Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IJ850Uf21pUq-5LyXKLzgl5IiyE.roa
File:                     IJ850Uf21pUq-5LyXKLzgl5IiyE.roa (raw, json)
Hash identifier:          UrH5XB4vpCykw1+G+m/5Zh5xDfvzlp6wja9LAFXguZY=
Subject key identifier:   20:9F:39:D1:47:F6:D6:95:2A:FB:92:F2:5C:A2:F3:82:5E:48:8B:21
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01967CB57DCDD70183D0E71AA897C89F061B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IJ850Uf21pUq-5LyXKLzgl5IiyE.roa
Signing time:             Mon 28 Apr 2025 14:03:10 +0000
ROA not before:           Mon 28 Apr 2025 14:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210083
IP address blocks:        31.57.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:b5:7d:cd:d7:01:83:d0:e7:1a:a8:97:c8:9f:06:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Apr 28 14:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=209f39d147f6d6952afb92f25ca2f3825e488b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:04:5e:91:17:81:52:db:dc:52:29:9c:e4:40:
                    38:c8:1b:a0:48:de:97:22:0d:ba:a3:a4:32:ed:30:
                    2e:48:78:29:e0:3c:28:0b:04:d7:7d:e1:39:93:41:
                    59:03:83:06:de:df:d6:6d:03:3c:19:ae:06:9c:7c:
                    df:e6:8d:23:8b:e3:fd:c4:f8:b5:6f:98:f1:34:72:
                    75:3a:dc:86:a3:a8:13:3b:01:6e:d3:a9:20:b1:0b:
                    4a:68:8c:b5:ad:a5:b0:00:c6:79:88:d2:e8:2d:a5:
                    76:6c:1b:2f:88:e8:c0:7a:2a:d6:a5:9a:fa:95:a4:
                    1c:7c:64:57:71:27:60:c1:ca:b6:7d:c3:a2:5f:63:
                    58:07:1a:8c:26:f3:91:42:6a:e3:bc:a3:89:55:b0:
                    05:6e:d8:cf:42:e5:32:74:cb:6b:a0:6b:f1:5f:6d:
                    00:f8:bd:7a:c6:24:30:24:ac:b1:01:52:45:bc:c1:
                    e6:c5:10:72:cf:4d:f1:55:8f:c8:c2:e8:2a:49:75:
                    cc:1e:77:1b:31:78:e0:94:22:4e:88:33:18:bc:13:
                    86:7c:4b:13:04:c8:71:56:27:1f:72:50:88:88:55:
                    d0:9b:12:f5:20:6f:1a:ba:fa:c0:ea:4f:75:b3:9c:
                    83:72:34:e0:1c:ee:ae:bf:dd:d7:3a:5f:b2:20:8e:
                    4b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:9F:39:D1:47:F6:D6:95:2A:FB:92:F2:5C:A2:F3:82:5E:48:8B:21
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/IJ850Uf21pUq-5LyXKLzgl5IiyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:64:6f:7d:a8:e8:4d:ec:63:61:92:36:6d:43:8f:43:0d:37:
         8e:05:86:c3:a5:26:b6:58:d4:25:4c:eb:95:a4:5d:7b:ad:54:
         27:76:ae:9a:79:59:4b:4c:e3:64:a6:88:55:8c:33:0e:19:54:
         59:7f:99:c2:3b:ba:06:a7:81:07:1d:2a:50:76:48:97:0c:24:
         49:e7:3a:f8:b6:be:fb:68:49:f1:30:35:e6:d2:30:ec:0c:35:
         af:f2:69:ea:95:9f:6b:c1:dd:b3:cf:ed:5c:66:80:be:03:bc:
         7d:7e:77:be:43:93:9a:c9:eb:ec:a7:fe:09:9b:89:ea:ac:59:
         a8:60:c6:1b:87:34:8f:b7:1c:dc:ea:28:aa:2a:46:cd:30:92:
         12:db:9c:ff:75:4a:1e:1b:71:19:1c:34:98:21:74:ed:95:68:
         01:0b:fe:7e:37:24:5f:bc:e8:76:c4:f2:f8:8d:7c:26:fc:6e:
         7c:09:e2:83:34:bb:78:73:d8:35:b8:f7:96:ed:d1:53:2d:b0:
         c5:23:9f:99:92:aa:00:78:5d:db:63:96:b0:c4:50:c3:64:de:
         ac:6e:55:8e:d0:e2:38:ef:99:ca:67:8e:fe:a2:4d:ed:80:c5:
         4b:42:f3:8a:c0:8f:ab:9a:52:4f:41:56:12:9f:aa:30:dc:96:
         c3:ab:b1:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8tX3N1wGD0OcaqJfInwYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNDI4MTQwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDlmMzlkMTQ3ZjZkNjk1MmFmYjkyZjI1Y2EyZjM4MjVlNDg4YjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqARekReBUtvcUimc5EA4yBugSN6X
Ig26o6Qy7TAuSHgp4DwoCwTXfeE5k0FZA4MG3t/WbQM8Ga4GnHzf5o0ji+P9xPi1
b5jxNHJ1OtyGo6gTOwFu06kgsQtKaIy1raWwAMZ5iNLoLaV2bBsviOjAeirWpZr6
laQcfGRXcSdgwcq2fcOiX2NYBxqMJvORQmrjvKOJVbAFbtjPQuUydMtroGvxX20A
+L16xiQwJKyxAVJFvMHmxRByz03xVY/IwugqSXXMHncbMXjglCJOiDMYvBOGfEsT
BMhxVicfclCIiFXQmxL1IG8auvrA6k91s5yDcjTgHO6uv93XOl+yII5LQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCfOdFH9taVKvuS8lyi84JeSIshMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSUo4NTBVZjIxcFVxLTVMeVhLTHpnbDVJaXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkgMA0G
CSqGSIb3DQEBCwUAA4IBAQBBZG99qOhN7GNhkjZtQ49DDTeOBYbDpSa2WNQlTOuV
pF17rVQndq6aeVlLTONkpohVjDMOGVRZf5nCO7oGp4EHHSpQdkiXDCRJ5zr4tr77
aEnxMDXm0jDsDDWv8mnqlZ9rwd2zz+1cZoC+A7x9fne+Q5Oayevsp/4Jm4nqrFmo
YMYbhzSPtxzc6iiqKkbNMJIS25z/dUoeG3EZHDSYIXTtlWgBC/5+NyRfvOh2xPL4
jXwm/G58CeKDNLt4c9g1uPeW7dFTLbDFI5+ZkqoAeF3bY5awxFDDZN6sblWO0OI4
75nKZ47+ok3tgMVLQvOKwI+rmlJPQVYSn6ow3JbDq7GB
-----END CERTIFICATE-----