Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XrLVXjzaXmHtFVt4KmXSmtfSdTA.roa
File:                     XrLVXjzaXmHtFVt4KmXSmtfSdTA.roa (raw, json)
Hash identifier:          Ve1z/DvXAelmoknyPsbn6udTib/w6sw1etVLW2JZdlI=
Subject key identifier:   5E:B2:D5:5E:3C:DA:5E:61:ED:15:5B:78:2A:65:D2:9A:D7:D2:75:30
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019692520423A9761463A82E338E319D74A1
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XrLVXjzaXmHtFVt4KmXSmtfSdTA.roa
Signing time:             Fri 02 May 2025 18:46:10 +0000
ROA not before:           Fri 02 May 2025 18:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273138
IP address blocks:        31.56.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:92:52:04:23:a9:76:14:63:a8:2e:33:8e:31:9d:74:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  2 18:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5eb2d55e3cda5e61ed155b782a65d29ad7d27530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e6:53:4d:84:f7:6c:85:75:d6:6c:81:7c:b8:
                    71:78:28:2b:49:ad:55:92:49:b3:d7:3b:7e:b6:9b:
                    48:68:78:32:05:32:c8:3c:f7:6a:89:3f:c2:5c:eb:
                    28:10:ac:13:fd:5c:fe:52:c1:32:62:79:fa:c4:b8:
                    e2:63:5b:3a:3c:79:eb:03:a0:d9:0d:07:e5:f2:8e:
                    09:0e:50:a6:73:42:00:1f:47:6e:d1:38:44:7f:d2:
                    59:cd:2c:1f:71:97:68:b6:3d:77:19:9c:cb:c7:e5:
                    3b:67:27:a9:d1:ce:cc:2a:d8:70:32:ee:29:59:ee:
                    e8:b2:2d:8b:7d:44:d7:c7:cb:16:65:e4:d6:bd:c7:
                    96:f7:25:53:f7:1a:27:3c:1d:d5:16:b9:ba:c2:09:
                    30:34:2f:25:70:93:bc:87:cb:45:6f:82:a8:ca:74:
                    78:03:a6:a5:d4:c3:b7:04:7e:77:8b:63:de:85:43:
                    4a:5f:2f:77:0a:c1:87:67:a9:f6:34:5b:8c:00:6c:
                    d5:96:f6:79:50:e1:08:f0:ad:02:0a:ac:a6:23:53:
                    3a:24:a8:cf:69:09:96:17:45:7e:10:79:6c:91:b1:
                    6e:3d:96:c6:4c:17:7f:5a:d6:ac:ec:4e:22:51:3c:
                    aa:3a:27:20:75:7b:b0:54:78:21:f4:96:27:2b:ae:
                    01:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B2:D5:5E:3C:DA:5E:61:ED:15:5B:78:2A:65:D2:9A:D7:D2:75:30
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XrLVXjzaXmHtFVt4KmXSmtfSdTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:0b:39:8f:52:c8:2f:97:f1:17:e4:f6:69:8f:96:57:1e:29:
         3a:92:50:21:a8:2e:1f:6b:30:7b:46:88:e1:13:b1:14:66:b0:
         af:ab:e2:10:2d:0e:98:0c:79:e2:69:0e:5e:0f:f5:79:90:1f:
         bf:11:6e:d3:19:eb:00:e4:19:da:59:a0:7d:ca:b2:f2:99:97:
         f5:3c:9d:3b:c3:df:21:29:88:c5:b3:38:69:b6:55:f9:20:d6:
         e2:3e:84:03:ae:5f:1e:4f:13:75:f8:9d:63:76:27:94:89:51:
         e7:3b:43:a5:6f:bc:5b:d1:d8:91:8f:5d:a2:b8:79:27:30:80:
         36:24:f0:20:fb:03:72:7c:d4:98:e1:3f:01:09:fe:f6:d5:65:
         bc:2f:c6:29:37:ab:5a:1b:7e:65:06:b9:29:48:29:1d:9b:54:
         e2:21:c9:6b:dc:3f:15:d7:dc:62:a0:e6:f8:16:71:fa:9a:5b:
         fd:94:a9:e4:aa:c4:d6:5a:ef:e7:5c:0e:9e:fd:db:d0:99:34:
         e2:d8:f8:50:ce:9a:bb:cb:a4:95:97:7c:e6:5e:eb:ab:43:10:
         e8:3b:0a:82:2b:a9:ed:d5:c6:79:05:c7:89:dc:b7:51:07:7a:
         b1:18:e9:ce:a7:f0:7b:7c:41:fd:5f:33:a7:43:45:54:98:43:
         c9:e2:1f:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaSUgQjqXYUY6guM44xnXShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTAyMTg0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWIyZDU1ZTNjZGE1ZTYxZWQxNTViNzgyYTY1ZDI5YWQ3ZDI3NTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeZTTYT3bIV11myBfLhxeCgrSa1V
kkmz1zt+tptIaHgyBTLIPPdqiT/CXOsoEKwT/Vz+UsEyYnn6xLjiY1s6PHnrA6DZ
DQfl8o4JDlCmc0IAH0du0ThEf9JZzSwfcZdotj13GZzLx+U7Zyep0c7MKthwMu4p
We7osi2LfUTXx8sWZeTWvceW9yVT9xonPB3VFrm6wgkwNC8lcJO8h8tFb4KoynR4
A6al1MO3BH53i2PehUNKXy93CsGHZ6n2NFuMAGzVlvZ5UOEI8K0CCqymI1M6JKjP
aQmWF0V+EHlskbFuPZbGTBd/Wtas7E4iUTyqOicgdXuwVHgh9JYnK64B8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6y1V482l5h7RVbeCpl0prX0nUwMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWHJMVlhqemFYbUh0RlZ0NEttWFNtdGZTZFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzjXMA0G
CSqGSIb3DQEBCwUAA4IBAQCtCzmPUsgvl/EX5PZpj5ZXHik6klAhqC4fazB7Rojh
E7EUZrCvq+IQLQ6YDHniaQ5eD/V5kB+/EW7TGesA5BnaWaB9yrLymZf1PJ07w98h
KYjFszhptlX5INbiPoQDrl8eTxN1+J1jdieUiVHnO0Olb7xb0diRj12iuHknMIA2
JPAg+wNyfNSY4T8BCf721WW8L8YpN6taG35lBrkpSCkdm1TiIclr3D8V19xioOb4
FnH6mlv9lKnkqsTWWu/nXA6e/dvQmTTi2PhQzpq7y6SVl3zmXuurQxDoOwqCK6nt
1cZ5BceJ3LdRB3qxGOnOp/B7fEH9XzOnQ0VUmEPJ4h+r
-----END CERTIFICATE-----