Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RTFD5RFP4jbgsr0QmF0M0d63ymg.roa
File:                     RTFD5RFP4jbgsr0QmF0M0d63ymg.roa (raw, json)
Hash identifier:          yK/o5bPlaaoK5MU9op3FAm+c45tnAeuOGuiq9ndTtxs=
Subject key identifier:   45:31:43:E5:11:4F:E2:36:E0:B2:BD:10:98:5D:0C:D1:DE:B7:CA:68
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019668EF89DCC501B5EC8638FD9734B751F5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RTFD5RFP4jbgsr0QmF0M0d63ymg.roa
Signing time:             Thu 24 Apr 2025 17:54:10 +0000
ROA not before:           Thu 24 Apr 2025 17:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        31.57.222.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:ef:89:dc:c5:01:b5:ec:86:38:fd:97:34:b7:51:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 24 17:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=453143e5114fe236e0b2bd10985d0cd1deb7ca68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:da:0d:a1:61:0c:5c:61:e0:ff:c9:8f:df:bf:
                    1e:9a:e4:23:9c:0d:95:c0:bb:62:7b:b9:1e:87:60:
                    96:5b:9e:3f:f2:53:ab:0c:d7:aa:94:a0:eb:91:d6:
                    f5:e3:bc:80:97:42:25:ad:01:e7:8b:d8:00:72:c4:
                    c4:86:e8:5d:79:cf:fa:c1:dc:ff:5e:85:4c:ce:3e:
                    55:d9:2b:a0:37:d2:ea:62:3f:0e:ec:43:6d:2c:fe:
                    11:15:99:61:6d:c2:b9:ac:0b:10:c1:ac:d0:90:be:
                    e0:5b:5a:16:e1:a9:e5:66:2f:0b:a4:8c:f3:f5:2e:
                    80:0f:24:1c:a8:22:2c:37:3b:9c:76:76:d9:6c:58:
                    3a:2c:8d:27:5f:ab:92:c5:aa:2c:df:17:22:9a:dd:
                    d0:c4:a2:34:81:4f:28:1e:23:5c:a7:ab:da:f5:4b:
                    7f:97:e0:e4:a0:01:33:7d:5e:a4:56:26:dc:4e:fb:
                    0a:d5:43:7e:01:a0:e1:fd:0f:17:a3:4f:fc:07:75:
                    77:7b:a8:f0:d9:6c:69:a7:90:3e:c0:0d:03:2d:a9:
                    ea:1b:77:46:bb:cf:4b:1b:21:5e:10:1d:05:c3:25:
                    95:39:00:9b:a6:ae:0e:58:6a:2f:fa:f4:76:21:f5:
                    7a:e0:7e:5b:75:01:42:83:20:4d:aa:a4:d7:88:a6:
                    04:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:31:43:E5:11:4F:E2:36:E0:B2:BD:10:98:5D:0C:D1:DE:B7:CA:68
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/RTFD5RFP4jbgsr0QmF0M0d63ymg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:46:ef:2e:be:87:74:b0:14:19:f2:4a:c8:01:5b:a1:7f:d4:
         d2:7c:46:fa:e8:df:22:74:78:42:68:2b:ee:83:95:32:89:4b:
         fd:e0:2b:18:73:65:c4:d3:c2:31:6b:d6:ac:f7:65:57:69:b6:
         a2:77:7c:c6:fc:53:82:60:fc:fd:2c:72:93:d9:ab:4e:47:9b:
         61:8c:9c:3f:16:ae:45:4a:f8:2d:3e:8e:9f:3c:21:a7:0e:c5:
         35:e1:01:97:46:d1:ff:14:b2:8a:82:a9:1e:dd:be:cd:c6:3d:
         8b:bf:c9:5a:fb:85:cd:6f:ca:4f:c6:9b:2d:42:1c:32:b3:42:
         d0:ec:98:48:6d:f3:8e:91:81:c5:2b:6b:86:65:bc:71:c5:6f:
         60:f9:23:93:61:01:ba:13:09:06:5c:59:03:fb:95:2c:08:e0:
         6a:be:be:e1:e6:aa:e9:63:7b:07:62:50:87:b2:e0:cd:2b:2f:
         c1:43:3a:54:d8:5c:e1:5a:45:4f:b3:27:9b:07:be:e1:07:db:
         0a:2a:f8:6b:72:3b:ab:1e:14:d5:94:71:3e:d6:a1:b7:09:74:
         6e:a4:45:b4:8f:33:86:aa:e2:e9:6a:9d:78:9c:ca:ce:51:fa:
         50:f5:19:ee:c9:ed:a7:b2:ab:9f:7d:29:56:0b:ff:29:0b:cc:
         52:03:9c:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZo74ncxQG17IY4/Zc0t1H1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDI0MTc1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTMxNDNlNTExNGZlMjM2ZTBiMmJkMTA5ODVkMGNkMWRlYjdjYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttoNoWEMXGHg/8mP378emuQjnA2V
wLtie7keh2CWW54/8lOrDNeqlKDrkdb147yAl0IlrQHni9gAcsTEhuhdec/6wdz/
XoVMzj5V2SugN9LqYj8O7ENtLP4RFZlhbcK5rAsQwazQkL7gW1oW4anlZi8LpIzz
9S6ADyQcqCIsNzucdnbZbFg6LI0nX6uSxaos3xcimt3QxKI0gU8oHiNcp6va9Ut/
l+DkoAEzfV6kVibcTvsK1UN+AaDh/Q8Xo0/8B3V3e6jw2Wxpp5A+wA0DLanqG3dG
u89LGyFeEB0FwyWVOQCbpq4OWGov+vR2IfV64H5bdQFCgyBNqqTXiKYEkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUxQ+URT+I24LK9EJhdDNHet8poMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUlRGRDVSRlA0amJnc3IwUW1GME0wZDYzeW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzneMA0G
CSqGSIb3DQEBCwUAA4IBAQBcRu8uvod0sBQZ8krIAVuhf9TSfEb66N8idHhCaCvu
g5UyiUv94CsYc2XE08Ixa9as92VXabaid3zG/FOCYPz9LHKT2atOR5thjJw/Fq5F
SvgtPo6fPCGnDsU14QGXRtH/FLKKgqke3b7Nxj2Lv8la+4XNb8pPxpstQhwys0LQ
7JhIbfOOkYHFK2uGZbxxxW9g+SOTYQG6EwkGXFkD+5UsCOBqvr7h5qrpY3sHYlCH
suDNKy/BQzpU2FzhWkVPsyebB77hB9sKKvhrcjurHhTVlHE+1qG3CXRupEW0jzOG
quLpap14nMrOUfpQ9Rnuye2nsquffSlWC/8pC8xSA5wC
-----END CERTIFICATE-----