Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/owtEEYJtp8mnBW5ekripBxy0Mpw.roa
File:                     owtEEYJtp8mnBW5ekripBxy0Mpw.roa (raw, json)
Hash identifier:          zgx6uMTbBm9gEP37NLvUkr46AEqrjY5fezoX6AsxKr0=
Subject key identifier:   A3:0B:44:11:82:6D:A7:C9:A7:05:6E:5E:92:B8:A9:07:1C:B4:32:9C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199CA3423078AAC801F22F311DB3543218C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/owtEEYJtp8mnBW5ekripBxy0Mpw.roa
Signing time:             Thu 09 Oct 2025 18:20:38 +0000
ROA not before:           Thu 09 Oct 2025 18:20:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203462
IP address blocks:        31.59.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ca:34:23:07:8a:ac:80:1f:22:f3:11:db:35:43:21:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  9 18:20:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a30b4411826da7c9a7056e5e92b8a9071cb4329c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a5:c2:24:92:77:7e:5f:8f:ff:58:1b:76:62:
                    2a:2c:b5:9a:e8:14:1a:68:a6:80:0c:72:a1:db:a7:
                    3e:41:c6:ae:8e:f1:ca:9c:ae:dc:c2:62:1d:01:20:
                    54:6c:0b:32:e7:b0:fb:94:aa:17:7e:61:6b:56:42:
                    00:9a:45:9a:a2:44:69:cf:a2:37:aa:77:d6:12:bc:
                    c0:ec:e2:41:57:54:2a:97:62:80:80:25:17:b8:de:
                    df:f4:20:69:fe:37:f4:ee:8b:9d:2c:1f:90:08:b8:
                    b6:f3:a1:88:6f:19:32:10:5d:a9:a1:05:bd:76:1c:
                    fa:2c:b4:68:dd:fe:1e:97:8d:cc:c1:8d:d3:30:39:
                    65:53:ed:5d:19:0b:ca:e0:60:8a:90:6c:23:42:73:
                    a9:f9:5a:fe:97:2f:77:4c:76:b8:de:20:1d:b1:8d:
                    79:1d:d6:2e:1d:a5:43:81:1b:ca:26:1b:83:f0:f0:
                    74:d9:94:53:b2:8a:04:ea:e5:4d:67:91:6f:48:fd:
                    e2:e0:55:44:f4:b5:21:d9:08:29:5c:31:03:4d:d3:
                    16:19:93:c9:2a:33:e2:df:67:6c:73:64:06:06:87:
                    22:8b:a1:08:f3:1a:8a:a9:68:33:65:f3:c9:24:e4:
                    46:bd:c9:36:7e:2b:1b:32:e9:53:f4:f3:4f:a0:b0:
                    a0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:0B:44:11:82:6D:A7:C9:A7:05:6E:5E:92:B8:A9:07:1C:B4:32:9C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/owtEEYJtp8mnBW5ekripBxy0Mpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:1b:bc:cd:b4:12:9c:f6:14:6c:f4:09:ff:53:bd:65:5b:7d:
         90:17:81:28:54:67:d7:22:d3:44:db:a6:27:7e:fd:3d:5b:0d:
         39:c6:64:6a:d4:05:27:e7:26:44:fb:a5:5f:74:d5:82:65:e0:
         66:a9:bc:86:4e:d9:0e:57:52:17:b2:63:d8:d1:8f:71:5f:ad:
         bd:34:6d:d4:c1:0f:d8:15:ee:52:0b:c2:8f:15:e2:94:71:61:
         b8:34:68:d5:a1:12:08:1a:ee:9c:14:7b:df:bf:f2:82:2a:57:
         b8:6e:7a:be:62:a6:37:31:94:65:3d:4f:6c:59:b1:00:d5:3d:
         5a:2d:e6:44:b4:0d:3d:7a:2b:0f:26:0f:39:1b:a5:e2:63:5b:
         24:3e:84:74:07:d2:cd:17:c4:94:f4:b5:02:9a:00:44:0e:96:
         24:18:cf:e2:51:b8:7e:98:95:b2:fc:2e:c9:17:8d:11:11:49:
         24:45:c1:2a:6f:95:9b:f4:24:37:b8:8d:06:18:cc:38:f8:ad:
         c6:b8:e1:7d:63:7e:bb:62:cf:1f:99:44:58:25:a0:fc:ba:d1:
         e5:02:d7:c1:29:10:fd:26:16:fe:38:9a:16:bd:49:7e:3b:a2:
         c7:51:58:e0:a1:98:ff:a2:7b:20:91:50:cd:32:a0:3c:5e:54:
         2d:99:8f:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnKNCMHiqyAHyLzEds1QyGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUxMDA5MTgyMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzBiNDQxMTgyNmRhN2M5YTcwNTZlNWU5MmI4YTkwNzFjYjQzMjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqXCJJJ3fl+P/1gbdmIqLLWa6BQa
aKaADHKh26c+QcaujvHKnK7cwmIdASBUbAsy57D7lKoXfmFrVkIAmkWaokRpz6I3
qnfWErzA7OJBV1Qql2KAgCUXuN7f9CBp/jf07oudLB+QCLi286GIbxkyEF2poQW9
dhz6LLRo3f4el43MwY3TMDllU+1dGQvK4GCKkGwjQnOp+Vr+ly93THa43iAdsY15
HdYuHaVDgRvKJhuD8PB02ZRTsooE6uVNZ5FvSP3i4FVE9LUh2QgpXDEDTdMWGZPJ
KjPi32dsc2QGBocii6EI8xqKqWgzZfPJJORGvck2fisbMulT9PNPoLCgiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMLRBGCbafJpwVuXpK4qQcctDKcMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvb3d0RUVZSnRwOG1uQlc1ZWtyaXBCeHkwTXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHztZMA0G
CSqGSIb3DQEBCwUAA4IBAQDBG7zNtBKc9hRs9An/U71lW32QF4EoVGfXItNE26Yn
fv09Ww05xmRq1AUn5yZE+6VfdNWCZeBmqbyGTtkOV1IXsmPY0Y9xX629NG3UwQ/Y
Fe5SC8KPFeKUcWG4NGjVoRIIGu6cFHvfv/KCKle4bnq+YqY3MZRlPU9sWbEA1T1a
LeZEtA09eisPJg85G6XiY1skPoR0B9LNF8SU9LUCmgBEDpYkGM/iUbh+mJWy/C7J
F40REUkkRcEqb5Wb9CQ3uI0GGMw4+K3GuOF9Y367Ys8fmURYJaD8utHlAtfBKRD9
Jhb+OJoWvUl+O6LHUVjgoZj/onsgkVDNMqA8XlQtmY/l
-----END CERTIFICATE-----