Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fgvFbGN8z61iWubLydiT_MJ1DJs.roa
File:                     fgvFbGN8z61iWubLydiT_MJ1DJs.roa (raw, json)
Hash identifier:          mEshoS5uCThd8JWeTzzqzP5jbhdxtVNlenmN96yW3no=
Subject key identifier:   7E:0B:C5:6C:63:7C:CF:AD:62:5A:E6:CB:C9:D8:93:FC:C2:75:0C:9B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196517E4085E59D3BC3CD83DBCCCA008965
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fgvFbGN8z61iWubLydiT_MJ1DJs.roa
Signing time:             Sun 20 Apr 2025 04:39:10 +0000
ROA not before:           Sun 20 Apr 2025 04:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        31.56.72.0/24 maxlen: 24
                          31.56.84.0/24 maxlen: 24
                          31.58.88.0/24 maxlen: 24
                          31.58.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 19:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:51:7e:40:85:e5:9d:3b:c3:cd:83:db:cc:ca:00:89:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 20 04:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e0bc56c637ccfad625ae6cbc9d893fcc2750c9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:57:1b:0b:b5:90:22:f2:43:a3:9d:6a:5c:e3:
                    5c:91:9e:e0:2c:fc:ab:d2:b2:53:20:73:2b:80:31:
                    00:3a:90:8f:7f:94:ce:c1:c4:28:71:a1:41:aa:94:
                    a5:14:21:38:a4:c8:0f:76:b2:25:4a:a2:62:64:f6:
                    e1:ed:89:8a:06:8a:c0:c7:2d:01:09:71:1c:07:c8:
                    77:9e:c4:dd:16:25:f4:e0:0e:11:65:0f:38:de:85:
                    96:dc:0e:ec:d4:6b:b6:2a:d7:4e:c4:4b:47:c3:72:
                    d0:52:6a:ad:24:94:ec:d1:35:da:d7:85:83:db:2f:
                    7e:42:a6:7f:ce:0a:30:1b:91:a4:40:7a:8d:f4:74:
                    78:93:fc:00:96:e9:37:97:41:24:7a:87:31:68:4d:
                    b1:bb:5e:32:19:a7:58:b1:3f:48:59:cd:19:6f:4d:
                    84:8e:c1:82:13:62:a6:5e:a1:9a:d2:ba:28:55:77:
                    3b:fb:31:8c:0b:ba:65:1e:47:f2:e3:68:4e:b7:ec:
                    c4:dd:97:b0:3e:2b:7a:3a:92:ec:3e:91:1a:c2:bb:
                    c3:bf:92:6a:7e:a6:16:b3:05:2f:ec:7d:31:21:d5:
                    80:74:eb:19:9b:a3:c0:b2:f7:9c:3b:3c:df:1a:03:
                    9d:5c:cf:50:73:50:ca:61:e0:d4:04:d0:4c:6f:66:
                    16:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:0B:C5:6C:63:7C:CF:AD:62:5A:E6:CB:C9:D8:93:FC:C2:75:0C:9B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/fgvFbGN8z61iWubLydiT_MJ1DJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.72.0/24
                  31.56.84.0/24
                  31.58.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:2f:99:2d:cd:e9:c7:3e:90:ab:fe:24:70:6d:fb:3d:9f:92:
         4c:60:36:af:be:dc:49:76:cd:5e:e9:b4:bd:98:74:fd:c3:bf:
         f8:ec:20:f2:a9:71:ef:02:ff:64:00:f9:63:95:32:b3:d2:d3:
         d0:f0:42:b6:01:bd:e4:48:67:81:d7:6e:c9:89:93:e6:1e:43:
         78:cb:ac:33:e2:b5:8d:65:b6:14:56:cb:91:d2:d2:c6:56:48:
         09:c9:7f:5c:1e:61:7b:1e:e5:a5:20:01:25:bd:a8:59:f5:aa:
         4b:d5:3d:e3:05:a5:ac:23:79:86:28:50:7c:ba:d7:04:55:64:
         85:5d:ba:22:c9:10:b6:15:6a:a4:dc:69:b9:bd:ae:96:97:9e:
         35:bd:5d:4f:4c:6e:6c:c7:a7:c8:63:9a:8c:c7:61:85:5b:9b:
         70:da:2d:1e:87:5b:3e:6d:36:50:44:0c:6a:80:50:c7:11:c4:
         45:d3:be:dc:fe:33:69:67:b4:b1:c9:ef:12:d5:3f:89:ae:b3:
         8a:aa:63:81:32:6f:2d:d0:62:a8:9b:5c:d9:ca:56:c0:d3:d4:
         41:a5:86:1d:8b:2b:5c:99:83:9c:2f:d3:5d:25:30:7d:f5:4c:
         69:d7:42:14:a8:41:82:aa:a5:45:f6:2a:6a:47:20:85:37:c3:
         45:29:ad:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZRfkCF5Z07w82D28zKAIllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDIwMDQzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTBiYzU2YzYzN2NjZmFkNjI1YWU2Y2JjOWQ4OTNmY2MyNzUwYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulcbC7WQIvJDo51qXONckZ7gLPyr
0rJTIHMrgDEAOpCPf5TOwcQocaFBqpSlFCE4pMgPdrIlSqJiZPbh7YmKBorAxy0B
CXEcB8h3nsTdFiX04A4RZQ843oWW3A7s1Gu2KtdOxEtHw3LQUmqtJJTs0TXa14WD
2y9+QqZ/zgowG5GkQHqN9HR4k/wAluk3l0EkeocxaE2xu14yGadYsT9IWc0Zb02E
jsGCE2KmXqGa0rooVXc7+zGMC7plHkfy42hOt+zE3ZewPit6OpLsPpEawrvDv5Jq
fqYWswUv7H0xIdWAdOsZm6PAsvecOzzfGgOdXM9Qc1DKYeDUBNBMb2YWeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH4LxWxjfM+tYlrmy8nYk/zCdQybMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZmd2RmJHTjh6NjFpV3ViTHlkaVRfTUoxREpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzhIAwQA
HzhUAwQBHzpYMA0GCSqGSIb3DQEBCwUAA4IBAQCYL5ktzenHPpCr/iRwbfs9n5JM
YDavvtxJds1e6bS9mHT9w7/47CDyqXHvAv9kAPljlTKz0tPQ8EK2Ab3kSGeB127J
iZPmHkN4y6wz4rWNZbYUVsuR0tLGVkgJyX9cHmF7HuWlIAElvahZ9apL1T3jBaWs
I3mGKFB8utcEVWSFXboiyRC2FWqk3Gm5va6Wl541vV1PTG5sx6fIY5qMx2GFW5tw
2i0eh1s+bTZQRAxqgFDHEcRF077c/jNpZ7Sxye8S1T+JrrOKqmOBMm8t0GKom1zZ
ylbA09RBpYYdiytcmYOcL9NdJTB99Uxp10IUqEGCqqVF9ipqRyCFN8NFKa1w
-----END CERTIFICATE-----