43:0F:99:03:8B:62:4A:18:56:28:4F:C7:F1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/FA_a7gf0TkMPmQOLYkoYVihPx_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:0f:d4:f5:b0:4d:e5:17:9a:cf:79:53:30:24:0c:d9:26:0d:
         64:b4:a2:68:e8:b7:ad:e3:07:41:dc:bc:a0:ea:20:e7:a2:1c:
         f7:8e:68:84:7f:2b:8c:6b:cb:50:c4:4d:4c:bc:63:9f:74:a1:
         2e:55:a0:98:cc:45:f4:f1:6d:83:e6:3c:19:38:a0:69:ab:02:
         ec:ce:e9:60:d1:c0:39:ef:fb:a1:6e:38:65:6b:cc:82:9c:20:
         bd:7c:e5:1c:38:fa:f1:f9:a8:79:71:3c:fd:af:af:30:b9:ca:
         88:56:bc:f8:2b:be:24:22:3d:5a:f3:a2:eb:df:28:75:fe:85:
         ad:30:cf:2d:30:48:73:e0:6e:dd:3a:41:48:d4:71:89:9d:83:
         fe:12:e6:23:f7:38:2e:62:02:d6:ab:59:6f:6b:5d:8f:1c:35:
         78:cd:e5:3d:29:27:92:36:41:b2:72:39:7b:b3:38:ea:2a:19:
         55:71:1c:60:c3:c7:45:e6:4a:8c:76:38:95:e9:7a:44:63:12:
         bb:b0:10:0b:1c:f4:69:72:15:71:0a:e0:fb:01:fe:bb:4a:42:
         db:16:c0:fb:64:21:bf:fa:4b:6f:83:64:92:d5:22:e5:ad:d6:
         46:39:63:90:6c:0d:7f:d4:d4:00:8e:18:e1:ce:5e:cb:d8:02:
         7d:fb:24:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYvg6rwDjj8tb01zPR5HXG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDEzMTQxODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDBmZGFlZTA3ZjQ0ZTQzMGY5OTAzOGI2MjRhMTg1NjI4NGZjN2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtk3bypts3HSGR25DI+x/7Thyrq4
/Y0Q8xzXEXuQ5SLo5ycs+SdQ2iNiNl5A+fTv2iZ/M2XL/JdrNRQwz2jou5qzqZZq
CrPWvsHHKQ158gSQ5tvCvHxva1c206tsKGJw9RGEWozEcv/hr+WxdOfg1qATjz5d
6MIW8SG05ITs8lxWUY/8hSJIcb+A5XhU6+/c9/oRxqDHH7iOCZOsPl5/DvaBYM2O
26YP5IG7y0zvVF2wpwb7jef5tLmG1iV+opsNq5iQD7+HP1MnTjRnvRh6rlyjGWoh
r4fpqP09Plhxh8iaWy1ck9feXLZdhpa+3GImGdnGsnbXaWzHxcZTbi53zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQP2u4H9E5DD5kDi2JKGFYoT8fxMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvRkFfYTdnZjBUa01QbVFPTFlrb1lWaWhQeF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztHMA0G
CSqGSIb3DQEBCwUAA4IBAQCRD9T1sE3lF5rPeVMwJAzZJg1ktKJo6Let4wdB3Lyg
6iDnohz3jmiEfyuMa8tQxE1MvGOfdKEuVaCYzEX08W2D5jwZOKBpqwLszulg0cA5
7/uhbjhla8yCnCC9fOUcOPrx+ah5cTz9r68wucqIVrz4K74kIj1a86Lr3yh1/oWt
MM8tMEhz4G7dOkFI1HGJnYP+EuYj9zguYgLWq1lva12PHDV4zeU9KSeSNkGycjl7
szjqKhlVcRxgw8dF5kqMdjiV6XpEYxK7sBALHPRpchVxCuD7Af67SkLbFsD7ZCG/
+ktvg2SS1SLlrdZGOWOQbA1/1NQAjhjhzl7L2AJ9+yTo
-----END CERTIFICATE-----