Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KlXoGyspHnt_as5cv9yPZe6r8S0.roa
File:                     KlXoGyspHnt_as5cv9yPZe6r8S0.roa (raw, json)
Hash identifier:          lWPGg0q9eVbJPs37r++CBw3UBeNS/daZz3sgM/t4WTE=
Subject key identifier:   2A:55:E8:1B:2B:29:1E:7B:7F:6A:CE:5C:BF:DC:8F:65:EE:AB:F1:2D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196B36DFA33575628446451E8196E26B809
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KlXoGyspHnt_as5cv9yPZe6r8S0.roa
Signing time:             Fri 09 May 2025 05:04:11 +0000
ROA not before:           Fri 09 May 2025 05:04:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209706
IP address blocks:        31.56.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:6d:fa:33:57:56:28:44:64:51:e8:19:6e:26:b8:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  9 05:04:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a55e81b2b291e7b7f6ace5cbfdc8f65eeabf12d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:98:f0:61:04:1a:6b:11:50:d2:e5:6d:21:5e:
                    c1:35:69:24:17:69:67:e0:b5:82:46:59:f5:f4:89:
                    9d:d9:29:26:88:7c:3a:14:ad:70:6f:22:cc:2a:ab:
                    72:6a:19:94:f4:23:98:04:46:13:7c:2c:01:86:04:
                    2b:86:60:88:a6:9f:2f:d5:b4:51:70:e7:ae:cd:ac:
                    51:c3:2f:f6:28:50:d3:ad:91:98:25:ca:af:22:af:
                    21:ff:fc:5c:9a:ef:4b:1c:97:9a:6c:88:7d:12:c3:
                    c1:ee:d0:a6:b3:7e:cb:41:45:a6:70:0f:48:e6:e4:
                    d0:bf:22:39:c5:fc:61:83:9e:f3:b3:4a:2d:84:95:
                    1e:d5:45:32:4e:4b:e5:a4:4a:2e:50:81:9c:e6:a0:
                    4d:9d:a1:86:87:b8:62:8f:b4:69:6f:b7:af:e0:d3:
                    bc:7c:07:bf:de:6c:ca:d8:63:4b:32:b0:e2:51:b3:
                    98:3c:89:30:bd:de:e6:64:5e:7d:d3:45:77:73:a1:
                    e9:fe:75:84:02:cc:3f:ae:9f:91:e4:3a:03:95:57:
                    78:b6:4d:47:50:b7:b8:27:fe:15:e8:32:bd:3b:75:
                    a4:cf:0e:f9:22:ba:4d:d4:95:69:92:5e:1f:f5:b6:
                    d8:be:56:b0:05:bf:77:d5:ff:ad:2a:c3:6a:5a:ef:
                    c1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:55:E8:1B:2B:29:1E:7B:7F:6A:CE:5C:BF:DC:8F:65:EE:AB:F1:2D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/KlXoGyspHnt_as5cv9yPZe6r8S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:c9:71:ea:f0:d7:e6:f0:29:6e:d5:33:68:05:37:fb:8b:b4:
         60:0f:c0:e2:3b:37:40:21:e0:a8:a1:77:97:23:25:1b:39:ce:
         89:95:b8:0d:09:1f:c7:7e:a9:7c:68:cf:70:7f:8b:af:83:64:
         99:47:ff:9e:ce:69:aa:1b:20:c3:62:ba:b8:48:84:15:7a:6c:
         93:a0:6e:03:e1:d1:3a:34:b4:23:ed:22:44:d6:34:25:40:ac:
         83:14:41:6f:59:0d:ee:f4:35:04:7a:4f:ed:ee:4d:5d:59:c1:
         ea:34:24:d7:38:c9:db:ae:18:ce:88:c3:7f:25:f5:2a:3a:48:
         46:47:d6:fd:e2:ae:dc:52:70:ef:42:3e:d9:6a:2a:da:04:98:
         c9:77:2f:91:af:61:1a:77:6f:ed:90:42:df:bf:17:99:d1:01:
         1c:64:88:38:96:e8:0f:9f:a6:07:ec:0d:92:99:87:0d:70:6a:
         5f:fa:8e:1d:b1:6f:86:e1:0c:fa:36:f5:ae:4d:3d:9f:33:93:
         0b:8e:75:c4:92:9d:cf:03:46:fc:ca:37:f9:6a:1c:48:be:cf:
         5d:90:7f:12:36:b2:8d:a9:e5:4a:39:b6:89:60:a0:a4:f0:d9:
         62:c2:03:5d:02:d9:5a:ef:24:71:51:e1:e4:b6:6b:4e:6c:da:
         13:ab:2a:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZazbfozV1YoRGRR6BluJrgJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA5MDUwNDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTU1ZTgxYjJiMjkxZTdiN2Y2YWNlNWNiZmRjOGY2NWVlYWJmMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJjwYQQaaxFQ0uVtIV7BNWkkF2ln
4LWCRln19Imd2SkmiHw6FK1wbyLMKqtyahmU9COYBEYTfCwBhgQrhmCIpp8v1bRR
cOeuzaxRwy/2KFDTrZGYJcqvIq8h//xcmu9LHJeabIh9EsPB7tCms37LQUWmcA9I
5uTQvyI5xfxhg57zs0othJUe1UUyTkvlpEouUIGc5qBNnaGGh7hij7Rpb7ev4NO8
fAe/3mzK2GNLMrDiUbOYPIkwvd7mZF5900V3c6Hp/nWEAsw/rp+R5DoDlVd4tk1H
ULe4J/4V6DK9O3Wkzw75IrpN1JVpkl4f9bbYvlawBb931f+tKsNqWu/BgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpV6BsrKR57f2rOXL/cj2Xuq/EtMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvS2xYb0d5c3BIbnRfYXM1Y3Y5eVBaZTZyOFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgYMA0G
CSqGSIb3DQEBCwUAA4IBAQC3yXHq8Nfm8Clu1TNoBTf7i7RgD8DiOzdAIeCooXeX
IyUbOc6JlbgNCR/Hfql8aM9wf4uvg2SZR/+ezmmqGyDDYrq4SIQVemyToG4D4dE6
NLQj7SJE1jQlQKyDFEFvWQ3u9DUEek/t7k1dWcHqNCTXOMnbrhjOiMN/JfUqOkhG
R9b94q7cUnDvQj7ZairaBJjJdy+Rr2Ead2/tkELfvxeZ0QEcZIg4lugPn6YH7A2S
mYcNcGpf+o4dsW+G4Qz6NvWuTT2fM5MLjnXEkp3PA0b8yjf5ahxIvs9dkH8SNrKN
qeVKObaJYKCk8NliwgNdAtla7yRxUeHktmtObNoTqyrD
-----END CERTIFICATE-----