Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Omj9X-oWGJiHHXfYLwvh7WhyFrc.roa
File:                     Omj9X-oWGJiHHXfYLwvh7WhyFrc.roa (raw, json)
Hash identifier:          sMqqn9w9DUo7RMWuRZclOHBux5eHS5Pc+UHmZEvuyF8=
Subject key identifier:   3A:68:FD:5F:EA:16:18:98:87:1D:77:D8:2F:0B:E1:ED:68:72:16:B7
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019866F32E78A825F3171A2198D2B6EB4071
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Omj9X-oWGJiHHXfYLwvh7WhyFrc.roa
Signing time:             Fri 01 Aug 2025 18:44:29 +0000
ROA not before:           Fri 01 Aug 2025 18:44:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214828
IP address blocks:        31.57.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:66:f3:2e:78:a8:25:f3:17:1a:21:98:d2:b6:eb:40:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Aug  1 18:44:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a68fd5fea161898871d77d82f0be1ed687216b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:34:04:1a:dc:69:93:03:ff:58:1d:31:e4:ba:
                    e4:3e:d4:7b:00:13:5e:e9:41:b6:04:c8:cb:e4:8c:
                    99:69:7e:95:41:81:a4:96:12:7e:9d:de:29:6d:67:
                    d5:b3:a1:7b:88:1e:4c:87:4a:86:07:b4:1e:75:e8:
                    4a:d8:40:ce:27:9a:67:9d:aa:64:84:89:44:87:88:
                    99:9d:a3:5b:11:09:7f:68:69:6f:67:2c:2e:c2:07:
                    61:b1:fe:62:27:5f:6c:e8:d5:41:4c:59:81:a0:bb:
                    9d:79:48:4b:5b:13:ef:86:e6:44:2e:32:51:34:23:
                    92:3b:af:4f:57:dc:87:d5:84:02:9a:96:f8:65:8e:
                    ce:26:df:84:fb:81:ce:af:58:6a:b9:dd:0a:02:ed:
                    ef:e4:bd:f2:17:ce:5f:dc:2a:a2:85:7d:e1:9f:63:
                    68:f1:0b:75:ae:ba:8b:34:bd:2d:a7:eb:0f:f9:95:
                    ae:3a:3f:d3:5a:5a:92:db:75:49:85:0c:6f:7f:bb:
                    1e:6e:4f:ad:61:3b:4f:1d:99:fc:13:b8:95:80:a9:
                    f7:0d:81:4b:1f:92:c8:4f:96:6e:f6:7e:c1:64:98:
                    b9:45:e5:c6:25:20:92:a4:f5:88:64:ca:7b:ab:10:
                    ac:bf:2c:d8:ab:98:0c:79:81:93:ca:07:74:93:32:
                    97:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:68:FD:5F:EA:16:18:98:87:1D:77:D8:2F:0B:E1:ED:68:72:16:B7
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Omj9X-oWGJiHHXfYLwvh7WhyFrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c9:b0:13:8d:9f:9f:10:82:58:91:d5:2c:91:3a:46:b4:cd:
         c4:02:57:40:69:a5:12:f5:b2:20:b0:4b:54:f1:2f:06:90:42:
         8f:f1:7d:52:35:15:c7:94:fb:db:61:ea:30:5d:b4:ed:8b:83:
         ac:fb:c4:fc:52:20:c2:eb:cc:e5:e2:4a:41:af:48:ca:4f:ab:
         3d:88:23:6a:75:c7:94:1e:13:54:d1:42:69:52:cc:7e:eb:02:
         e4:62:57:71:37:59:56:5b:b3:d7:6a:b8:8a:3e:db:68:8b:ed:
         97:30:34:01:18:1a:09:8a:dd:dd:e1:c6:41:bd:19:64:a1:31:
         46:aa:94:75:97:eb:67:f5:43:6e:22:cc:fc:79:69:58:73:cc:
         d7:3f:6f:41:1b:ac:a7:a2:48:66:fa:9b:5b:10:66:ca:e5:21:
         69:3d:20:37:3a:ea:5f:7d:fd:2d:b2:78:cc:d9:40:af:d0:b4:
         43:84:d0:2b:c4:04:ab:b5:9f:42:e6:8d:26:ce:05:4c:c4:ec:
         57:ea:a5:a8:fe:52:96:a7:e8:96:81:bc:01:54:7a:f2:d5:3d:
         f5:12:8d:60:ac:d0:59:ab:ac:7b:7a:7a:9b:e4:31:87:d7:9b:
         7f:46:11:ac:cd:c2:d4:44:61:44:0e:59:7a:50:3b:d7:3c:bf:
         32:27:68:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhm8y54qCXzFxohmNK260BxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwODAxMTg0NDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY4ZmQ1ZmVhMTYxODk4ODcxZDc3ZDgyZjBiZTFlZDY4NzIxNmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TQEGtxpkwP/WB0x5LrkPtR7ABNe
6UG2BMjL5IyZaX6VQYGklhJ+nd4pbWfVs6F7iB5Mh0qGB7QedehK2EDOJ5pnnapk
hIlEh4iZnaNbEQl/aGlvZywuwgdhsf5iJ19s6NVBTFmBoLudeUhLWxPvhuZELjJR
NCOSO69PV9yH1YQCmpb4ZY7OJt+E+4HOr1hqud0KAu3v5L3yF85f3CqihX3hn2No
8Qt1rrqLNL0tp+sP+ZWuOj/TWlqS23VJhQxvf7sebk+tYTtPHZn8E7iVgKn3DYFL
H5LIT5Zu9n7BZJi5ReXGJSCSpPWIZMp7qxCsvyzYq5gMeYGTygd0kzKXSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpo/V/qFhiYhx132C8L4e1ocha3MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvT21qOVgtb1dHSmlISFhmWUx3dmg3V2h5RnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkZMA0G
CSqGSIb3DQEBCwUAA4IBAQAUybATjZ+fEIJYkdUskTpGtM3EAldAaaUS9bIgsEtU
8S8GkEKP8X1SNRXHlPvbYeowXbTti4Os+8T8UiDC68zl4kpBr0jKT6s9iCNqdceU
HhNU0UJpUsx+6wLkYldxN1lWW7PXariKPttoi+2XMDQBGBoJit3d4cZBvRlkoTFG
qpR1l+tn9UNuIsz8eWlYc8zXP29BG6ynokhm+ptbEGbK5SFpPSA3Oupfff0tsnjM
2UCv0LRDhNArxASrtZ9C5o0mzgVMxOxX6qWo/lKWp+iWgbwBVHry1T31Eo1grNBZ
q6x7enqb5DGH15t/RhGszcLURGFEDll6UDvXPL8yJ2iU
-----END CERTIFICATE-----