Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/x17hzr9T1fYdMhaaVIaOQGWaOqs.roa
File:                     x17hzr9T1fYdMhaaVIaOQGWaOqs.roa (raw, json)
Hash identifier:          wksebmTZlIua7V6ZRuQhvnlsMJP2zYSzRUcxLtQe1zk=
Subject key identifier:   C7:5E:E1:CE:BF:53:D5:F6:1D:32:16:9A:54:86:8E:40:65:9A:3A:AB
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197596061CDDF13A42142033C3B3C0A69B4
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/x17hzr9T1fYdMhaaVIaOQGWaOqs.roa
Signing time:             Tue 10 Jun 2025 10:26:18 +0000
ROA not before:           Tue 10 Jun 2025 10:26:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213464
IP address blocks:        31.59.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:60:61:cd:df:13:a4:21:42:03:3c:3b:3c:0a:69:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun 10 10:26:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c75ee1cebf53d5f61d32169a54868e40659a3aab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:b9:5d:b6:6d:e4:ad:fe:32:34:b0:50:ab:
                    69:de:41:84:57:d3:a3:c9:2d:a9:b3:3b:92:94:43:
                    f0:39:46:79:9c:91:1f:fc:2d:65:a1:5d:0a:00:6e:
                    17:cf:28:4b:21:41:59:9c:aa:da:7a:5c:f5:5e:46:
                    c0:82:30:5c:50:82:e3:39:3f:c7:74:e9:d7:f2:86:
                    ce:ba:33:ae:e6:25:10:27:9c:71:6f:6b:bb:f3:9d:
                    2c:ee:e7:42:a3:15:11:3b:9c:e7:a7:ef:ad:65:8a:
                    97:39:63:07:1f:89:f0:bf:c4:4d:33:95:0c:58:32:
                    d9:ac:33:62:22:f3:42:cb:75:66:8e:d1:cf:a7:78:
                    c0:62:6e:4f:23:7d:c5:00:13:05:0e:20:d5:54:a7:
                    d0:5e:5e:55:eb:c4:1c:a8:b5:ab:aa:3e:6d:3d:cb:
                    da:8b:b3:9d:d9:59:01:2d:c8:e8:50:20:7c:24:ab:
                    84:8e:52:6f:81:a2:72:16:46:17:8f:9e:b9:3e:da:
                    55:08:a5:43:8f:ba:0d:39:15:74:79:d1:43:ed:95:
                    49:6c:d9:02:ed:39:5f:b0:75:0d:fc:ce:4f:da:1b:
                    7d:8e:07:ce:5c:74:d5:bc:97:b6:f0:76:6d:0e:2a:
                    a2:ef:65:00:72:cc:ba:d5:2f:d7:7f:ba:46:1a:69:
                    0b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:5E:E1:CE:BF:53:D5:F6:1D:32:16:9A:54:86:8E:40:65:9A:3A:AB
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/x17hzr9T1fYdMhaaVIaOQGWaOqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d3:f2:43:f1:71:fa:4e:2c:30:3e:02:21:72:4a:de:53:ac:
         4e:fe:93:17:7c:9a:a4:69:c7:fb:72:9d:8e:da:da:9a:ad:82:
         8a:9d:c0:48:5d:d0:f7:a3:17:27:51:80:34:b3:d3:83:d2:8d:
         cc:0f:33:14:cc:ae:94:5e:be:88:3f:23:4f:89:9c:80:fa:b5:
         bf:c1:dc:7d:58:e7:14:0a:d4:73:a6:b7:4e:23:c3:ce:0c:06:
         74:59:df:0f:48:eb:3a:8b:a6:2b:ae:e4:ed:d1:1a:37:01:19:
         8b:71:13:85:3b:44:e6:aa:6e:29:8e:e4:ab:de:18:0e:ec:eb:
         81:8d:e3:e1:4b:ba:47:b4:c6:07:69:73:2c:6c:2a:84:94:5d:
         59:0d:f7:fd:0b:6f:90:4e:04:6c:aa:89:57:1b:9d:73:78:85:
         fa:dc:72:ce:39:73:57:50:94:8b:46:2b:1f:fe:e0:d0:d2:dd:
         ae:f0:34:6e:c5:5d:bb:38:2d:d6:5b:ce:e8:15:b0:63:67:55:
         25:8a:38:87:84:40:68:62:e2:1d:bf:c6:27:30:90:ed:14:09:
         37:74:3b:5e:9f:e5:68:a1:47:52:3e:3c:7d:e9:e6:e3:f3:67:
         ba:36:d8:eb:19:6d:a6:68:23:e2:6d:d2:05:12:1c:95:96:09:
         cd:cc:fb:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZYGHN3xOkIUIDPDs8Cmm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjEwMTAyNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzVlZTFjZWJmNTNkNWY2MWQzMjE2OWE1NDg2OGU0MDY1OWEzYWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUS5XbZt5K3+MjSwUKtp3kGEV9Oj
yS2pszuSlEPwOUZ5nJEf/C1loV0KAG4XzyhLIUFZnKraelz1XkbAgjBcUILjOT/H
dOnX8obOujOu5iUQJ5xxb2u7850s7udCoxURO5znp++tZYqXOWMHH4nwv8RNM5UM
WDLZrDNiIvNCy3VmjtHPp3jAYm5PI33FABMFDiDVVKfQXl5V68QcqLWrqj5tPcva
i7Od2VkBLcjoUCB8JKuEjlJvgaJyFkYXj565PtpVCKVDj7oNORV0edFD7ZVJbNkC
7TlfsHUN/M5P2ht9jgfOXHTVvJe28HZtDiqi72UAcsy61S/Xf7pGGmkL5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMde4c6/U9X2HTIWmlSGjkBlmjqrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveDE3aHpyOVQxZllkTWhhYVZJYU9RR1dhT3FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzuAMA0G
CSqGSIb3DQEBCwUAA4IBAQAi0/JD8XH6TiwwPgIhckreU6xO/pMXfJqkacf7cp2O
2tqarYKKncBIXdD3oxcnUYA0s9OD0o3MDzMUzK6UXr6IPyNPiZyA+rW/wdx9WOcU
CtRzprdOI8PODAZ0Wd8PSOs6i6YrruTt0Ro3ARmLcROFO0Tmqm4pjuSr3hgO7OuB
jePhS7pHtMYHaXMsbCqElF1ZDff9C2+QTgRsqolXG51zeIX63HLOOXNXUJSLRisf
/uDQ0t2u8DRuxV27OC3WW87oFbBjZ1UlijiHhEBoYuIdv8YnMJDtFAk3dDten+Vo
oUdSPjx96ebj82e6NtjrGW2maCPibdIFEhyVlgnNzPvU
-----END CERTIFICATE-----