Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lL3MwVstXsyNPwowawi3lK7P1uI.roa
File:                     lL3MwVstXsyNPwowawi3lK7P1uI.roa (raw, json)
Hash identifier:          xN6Lays1Pej+riZSrCs9tnnhPKIfZ1zAF3F88qGX0oQ=
Subject key identifier:   94:BD:CC:C1:5B:2D:5E:CC:8D:3F:0A:30:6B:08:B7:94:AE:CF:D6:E2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01975FA28DA0B5F2C4D543311D98132EE773
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lL3MwVstXsyNPwowawi3lK7P1uI.roa
Signing time:             Wed 11 Jun 2025 15:36:18 +0000
ROA not before:           Wed 11 Jun 2025 15:36:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        31.58.239.0/24 maxlen: 24
                          217.60.198.0/24 maxlen: 24
                          217.60.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5f:a2:8d:a0:b5:f2:c4:d5:43:31:1d:98:13:2e:e7:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 11 15:36:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94bdccc15b2d5ecc8d3f0a306b08b794aecfd6e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:86:85:e0:5d:63:08:56:ba:92:45:f9:b1:83:
                    eb:47:2b:96:7c:0b:5b:29:42:03:1e:ec:0a:17:4c:
                    2f:b5:27:76:fd:50:f2:bf:3d:50:69:40:ec:6c:01:
                    a7:5e:8a:e4:84:12:80:27:1d:c7:f3:0e:cd:ed:1e:
                    e6:23:a6:21:29:94:da:0a:f1:3f:70:23:2a:de:d0:
                    c2:63:e3:2e:ea:4f:7b:8f:3d:a6:93:d7:f8:49:2b:
                    7c:bd:0a:ff:b1:96:89:5f:c3:10:8f:bb:32:05:fc:
                    f4:5b:ea:99:8e:78:af:43:25:7a:20:50:73:d6:a9:
                    80:e7:2b:07:d9:c8:7a:a2:4d:1b:bb:72:82:8c:a3:
                    d1:1a:09:f4:65:6a:fa:4c:bd:68:67:e4:5e:0a:25:
                    16:94:d4:f0:81:37:c9:ce:e3:b8:bd:b8:ed:29:7f:
                    b3:c8:32:4a:10:46:1b:10:ad:18:ef:c8:2e:af:bd:
                    b1:ec:29:84:e6:f1:eb:bf:a5:94:8b:7a:cc:28:36:
                    94:88:b1:a4:53:7d:c4:f4:63:09:28:ce:e7:35:22:
                    11:c9:96:bf:a2:13:29:fe:e9:9f:2e:34:d5:1b:71:
                    8c:a0:d3:41:fa:97:17:63:50:57:1a:0d:f9:db:90:
                    6f:29:de:ab:0b:12:98:17:e4:f2:75:ab:93:b3:7d:
                    e7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:BD:CC:C1:5B:2D:5E:CC:8D:3F:0A:30:6B:08:B7:94:AE:CF:D6:E2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/lL3MwVstXsyNPwowawi3lK7P1uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.239.0/24
                  217.60.198.0/24
                  217.60.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:0c:85:73:d0:86:05:1b:0e:08:a6:0c:60:4d:4c:db:bd:81:
         4c:50:aa:01:c2:42:b2:8b:d8:e8:5d:0c:8a:73:46:cc:f1:1c:
         58:b0:e0:4e:52:8b:d7:d0:c5:09:d7:8e:fd:e6:db:9a:a9:4e:
         7e:aa:32:20:16:25:3e:59:ff:38:8a:be:dd:6b:88:58:69:85:
         f0:f9:f6:bd:2d:44:e1:8f:ce:5b:ea:fe:cb:e6:4d:9c:a6:73:
         8b:ad:8d:ba:13:07:c5:f8:f4:74:2e:2e:df:77:4b:9e:87:46:
         52:ae:66:72:a6:06:e9:f4:06:ef:97:b6:9b:d2:7e:e7:4d:24:
         2e:10:b7:c4:8b:80:47:ad:be:a5:27:58:db:d4:9f:9c:a1:d8:
         f4:c0:7d:24:93:55:3d:88:55:08:59:86:53:e0:14:eb:ff:09:
         b1:fa:52:40:07:ad:ff:f0:8d:70:92:31:96:58:11:2b:df:23:
         88:59:a3:5c:71:10:87:06:ba:d8:19:c7:ad:53:fc:24:c9:16:
         f5:75:57:ea:c0:84:8d:94:b6:34:42:f2:79:66:5a:d7:71:05:
         ed:9f:24:c4:3f:f2:aa:1f:34:62:c9:1f:4e:6f:2a:b7:fe:bd:
         03:e9:41:5d:c1:d9:7a:38:32:b8:91:f7:f5:e9:24:c6:6a:9c:
         d2:27:20:35
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdfoo2gtfLE1UMxHZgTLudzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjExMTUzNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGJkY2NjMTViMmQ1ZWNjOGQzZjBhMzA2YjA4Yjc5NGFlY2ZkNmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYaF4F1jCFa6kkX5sYPrRyuWfAtb
KUIDHuwKF0wvtSd2/VDyvz1QaUDsbAGnXorkhBKAJx3H8w7N7R7mI6YhKZTaCvE/
cCMq3tDCY+Mu6k97jz2mk9f4SSt8vQr/sZaJX8MQj7syBfz0W+qZjnivQyV6IFBz
1qmA5ysH2ch6ok0bu3KCjKPRGgn0ZWr6TL1oZ+ReCiUWlNTwgTfJzuO4vbjtKX+z
yDJKEEYbEK0Y78gur72x7CmE5vHrv6WUi3rMKDaUiLGkU33E9GMJKM7nNSIRyZa/
ohMp/umfLjTVG3GMoNNB+pcXY1BXGg3525BvKd6rCxKYF+TydauTs33nCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJS9zMFbLV7MjT8KMGsIt5Suz9biMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbEwzTXdWc3RYc3lOUHdvd2F3aTNsSzdQMXVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzrvAwQA
2TzGAwQA2TzsMA0GCSqGSIb3DQEBCwUAA4IBAQB4DIVz0IYFGw4IpgxgTUzbvYFM
UKoBwkKyi9joXQyKc0bM8RxYsOBOUovX0MUJ14795tuaqU5+qjIgFiU+Wf84ir7d
a4hYaYXw+fa9LUThj85b6v7L5k2cpnOLrY26EwfF+PR0Li7fd0ueh0ZSrmZypgbp
9Abvl7ab0n7nTSQuELfEi4BHrb6lJ1jb1J+codj0wH0kk1U9iFUIWYZT4BTr/wmx
+lJAB63/8I1wkjGWWBEr3yOIWaNccRCHBrrYGcetU/wkyRb1dVfqwISNlLY0QvJ5
ZlrXcQXtnyTEP/KqHzRiyR9Obyq3/r0D6UFdwdl6ODK4kff16STGapzSJyA1
-----END CERTIFICATE-----