Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aYRsAGa63CKf1trNfYPdMTweFjs.roa
File:                     aYRsAGa63CKf1trNfYPdMTweFjs.roa (raw, json)
Hash identifier:          eEzyur3d0rl5ma8hzVqRkSvyWGmIr8rvJapwT5t/HPs=
Subject key identifier:   69:84:6C:00:66:BA:DC:22:9F:D6:DA:CD:7D:83:DD:31:3C:1E:16:3B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019971D27F2DD42C4B68742F4848F4FBE118
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aYRsAGa63CKf1trNfYPdMTweFjs.roa
Signing time:             Mon 22 Sep 2025 14:27:24 +0000
ROA not before:           Mon 22 Sep 2025 14:27:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137235
IP address blocks:        31.56.23.0/24 maxlen: 24
                          31.57.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:d2:7f:2d:d4:2c:4b:68:74:2f:48:48:f4:fb:e1:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 22 14:27:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69846c0066badc229fd6dacd7d83dd313c1e163b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ae:61:24:89:e0:55:de:d6:1b:8f:7e:de:d8:
                    ef:d8:08:a6:5c:e8:a8:32:44:7b:c9:a2:5f:a3:5b:
                    40:0b:37:ac:ae:c6:96:03:50:41:d0:2e:ab:f6:1d:
                    f0:3c:24:6a:f2:bb:da:cc:ca:5a:ec:16:27:07:82:
                    77:7b:6b:83:42:de:b4:98:85:92:4e:3c:42:a3:ec:
                    99:47:9a:b6:ae:df:5a:db:08:f6:10:63:b0:e6:a2:
                    ac:d1:05:b6:9b:93:57:1d:11:b0:ea:3f:7e:5e:72:
                    ff:d4:3e:71:0a:dd:e6:ee:5e:5a:1b:9a:3b:16:9b:
                    60:8a:c2:e8:db:c5:f1:5b:fa:ef:1b:aa:1b:31:0c:
                    9d:07:6d:07:73:dc:46:f9:8d:28:ea:23:eb:5b:6f:
                    32:7c:13:bd:23:00:4e:2a:f5:56:78:65:6d:41:17:
                    c7:0b:97:37:f6:29:b6:b8:ef:33:63:cd:91:f7:9e:
                    06:e9:6f:a1:98:e0:7a:5e:c2:de:23:86:cb:77:88:
                    0e:98:f1:00:ab:10:bb:2d:a8:54:fa:68:8b:66:eb:
                    62:49:74:cc:c7:ed:3b:cb:85:84:6c:ca:1f:bd:25:
                    f2:48:4c:33:be:b1:16:58:20:e2:1b:88:c6:dd:99:
                    26:7f:e5:d5:46:5e:cb:77:fd:b2:15:d7:3f:87:64:
                    6f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:84:6C:00:66:BA:DC:22:9F:D6:DA:CD:7D:83:DD:31:3C:1E:16:3B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/aYRsAGa63CKf1trNfYPdMTweFjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.23.0/24
                  31.57.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:dc:20:e8:67:00:9b:6a:ab:27:0e:eb:6a:4f:aa:c9:6c:c5:
         0c:6b:04:b7:1c:4a:cd:ab:2f:02:62:90:7b:e9:13:4a:fa:b7:
         ea:33:96:bb:f1:cd:a4:1a:05:71:7a:09:f2:d2:7e:26:a4:dd:
         b4:19:fc:51:2a:a2:d6:a6:70:61:66:9b:95:22:70:57:17:2e:
         45:9f:53:51:85:5d:1c:72:ad:6b:54:e0:ce:c3:f0:2d:bc:72:
         7d:9d:43:ed:3e:ea:b1:dc:d8:be:a2:f2:f7:57:fb:f3:7b:ad:
         3d:eb:d9:67:c8:19:d8:5f:50:94:a0:3b:92:4d:ef:89:b5:be:
         1e:2b:bc:f7:76:42:74:46:80:cb:dc:b3:c9:5d:11:97:72:5f:
         22:af:6e:c5:3e:bb:00:42:9e:b4:7d:35:48:b2:00:ca:b9:6d:
         18:cb:5a:43:e6:0c:b6:da:0c:1b:65:e3:62:ea:26:7c:24:75:
         0c:4d:d7:d1:45:24:b7:fc:e7:f6:e7:2b:d1:f8:2e:19:10:dc:
         6c:ae:46:91:28:9d:23:10:1a:7f:b4:0f:3d:1b:fc:1b:6b:68:
         f4:74:66:2e:4f:7a:08:0c:85:d8:29:f6:d3:55:fb:88:eb:9c:
         5f:55:84:2b:83:1b:f8:ca:99:75:f3:c1:0b:fa:dd:97:19:f8:
         51:3c:95:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlx0n8t1CxLaHQvSEj0++EYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTIyMTQyNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTg0NmMwMDY2YmFkYzIyOWZkNmRhY2Q3ZDgzZGQzMTNjMWUxNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhq5hJIngVd7WG49+3tjv2AimXOio
MkR7yaJfo1tACzesrsaWA1BB0C6r9h3wPCRq8rvazMpa7BYnB4J3e2uDQt60mIWS
TjxCo+yZR5q2rt9a2wj2EGOw5qKs0QW2m5NXHRGw6j9+XnL/1D5xCt3m7l5aG5o7
FptgisLo28XxW/rvG6obMQydB20Hc9xG+Y0o6iPrW28yfBO9IwBOKvVWeGVtQRfH
C5c39im2uO8zY82R954G6W+hmOB6XsLeI4bLd4gOmPEAqxC7LahU+miLZutiSXTM
x+07y4WEbMofvSXySEwzvrEWWCDiG4jG3Zkmf+XVRl7Ld/2yFdc/h2RvsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGmEbABmutwin9bazX2D3TE8HhY7MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYVlSc0FHYTYzQ0tmMXRyTmZZUGRNVHdlRmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgXAwQA
HzkgMA0GCSqGSIb3DQEBCwUAA4IBAQCm3CDoZwCbaqsnDutqT6rJbMUMawS3HErN
qy8CYpB76RNK+rfqM5a78c2kGgVxegny0n4mpN20GfxRKqLWpnBhZpuVInBXFy5F
n1NRhV0ccq1rVODOw/AtvHJ9nUPtPuqx3Ni+ovL3V/vze60969lnyBnYX1CUoDuS
Te+Jtb4eK7z3dkJ0RoDL3LPJXRGXcl8ir27FPrsAQp60fTVIsgDKuW0Yy1pD5gy2
2gwbZeNi6iZ8JHUMTdfRRSS3/Of25yvR+C4ZENxsrkaRKJ0jEBp/tA89G/wba2j0
dGYuT3oIDIXYKfbTVfuI65xfVYQrgxv4ypl188EL+t2XGfhRPJVH
-----END CERTIFICATE-----