Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/4jM0JVjRqyqNZv5MXvbIPvqtPak.roa
File:                     4jM0JVjRqyqNZv5MXvbIPvqtPak.roa (raw, json)
Hash identifier:          esLYhdOdh3leFG/PbeUzrVs3Llk7R0kG4kYUF7ITJVs=
Subject key identifier:   E2:33:34:25:58:D1:AB:2A:8D:66:FE:4C:5E:F6:C8:3E:FA:AD:3D:A9
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       0197F3D4089742A021946D89697D21B943F0
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/4jM0JVjRqyqNZv5MXvbIPvqtPak.roa
Signing time:             Thu 10 Jul 2025 10:14:08 +0000
ROA not before:           Thu 10 Jul 2025 10:14:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        81.31.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:d4:08:97:42:a0:21:94:6d:89:69:7d:21:b9:43:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Jul 10 10:14:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e233342558d1ab2a8d66fe4c5ef6c83efaad3da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5d:a1:90:e1:19:49:0c:9e:f8:b6:39:75:cd:
                    18:07:78:fc:5d:cf:f2:34:f4:d5:87:97:a7:81:77:
                    cb:44:16:43:e1:c3:76:68:d5:66:e1:b8:a7:21:76:
                    64:58:ba:b6:20:64:69:47:e8:4f:fe:93:4c:9d:bb:
                    32:90:aa:e5:6f:f9:4b:b4:3c:87:2e:7c:b7:3c:ee:
                    73:eb:3d:ae:47:ad:30:ea:98:d7:35:ac:f4:32:00:
                    f5:17:8e:a7:c7:66:e2:01:2f:cd:d6:79:07:11:e3:
                    6a:ad:70:99:92:cd:14:39:3c:8d:09:59:fa:c2:37:
                    44:32:ef:63:fb:9c:7f:a2:17:51:2e:68:c7:bc:e6:
                    f7:46:40:73:f3:7e:4d:74:64:f0:ec:0d:e8:57:91:
                    a4:b1:b5:87:5f:d0:b1:a9:f6:41:c9:81:a1:9e:c1:
                    4c:7b:b3:21:59:0a:76:94:9c:c8:cf:d6:bb:86:b0:
                    5d:ae:76:06:18:f2:df:46:f7:41:61:e1:4e:07:16:
                    51:ec:4a:51:1c:1b:20:f5:10:b4:02:10:fc:5f:fc:
                    a4:f3:65:52:e9:ba:ca:cd:7b:de:0e:6d:aa:27:34:
                    83:b8:ff:f6:66:aa:ed:7b:a7:39:78:ac:1f:de:5c:
                    de:eb:ba:13:a8:e9:2a:6c:a8:ab:00:ba:7a:a0:60:
                    37:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:33:34:25:58:D1:AB:2A:8D:66:FE:4C:5E:F6:C8:3E:FA:AD:3D:A9
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/4jM0JVjRqyqNZv5MXvbIPvqtPak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:77:69:2e:f4:a7:85:30:01:00:4a:37:f6:50:fa:c9:55:11:
         7e:e3:8b:08:c5:67:eb:34:0a:47:3a:7f:33:90:7a:7c:db:a8:
         71:1f:d8:cf:35:4e:ea:76:8a:75:2f:bc:57:a3:42:f6:28:0e:
         3f:55:50:c1:3c:51:d6:9a:d2:38:88:4c:3e:d2:30:6d:f5:c9:
         18:01:c8:a8:71:88:9d:fe:18:89:89:e0:25:95:40:c9:8c:fd:
         6d:ae:ee:10:e7:5d:3d:f0:c3:a6:08:71:44:46:2b:3e:b7:4d:
         d4:0f:6c:74:1e:16:d5:6d:79:9d:45:bc:39:ec:88:25:7e:af:
         6e:d1:de:d1:99:ee:53:ba:56:5b:07:01:a6:62:fc:0e:ad:61:
         71:73:b2:8c:52:be:72:f3:3d:b7:d9:f6:1c:66:51:64:35:ed:
         b6:49:d6:3f:f0:25:6e:3e:8e:bf:5f:e2:52:0e:e0:06:95:86:
         b4:23:f7:b6:3c:83:a1:63:94:9e:dd:8f:70:9d:f2:19:3d:09:
         b8:53:dd:66:d8:53:8d:db:79:a1:ed:19:d8:77:45:d8:c6:b6:
         56:df:54:a8:f2:86:22:7c:12:5b:0d:2c:a4:e9:de:6f:14:8c:
         87:47:51:e5:9d:c5:bc:bb:9e:f9:8e:cf:8d:ef:db:cf:aa:dc:
         82:e6:f7:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz1AiXQqAhlG2JaX0huUPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjUwNzEwMTAxNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjMzMzQyNTU4ZDFhYjJhOGQ2NmZlNGM1ZWY2YzgzZWZhYWQzZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv12hkOEZSQye+LY5dc0YB3j8Xc/y
NPTVh5engXfLRBZD4cN2aNVm4binIXZkWLq2IGRpR+hP/pNMnbsykKrlb/lLtDyH
Lny3PO5z6z2uR60w6pjXNaz0MgD1F46nx2biAS/N1nkHEeNqrXCZks0UOTyNCVn6
wjdEMu9j+5x/ohdRLmjHvOb3RkBz835NdGTw7A3oV5GksbWHX9CxqfZByYGhnsFM
e7MhWQp2lJzIz9a7hrBdrnYGGPLfRvdBYeFOBxZR7EpRHBsg9RC0AhD8X/yk82VS
6brKzXveDm2qJzSDuP/2Zqrte6c5eKwf3lze67oTqOkqbKirALp6oGA3/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIzNCVY0asqjWb+TF72yD76rT2pMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvNGpNMEpWalJxeXFOWnY1TVh2YklQdnF0UGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/HMA0G
CSqGSIb3DQEBCwUAA4IBAQAHd2ku9KeFMAEASjf2UPrJVRF+44sIxWfrNApHOn8z
kHp826hxH9jPNU7qdop1L7xXo0L2KA4/VVDBPFHWmtI4iEw+0jBt9ckYAciocYid
/hiJieAllUDJjP1tru4Q51098MOmCHFERis+t03UD2x0HhbVbXmdRbw57Iglfq9u
0d7Rme5TulZbBwGmYvwOrWFxc7KMUr5y8z232fYcZlFkNe22SdY/8CVuPo6/X+JS
DuAGlYa0I/e2PIOhY5Se3Y9wnfIZPQm4U91m2FON23mh7RnYd0XYxrZW31So8oYi
fBJbDSyk6d5vFIyHR1HlncW8u575js+N79vPqtyC5veh
-----END CERTIFICATE-----