Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3nHtm8r9glxe5HABk6hICW2oNQo.roa
File:                     3nHtm8r9glxe5HABk6hICW2oNQo.roa (raw, json)
Hash identifier:          qt2VwpUQ9/gtau32Vbki5qCtyLXsp8ewQMAksaMMmSI=
Subject key identifier:   DE:71:ED:9B:CA:FD:82:5C:5E:E4:70:01:93:A8:48:09:6D:A8:35:0A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197F57A185F33D5C9B033F382F59821589A
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3nHtm8r9glxe5HABk6hICW2oNQo.roa
Signing time:             Thu 10 Jul 2025 17:55:08 +0000
ROA not before:           Thu 10 Jul 2025 17:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153997
IP address blocks:        31.57.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:7a:18:5f:33:d5:c9:b0:33:f3:82:f5:98:21:58:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 10 17:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de71ed9bcafd825c5ee4700193a848096da8350a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6c:e5:e0:a4:89:aa:0e:2c:1c:e4:e2:70:b9:
                    df:64:9d:1e:2e:65:a0:51:7f:c8:52:9e:7f:e0:6b:
                    1b:e5:e8:63:dc:53:3a:23:7c:3b:6f:96:cd:d0:9f:
                    18:80:9a:a6:fe:47:d3:a2:e8:bc:5f:96:fc:5b:a7:
                    d5:83:0f:77:98:6f:0e:eb:bd:d7:31:4d:ce:3a:bf:
                    87:c3:d1:c8:f3:9d:82:11:48:b5:2c:8f:16:ad:ff:
                    d1:cc:26:0c:54:f0:84:2f:f1:e5:6a:67:96:57:af:
                    7e:9a:c8:71:70:39:00:c2:c7:11:73:0c:b6:3e:d0:
                    22:bb:20:45:e1:0b:c8:19:e7:ef:80:31:24:ff:2d:
                    d7:80:b7:3e:fa:4b:7f:06:3e:51:28:8f:4d:db:22:
                    58:d2:4b:b3:ae:ad:86:70:a4:b6:c4:d4:30:3d:52:
                    5d:b8:ee:48:32:d5:1c:94:7c:8c:d7:fe:92:1c:e9:
                    c9:76:2f:e0:ea:f7:bf:b4:7e:32:d0:20:81:c2:b2:
                    81:0b:06:48:4f:86:06:54:ab:2d:9d:81:d4:c4:e6:
                    a4:02:34:3d:ef:af:fb:a5:60:0e:cd:67:6a:b0:98:
                    ec:03:56:da:33:1f:a5:b6:a0:cb:20:45:7d:f7:61:
                    76:32:68:65:a2:d8:a0:e6:50:cb:02:3f:01:7f:0b:
                    86:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:71:ED:9B:CA:FD:82:5C:5E:E4:70:01:93:A8:48:09:6D:A8:35:0A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/3nHtm8r9glxe5HABk6hICW2oNQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c7:58:1b:a4:eb:a9:16:fc:0a:7d:d9:77:09:bc:cb:0a:7a:
         64:c9:3c:99:ea:94:ac:fe:78:b9:74:19:de:d9:57:bd:11:de:
         6d:da:59:ea:68:3a:f2:c9:3f:6e:43:87:5a:57:92:cf:9d:ff:
         24:f8:6b:f8:fe:19:d6:56:74:b7:be:e4:ec:9f:35:28:e8:4b:
         ed:a5:63:a8:ad:82:1a:b5:12:6f:ce:7b:03:33:f8:1f:6a:fe:
         36:3e:d7:1d:ce:be:0c:ab:c2:0f:7b:34:36:50:d9:31:43:9f:
         ce:94:4c:c1:5f:67:57:5a:9c:e4:c0:41:01:f8:d4:24:07:a5:
         3e:4d:ba:94:48:c0:ee:3c:48:8e:32:29:44:e3:07:69:da:9f:
         ce:2a:c0:e2:98:22:4d:e0:e6:7d:c3:f2:e4:95:7b:db:29:8c:
         bf:6e:7f:b1:29:be:f2:d4:08:6d:63:6a:6a:86:71:32:e4:d6:
         9d:ac:8e:8e:80:4d:09:57:fb:ab:4a:07:20:50:bd:f6:fc:77:
         4d:01:3d:58:f9:cb:4b:2b:a8:01:21:ba:e9:75:6b:3a:a1:bd:
         99:7e:bb:d6:8b:b9:b2:a0:6f:76:fb:3c:95:1d:17:f3:a8:d3:
         cf:63:6c:c2:75:73:85:fd:b1:08:19:90:61:f9:88:73:ef:6d:
         16:6c:5d:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf1ehhfM9XJsDPzgvWYIViaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzEwMTc1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTcxZWQ5YmNhZmQ4MjVjNWVlNDcwMDE5M2E4NDgwOTZkYTgzNTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGzl4KSJqg4sHOTicLnfZJ0eLmWg
UX/IUp5/4Gsb5ehj3FM6I3w7b5bN0J8YgJqm/kfToui8X5b8W6fVgw93mG8O673X
MU3OOr+Hw9HI852CEUi1LI8Wrf/RzCYMVPCEL/HlameWV69+mshxcDkAwscRcwy2
PtAiuyBF4QvIGefvgDEk/y3XgLc++kt/Bj5RKI9N2yJY0kuzrq2GcKS2xNQwPVJd
uO5IMtUclHyM1/6SHOnJdi/g6ve/tH4y0CCBwrKBCwZIT4YGVKstnYHUxOakAjQ9
76/7pWAOzWdqsJjsA1baMx+ltqDLIEV992F2Mmhlotig5lDLAj8BfwuGhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5x7ZvK/YJcXuRwAZOoSAltqDUKMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvM25IdG04cjlnbHhlNUhBQms2aElDVzJvTlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkyMA0G
CSqGSIb3DQEBCwUAA4IBAQBnx1gbpOupFvwKfdl3CbzLCnpkyTyZ6pSs/ni5dBne
2Ve9Ed5t2lnqaDryyT9uQ4daV5LPnf8k+Gv4/hnWVnS3vuTsnzUo6EvtpWOorYIa
tRJvznsDM/gfav42Ptcdzr4Mq8IPezQ2UNkxQ5/OlEzBX2dXWpzkwEEB+NQkB6U+
TbqUSMDuPEiOMilE4wdp2p/OKsDimCJN4OZ9w/LklXvbKYy/bn+xKb7y1AhtY2pq
hnEy5NadrI6OgE0JV/urSgcgUL32/HdNAT1Y+ctLK6gBIbrpdWs6ob2ZfrvWi7my
oG92+zyVHRfzqNPPY2zCdXOF/bEIGZBh+Yhz720WbF2s
-----END CERTIFICATE-----