Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/p5dv9arLYgWUeKS932sH7982k6I.roa
File:                     p5dv9arLYgWUeKS932sH7982k6I.roa (raw, json)
Hash identifier:          /nHAYaTtB2LBrSlb0VB2jmkEqstzLY50TUM3cm64JBk=
Subject key identifier:   A7:97:6F:F5:AA:CB:62:05:94:78:A4:BD:DF:6B:07:EF:DF:36:93:A2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0195F6F0C9C8AF167379526388B8D211F831
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/p5dv9arLYgWUeKS932sH7982k6I.roa
Signing time:             Wed 02 Apr 2025 14:38:50 +0000
ROA not before:           Wed 02 Apr 2025 14:38:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213795
IP address blocks:        31.56.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 19:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f6:f0:c9:c8:af:16:73:79:52:63:88:b8:d2:11:f8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr  2 14:38:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7976ff5aacb62059478a4bddf6b07efdf3693a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:63:10:4d:f3:45:3f:44:de:d2:d1:90:b1:6c:
                    76:ee:f3:25:3e:de:ac:85:ff:3d:11:71:99:85:c9:
                    e5:9f:ea:4a:3b:bb:9f:94:51:9d:34:61:b7:5b:e5:
                    b3:fd:a3:08:30:f8:60:74:c7:32:7a:22:35:15:a2:
                    75:e2:cd:a0:bc:b2:17:7b:f3:d6:72:1a:7a:4d:17:
                    29:d4:81:cb:59:d3:0f:89:51:a5:5a:7f:de:39:13:
                    c1:ad:8b:1c:61:dc:2c:7c:67:95:b2:03:2a:70:1d:
                    cf:d1:87:73:e8:ec:6d:e5:39:f5:61:c6:36:b6:de:
                    0f:39:24:94:d0:e3:98:1f:e0:ad:09:33:28:dc:bf:
                    c6:5c:db:7f:5e:2c:46:39:00:d6:fb:5c:34:d7:45:
                    dd:0a:48:7d:cc:4f:63:12:81:1a:66:9b:c0:55:66:
                    a7:91:b8:75:bc:74:9b:04:88:ed:a1:78:08:b0:3f:
                    79:6a:81:a6:7f:b0:59:3c:3c:24:43:c1:85:3d:aa:
                    7e:5c:5c:c1:39:bf:3e:5c:5c:56:ca:e2:5a:74:6a:
                    b3:d9:f0:5c:cb:e7:12:b6:d9:ed:b8:56:eb:de:95:
                    b0:77:11:b2:fa:7b:18:4d:39:5d:66:7d:65:37:9b:
                    44:35:ea:ee:a5:39:1c:14:f8:80:87:60:7f:c5:a3:
                    95:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:97:6F:F5:AA:CB:62:05:94:78:A4:BD:DF:6B:07:EF:DF:36:93:A2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/p5dv9arLYgWUeKS932sH7982k6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:bd:05:31:45:02:a5:3c:f6:5b:cc:c6:cd:e4:b9:84:26:e0:
         18:bd:9c:2f:b6:63:97:eb:22:61:ff:ea:0f:cf:c3:d4:58:6b:
         56:4f:9a:84:ae:64:d9:52:7e:e1:a8:e3:8a:12:55:30:3a:ca:
         c7:66:6e:c7:01:e5:06:a6:f1:3b:4a:3a:01:28:31:17:57:80:
         fb:af:5e:f3:9a:2d:fd:34:5d:f5:fb:07:21:d1:c7:ad:cc:cb:
         59:db:7e:8f:48:03:8b:f6:dc:8d:84:90:8b:1d:d0:f4:b2:84:
         a7:0d:73:78:71:af:64:a4:b1:5b:37:29:fe:ea:77:47:b2:be:
         5a:9d:e4:04:d2:ca:55:71:0c:a7:31:0a:aa:de:5e:1b:7b:ef:
         f3:ff:4a:e6:2c:3a:07:fc:3f:ab:0f:55:75:91:4c:bd:e8:d2:
         c5:cd:33:e1:c5:a3:77:38:50:6a:ed:05:f6:55:28:02:ef:c0:
         9b:d4:29:ba:da:0f:0f:1c:e7:83:f5:02:13:a9:74:91:d0:86:
         11:00:96:04:39:d3:f2:18:a0:6d:a2:d1:7a:33:e8:e9:cc:86:
         f1:f2:ad:8c:28:2e:3d:65:33:42:30:75:01:fa:d8:f1:36:14:
         81:f8:c2:88:d2:ed:1f:2d:e4:a3:b6:de:c4:97:3d:69:90:53:
         c1:a3:d2:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX28MnIrxZzeVJjiLjSEfgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDAyMTQzODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzk3NmZmNWFhY2I2MjA1OTQ3OGE0YmRkZjZiMDdlZmRmMzY5M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GMQTfNFP0Te0tGQsWx27vMlPt6s
hf89EXGZhcnln+pKO7uflFGdNGG3W+Wz/aMIMPhgdMcyeiI1FaJ14s2gvLIXe/PW
chp6TRcp1IHLWdMPiVGlWn/eORPBrYscYdwsfGeVsgMqcB3P0Ydz6Oxt5Tn1YcY2
tt4POSSU0OOYH+CtCTMo3L/GXNt/XixGOQDW+1w010XdCkh9zE9jEoEaZpvAVWan
kbh1vHSbBIjtoXgIsD95aoGmf7BZPDwkQ8GFPap+XFzBOb8+XFxWyuJadGqz2fBc
y+cSttntuFbr3pWwdxGy+nsYTTldZn1lN5tENerupTkcFPiAh2B/xaOVCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeXb/Wqy2IFlHikvd9rB+/fNpOiMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcDVkdjlhckxZZ1dVZUtTOTMyc0g3OTgyazZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzg8MA0G
CSqGSIb3DQEBCwUAA4IBAQA8vQUxRQKlPPZbzMbN5LmEJuAYvZwvtmOX6yJh/+oP
z8PUWGtWT5qErmTZUn7hqOOKElUwOsrHZm7HAeUGpvE7SjoBKDEXV4D7r17zmi39
NF31+wch0cetzMtZ236PSAOL9tyNhJCLHdD0soSnDXN4ca9kpLFbNyn+6ndHsr5a
neQE0spVcQynMQqq3l4be+/z/0rmLDoH/D+rD1V1kUy96NLFzTPhxaN3OFBq7QX2
VSgC78Cb1Cm62g8PHOeD9QITqXSR0IYRAJYEOdPyGKBtotF6M+jpzIbx8q2MKC49
ZTNCMHUB+tjxNhSB+MKI0u0fLeSjtt7Elz1pkFPBo9LB
-----END CERTIFICATE-----