Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/eOaLJF2D_oq5Rf8ue5iAMXSyG3Q.roa
File:                     eOaLJF2D_oq5Rf8ue5iAMXSyG3Q.roa (raw, json)
Hash identifier:          9fX39W8KhFiso2lzX0g33TB0s0MNdmHRwFnPme2AWzQ=
Subject key identifier:   78:E6:8B:24:5D:83:FE:8A:B9:45:FF:2E:7B:98:80:31:74:B2:1B:74
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019637C1341505DE6DF1039B9A81DE491F89
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/eOaLJF2D_oq5Rf8ue5iAMXSyG3Q.roa
Signing time:             Tue 15 Apr 2025 04:42:10 +0000
ROA not before:           Tue 15 Apr 2025 04:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208972
IP address blocks:        31.58.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:37:c1:34:15:05:de:6d:f1:03:9b:9a:81:de:49:1f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 15 04:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78e68b245d83fe8ab945ff2e7b98803174b21b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c1:4c:34:9c:19:97:b2:d4:63:ee:70:a6:93:
                    64:b6:6e:87:25:11:8b:a3:e3:d0:e7:8c:5f:7a:99:
                    1f:e7:d4:0e:99:00:f6:c4:82:a0:fa:2c:ea:fd:bb:
                    56:60:6b:dd:44:f8:5f:d1:12:0d:fa:5b:22:2b:01:
                    a0:5f:e5:2b:c0:4e:d2:42:3a:9b:dc:56:3c:76:83:
                    ce:cf:ed:82:20:cb:36:45:95:99:8a:c4:16:a0:13:
                    be:90:68:1d:c3:30:78:0d:35:5a:47:3c:c3:a8:38:
                    44:d6:9e:24:3b:00:a5:0e:e6:1a:0f:81:57:3e:88:
                    9a:e1:28:4e:69:f9:d9:d0:19:22:2f:78:38:c9:4d:
                    3a:5d:c7:8b:63:f0:15:86:53:79:7b:6b:0c:2f:0a:
                    ad:05:bd:81:a6:d3:5c:27:3c:4b:ca:9d:e7:d2:9a:
                    f0:c4:85:7b:ed:8b:3e:84:8a:0e:5f:98:3f:7e:7a:
                    d1:28:6c:ce:3c:7f:9b:dd:d3:c7:d8:97:b4:e0:22:
                    42:45:93:03:0e:84:9d:4a:0b:1f:96:ee:d2:5b:a5:
                    c2:bb:a3:00:e8:c8:24:82:15:fa:e2:c9:de:51:7d:
                    9f:9e:6a:65:79:22:b8:86:46:84:57:b6:fe:c0:87:
                    f1:fa:83:17:20:21:85:c8:b5:f2:67:87:b2:f5:72:
                    9e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E6:8B:24:5D:83:FE:8A:B9:45:FF:2E:7B:98:80:31:74:B2:1B:74
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/eOaLJF2D_oq5Rf8ue5iAMXSyG3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:00:6d:70:6a:35:69:67:32:e6:60:06:d3:fd:f0:46:e5:81:
         80:7b:57:55:73:86:8b:1e:57:96:2a:8d:83:b1:fd:c3:20:92:
         e1:bd:fd:7f:e6:c9:92:f7:89:43:6a:3e:11:18:ba:e7:d2:37:
         61:6d:d8:30:e1:d4:1e:5f:b9:9d:17:aa:6f:97:a9:21:f0:2e:
         ba:2e:7a:2b:76:4b:18:39:45:a9:5b:09:58:86:0c:c3:ac:ae:
         20:0e:7f:1d:92:26:65:0d:8f:14:53:fa:94:e3:54:73:66:a9:
         47:6a:74:c6:07:13:91:96:8d:eb:b7:7d:c7:60:e0:18:b2:14:
         40:33:b8:f5:ff:52:f8:79:65:cf:e2:52:6c:68:7a:03:ad:58:
         45:33:40:6d:fc:a1:db:4d:1d:3a:9c:ec:ee:bd:c8:83:46:75:
         3e:58:dc:5c:88:fc:a3:38:bf:cf:c1:85:4c:0f:65:c4:0d:08:
         c1:2f:f2:91:17:53:a8:96:4a:b3:0a:3d:d9:0a:0c:c8:96:0a:
         48:3c:a7:10:09:a5:03:bb:40:5a:1b:be:15:58:ec:e3:1b:d9:
         b9:71:bc:03:eb:de:59:a0:d5:47:73:06:d5:68:3a:ce:f1:14:
         25:3c:a3:e6:d8:42:51:9c:b5:26:53:4e:3e:ab:95:b4:ce:5b:
         f1:95:90:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY3wTQVBd5t8QObmoHeSR+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDE1MDQ0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGU2OGIyNDVkODNmZThhYjk0NWZmMmU3Yjk4ODAzMTc0YjIxYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8FMNJwZl7LUY+5wppNktm6HJRGL
o+PQ54xfepkf59QOmQD2xIKg+izq/btWYGvdRPhf0RIN+lsiKwGgX+UrwE7SQjqb
3FY8doPOz+2CIMs2RZWZisQWoBO+kGgdwzB4DTVaRzzDqDhE1p4kOwClDuYaD4FX
Poia4ShOafnZ0BkiL3g4yU06XceLY/AVhlN5e2sMLwqtBb2BptNcJzxLyp3n0prw
xIV77Ys+hIoOX5g/fnrRKGzOPH+b3dPH2Je04CJCRZMDDoSdSgsflu7SW6XCu6MA
6MgkghX64sneUX2fnmpleSK4hkaEV7b+wIfx+oMXICGFyLXyZ4ey9XKeGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjmiyRdg/6KuUX/LnuYgDF0sht0MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZU9hTEpGMkRfb3E1UmY4dWU1aUFNWFN5RzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzrqMA0G
CSqGSIb3DQEBCwUAA4IBAQDBAG1wajVpZzLmYAbT/fBG5YGAe1dVc4aLHleWKo2D
sf3DIJLhvf1/5smS94lDaj4RGLrn0jdhbdgw4dQeX7mdF6pvl6kh8C66LnordksY
OUWpWwlYhgzDrK4gDn8dkiZlDY8UU/qU41RzZqlHanTGBxORlo3rt33HYOAYshRA
M7j1/1L4eWXP4lJsaHoDrVhFM0Bt/KHbTR06nOzuvciDRnU+WNxciPyjOL/PwYVM
D2XEDQjBL/KRF1OolkqzCj3ZCgzIlgpIPKcQCaUDu0BaG74VWOzjG9m5cbwD695Z
oNVHcwbVaDrO8RQlPKPm2EJRnLUmU04+q5W0zlvxlZAF
-----END CERTIFICATE-----