Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rD9Lfpfvqpaf5YwF930pY-RHw4U.roa
File:                     rD9Lfpfvqpaf5YwF930pY-RHw4U.roa (raw, json)
Hash identifier:          1ZOx9VJurPFoYDxQMkiHZghmEtD6d9ULIIhIE8u108w=
Subject key identifier:   AC:3F:4B:7E:97:EF:AA:96:9F:E5:8C:05:F7:7D:29:63:E4:47:C3:85
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01975963225C6162359C2390FC5E4E57F57E
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rD9Lfpfvqpaf5YwF930pY-RHw4U.roa
Signing time:             Tue 10 Jun 2025 10:29:18 +0000
ROA not before:           Tue 10 Jun 2025 10:29:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        31.56.238.0/24 maxlen: 24
                          31.58.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:63:22:5c:61:62:35:9c:23:90:fc:5e:4e:57:f5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 10 10:29:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac3f4b7e97efaa969fe58c05f77d2963e447c385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a8:ba:4a:0b:19:6f:4d:64:a0:85:8f:b8:72:
                    4a:f4:4f:49:a9:9c:8d:8d:53:84:20:87:77:02:a8:
                    b4:78:a3:d0:15:8a:f3:dc:a0:4a:57:f7:94:7f:1f:
                    32:77:72:e9:96:28:b6:0c:33:9b:b4:4a:93:d1:68:
                    15:4a:17:eb:4d:5a:d9:3a:d9:73:93:13:ba:65:d3:
                    d3:1a:b2:03:a7:7d:2a:ab:d7:61:a2:a7:7e:7a:54:
                    23:3a:10:e1:29:b4:71:4e:af:ab:ee:a4:23:ec:5b:
                    aa:a0:a0:1e:51:a6:6e:e7:c2:64:ae:f8:a2:74:ab:
                    6d:49:12:0f:35:92:8f:c8:5a:e5:35:98:9e:da:b8:
                    44:4e:c5:13:6a:48:b3:a9:3f:28:04:48:9f:48:71:
                    67:88:92:a6:b4:88:25:aa:40:15:d0:35:ae:67:01:
                    98:e6:e4:55:ac:b1:79:ed:24:f8:cb:a3:5c:c6:0c:
                    a3:67:ef:f6:5e:6a:36:b3:21:de:c3:7e:2d:4b:2b:
                    27:b7:74:12:62:82:3f:dc:19:37:45:b5:13:64:a3:
                    9f:46:d3:87:49:bf:0b:e3:57:bb:e0:8c:3d:74:6f:
                    33:9b:0b:31:ad:ae:78:4a:04:67:bc:8f:17:64:07:
                    6d:eb:f4:00:d2:f7:3b:15:1b:46:1e:a7:d2:1e:e9:
                    a2:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3F:4B:7E:97:EF:AA:96:9F:E5:8C:05:F7:7D:29:63:E4:47:C3:85
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rD9Lfpfvqpaf5YwF930pY-RHw4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.238.0/24
                  31.58.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:08:25:ac:a2:a8:78:b4:52:cb:d1:c1:f2:fa:9b:68:22:39:
         c8:96:69:c9:9a:3a:22:43:c3:54:97:c0:e2:80:73:12:cf:8c:
         0f:7a:24:64:f3:fe:94:0b:95:44:39:3b:5f:54:96:6a:82:70:
         61:69:a8:e8:b4:37:25:6e:c9:72:d1:4a:1f:09:95:de:01:f2:
         3e:b7:05:4a:78:01:37:4b:57:dc:92:e0:b5:c1:8e:40:06:0f:
         1f:6e:e9:fb:d5:ed:a8:df:b0:39:6d:e4:f2:62:3c:bb:a6:36:
         60:61:08:0d:24:b7:4c:7b:58:98:c3:db:0f:c8:92:56:4b:f0:
         35:e0:94:c2:01:e6:35:af:6e:ba:a0:d5:86:7e:c1:5c:0b:11:
         90:e6:e6:72:74:31:97:92:b1:1f:d0:92:39:cf:9e:39:0e:eb:
         02:df:ec:15:b5:a8:af:b8:b1:f4:60:78:c5:30:02:50:87:d0:
         6f:c3:58:c3:68:ca:e8:76:f0:ea:d1:c0:6c:5d:a2:96:74:f3:
         11:01:dc:46:de:da:f9:07:e1:1b:cc:46:08:ec:c3:93:ca:6d:
         4f:9d:2c:bc:24:79:c3:39:25:6e:e0:9c:7b:ed:1c:36:80:00:
         0d:13:6a:e3:e5:86:e7:c3:72:99:ce:d4:f2:21:1c:73:0e:59:
         c7:72:fe:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdZYyJcYWI1nCOQ/F5OV/V+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjEwMTAyOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNmNGI3ZTk3ZWZhYTk2OWZlNThjMDVmNzdkMjk2M2U0NDdjMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKi6SgsZb01koIWPuHJK9E9JqZyN
jVOEIId3Aqi0eKPQFYrz3KBKV/eUfx8yd3Lplii2DDObtEqT0WgVShfrTVrZOtlz
kxO6ZdPTGrIDp30qq9dhoqd+elQjOhDhKbRxTq+r7qQj7FuqoKAeUaZu58Jkrvii
dKttSRIPNZKPyFrlNZie2rhETsUTakizqT8oBEifSHFniJKmtIglqkAV0DWuZwGY
5uRVrLF57ST4y6NcxgyjZ+/2Xmo2syHew34tSysnt3QSYoI/3Bk3RbUTZKOfRtOH
Sb8L41e74Iw9dG8zmwsxra54SgRnvI8XZAdt6/QA0vc7FRtGHqfSHumipwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKw/S36X76qWn+WMBfd9KWPkR8OFMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvckQ5TGZwZnZxcGFmNVl3RjkzMHBZLVJIdzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjuAwQA
HzpFMA0GCSqGSIb3DQEBCwUAA4IBAQBYCCWsoqh4tFLL0cHy+ptoIjnIlmnJmjoi
Q8NUl8DigHMSz4wPeiRk8/6UC5VEOTtfVJZqgnBhaajotDclbsly0UofCZXeAfI+
twVKeAE3S1fckuC1wY5ABg8fbun71e2o37A5beTyYjy7pjZgYQgNJLdMe1iYw9sP
yJJWS/A14JTCAeY1r266oNWGfsFcCxGQ5uZydDGXkrEf0JI5z545DusC3+wVtaiv
uLH0YHjFMAJQh9Bvw1jDaMrodvDq0cBsXaKWdPMRAdxG3tr5B+EbzEYI7MOTym1P
nSy8JHnDOSVu4Jx77Rw2gAANE2rj5Ybnw3KZztTyIRxzDlnHcv5z
-----END CERTIFICATE-----