Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/e4zpyz5dFqXYhpsUAV63BU2G9Bk.roa
File:                     e4zpyz5dFqXYhpsUAV63BU2G9Bk.roa (raw, json)
Hash identifier:          p2Nf5b/tPjF5qLfimGTxwSbFh+0pKopMI1hKIx6Gdp8=
Subject key identifier:   7B:8C:E9:CB:3E:5D:16:A5:D8:86:9B:14:01:5E:B7:05:4D:86:F4:19
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197595E8E0046C022DA4BD4B30A56695B52
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/e4zpyz5dFqXYhpsUAV63BU2G9Bk.roa
Signing time:             Tue 10 Jun 2025 10:24:18 +0000
ROA not before:           Tue 10 Jun 2025 10:24:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213896
IP address blocks:        31.58.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:5e:8e:00:46:c0:22:da:4b:d4:b3:0a:56:69:5b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 10 10:24:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b8ce9cb3e5d16a5d8869b14015eb7054d86f419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:50:c2:2f:cf:f8:37:a1:f9:23:03:ad:32:5b:
                    b8:8d:e4:07:01:f5:af:28:4a:35:c5:5c:f0:b0:1b:
                    92:ae:ba:32:29:26:d7:2c:78:ea:e5:8f:3d:8a:ff:
                    07:07:1e:2d:e3:dc:d5:2e:9b:d8:79:39:b6:c6:15:
                    ff:35:a5:fc:6a:34:99:83:bb:ab:94:b8:1a:c8:95:
                    dd:fc:76:af:ff:ca:b6:04:cc:bf:a1:ee:9a:57:ea:
                    a5:47:16:8f:fa:ce:f2:c6:1b:98:51:e6:ac:20:40:
                    0a:14:48:e9:d2:8c:39:5b:3b:30:c5:97:93:23:0d:
                    96:f5:38:aa:31:e5:8a:0e:c0:4a:c2:f0:56:89:56:
                    be:b6:07:25:be:e8:c5:38:e6:7a:d4:94:36:22:f3:
                    23:8d:37:f0:a0:ad:a5:9e:dc:de:79:9e:7f:f9:3e:
                    9a:22:10:d3:36:b2:3b:70:e7:ef:88:68:9f:6d:72:
                    e4:33:70:65:2e:4f:e2:54:ae:2e:d9:42:3c:d3:6f:
                    9a:97:26:e4:ed:74:71:17:56:7d:ff:25:52:db:52:
                    a2:49:a5:ea:f4:b7:dc:10:63:60:c9:4c:b7:f4:10:
                    f4:de:e5:6c:56:f8:de:ad:d6:f1:46:66:ef:f2:e3:
                    9b:c8:7a:9f:df:2f:ba:65:d0:12:90:67:02:e8:07:
                    3a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:8C:E9:CB:3E:5D:16:A5:D8:86:9B:14:01:5E:B7:05:4D:86:F4:19
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/e4zpyz5dFqXYhpsUAV63BU2G9Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3a:b9:d0:5c:95:0c:48:b2:03:35:58:c2:bc:6d:79:4b:ea:
         80:29:c8:ff:e5:5d:10:07:01:19:7e:6a:18:7b:92:09:55:dc:
         80:3c:e7:14:67:d3:fc:ad:66:08:15:82:d0:8f:46:53:31:72:
         a5:f1:f2:80:c3:c2:23:67:98:0c:2f:1c:e8:8d:c9:3f:e6:3e:
         bb:dd:9f:8c:f2:1e:73:ef:c9:99:e1:33:9f:67:9e:84:04:1e:
         61:04:7a:96:3f:ae:05:c6:b9:78:ae:2e:3b:0c:00:0e:42:39:
         c8:45:7a:a2:fd:31:a0:3e:31:83:e5:4a:72:99:af:51:bc:57:
         5f:55:72:e4:42:6c:69:ce:6b:81:78:d2:30:9d:68:f8:38:ea:
         0d:e9:2b:e7:65:4f:e7:48:3f:ff:0e:91:92:3e:40:f6:7d:c7:
         4f:33:21:78:a3:46:4d:69:be:46:5d:9c:56:ae:b8:5e:bb:9a:
         f0:de:be:4d:d6:d0:f0:0f:72:70:47:58:67:92:f4:7b:30:71:
         d0:26:5a:72:71:55:7e:0c:54:2d:e3:af:e7:34:d8:6e:b7:03:
         37:2d:77:1a:f6:6c:69:b0:49:78:19:87:aa:d2:89:42:04:0f:
         1f:a7:68:a0:ec:e1:12:e1:03:a9:ad:99:8c:41:13:a6:c5:59:
         b1:4d:e9:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZXo4ARsAi2kvUswpWaVtSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjEwMTAyNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjhjZTljYjNlNWQxNmE1ZDg4NjliMTQwMTVlYjcwNTRkODZmNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFDCL8/4N6H5IwOtMlu4jeQHAfWv
KEo1xVzwsBuSrroyKSbXLHjq5Y89iv8HBx4t49zVLpvYeTm2xhX/NaX8ajSZg7ur
lLgayJXd/Hav/8q2BMy/oe6aV+qlRxaP+s7yxhuYUeasIEAKFEjp0ow5WzswxZeT
Iw2W9TiqMeWKDsBKwvBWiVa+tgclvujFOOZ61JQ2IvMjjTfwoK2lntzeeZ5/+T6a
IhDTNrI7cOfviGifbXLkM3BlLk/iVK4u2UI802+alybk7XRxF1Z9/yVS21KiSaXq
9LfcEGNgyUy39BD03uVsVvjerdbxRmbv8uObyHqf3y+6ZdASkGcC6Ac6oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuM6cs+XRal2IabFAFetwVNhvQZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZTR6cHl6NWRGcVhZaHBzVUFWNjNCVTJHOUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzoyMA0G
CSqGSIb3DQEBCwUAA4IBAQBXOrnQXJUMSLIDNVjCvG15S+qAKcj/5V0QBwEZfmoY
e5IJVdyAPOcUZ9P8rWYIFYLQj0ZTMXKl8fKAw8IjZ5gMLxzojck/5j673Z+M8h5z
78mZ4TOfZ56EBB5hBHqWP64Fxrl4ri47DAAOQjnIRXqi/TGgPjGD5Upyma9RvFdf
VXLkQmxpzmuBeNIwnWj4OOoN6SvnZU/nSD//DpGSPkD2fcdPMyF4o0ZNab5GXZxW
rrheu5rw3r5N1tDwD3JwR1hnkvR7MHHQJlpycVV+DFQt46/nNNhutwM3LXca9mxp
sEl4GYeq0olCBA8fp2ig7OES4QOprZmMQROmxVmxTenM
-----END CERTIFICATE-----