Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7Xjlr6NcGxPZ3XyTdWZ_eQGi508.roa
File:                     7Xjlr6NcGxPZ3XyTdWZ_eQGi508.roa (raw, json)
Hash identifier:          DyXJkPLbUZB2N701Srq9v/BDGdkcvnc/pSxXYKzIkFs=
Subject key identifier:   ED:78:E5:AF:A3:5C:1B:13:D9:DD:7C:93:75:66:7F:79:01:A2:E7:4F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0198099D6EE967ACD2C1C5BAA2DE6792FD4F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7Xjlr6NcGxPZ3XyTdWZ_eQGi508.roa
Signing time:             Mon 14 Jul 2025 15:46:09 +0000
ROA not before:           Mon 14 Jul 2025 15:46:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        31.56.198.0/24 maxlen: 24
                          31.59.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:9d:6e:e9:67:ac:d2:c1:c5:ba:a2:de:67:92:fd:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul 14 15:46:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed78e5afa35c1b13d9dd7c9375667f7901a2e74f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9b:cf:15:59:47:31:ff:e5:fd:1f:8f:4e:7d:
                    f8:f6:b1:44:f8:11:90:4b:af:d9:f3:0e:df:03:dc:
                    2d:40:6c:e9:ca:a7:28:38:66:9d:0d:b1:6c:98:2f:
                    fd:8f:9b:b7:f2:36:b4:49:b2:94:73:86:ee:40:ff:
                    d6:41:51:51:4d:8d:fa:a6:78:38:e8:cf:ab:30:8d:
                    c4:47:5f:d1:30:20:61:cc:fc:35:4e:69:40:da:93:
                    de:f5:7a:1c:8f:c0:20:7e:dc:b0:1e:d3:38:73:aa:
                    de:97:2e:ba:fd:ac:4e:31:62:7f:0f:82:9c:a4:55:
                    25:e5:2b:37:9d:49:4d:32:48:12:01:9c:b8:6b:4d:
                    3f:f0:44:0b:f8:e5:e0:aa:49:9c:d5:c4:b2:ee:6e:
                    45:61:40:ab:fc:fd:f0:63:65:b1:70:73:07:ef:4b:
                    35:28:0f:8b:14:a2:f8:ee:f3:20:70:26:f1:bc:23:
                    06:22:c5:63:03:00:5a:17:97:65:40:4f:52:1a:c2:
                    16:68:32:ef:dc:36:d7:fc:3d:be:52:75:6c:9b:d4:
                    02:ec:b6:9b:ae:67:3d:eb:6a:dd:67:ff:62:85:78:
                    5e:2b:b4:73:99:95:e5:2f:ae:da:5f:c8:f3:7e:33:
                    ce:a4:f3:d7:1d:df:a2:7f:fe:de:b6:a9:f8:d0:96:
                    30:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:78:E5:AF:A3:5C:1B:13:D9:DD:7C:93:75:66:7F:79:01:A2:E7:4F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/7Xjlr6NcGxPZ3XyTdWZ_eQGi508.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.198.0/24
                  31.59.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:bb:d0:5a:5e:39:ad:87:e6:a5:e7:5c:e7:b9:af:d8:13:10:
         e0:62:67:23:e1:69:8d:bb:66:d0:f2:f7:12:9a:d3:84:61:50:
         bf:62:fb:c9:95:04:49:04:e7:2e:fa:86:17:90:96:1e:b8:8a:
         2a:92:09:f6:a2:f3:eb:1b:9f:d4:02:31:4d:38:e2:e8:1c:98:
         e4:d0:86:2f:8a:3b:5b:d2:56:62:9e:24:d1:a6:1f:be:d7:b9:
         a9:46:ae:e7:06:cb:d1:b9:87:25:ad:0e:cd:e0:11:40:c4:0b:
         76:97:01:ac:5e:ff:50:10:7e:0a:d9:cc:f8:61:4a:2a:25:13:
         aa:50:4a:56:a9:75:9a:88:22:fe:8f:5a:9b:9c:96:70:09:04:
         c9:1a:3d:a5:ce:6c:c7:61:05:a9:79:54:02:09:9d:e4:34:e1:
         e3:41:8a:28:c9:a1:36:40:42:f0:73:07:e1:04:96:41:f9:a6:
         c1:98:eb:17:67:f2:94:cc:fa:08:6b:66:33:84:99:66:b6:a5:
         c5:61:2e:fb:ad:bb:8d:53:df:0e:9a:f8:9f:af:c5:25:30:8c:
         64:58:ee:9b:a2:a3:f9:a9:35:22:67:e1:52:e8:2a:cc:6b:5d:
         bf:ba:89:4b:b0:f7:6a:74:80:51:a6:e8:95:18:c7:22:ce:04:
         0f:b2:aa:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJnW7pZ6zSwcW6ot5nkv1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzE0MTU0NjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDc4ZTVhZmEzNWMxYjEzZDlkZDdjOTM3NTY2N2Y3OTAxYTJlNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15vPFVlHMf/l/R+PTn349rFE+BGQ
S6/Z8w7fA9wtQGzpyqcoOGadDbFsmC/9j5u38ja0SbKUc4buQP/WQVFRTY36png4
6M+rMI3ER1/RMCBhzPw1TmlA2pPe9Xocj8AgftywHtM4c6rely66/axOMWJ/D4Kc
pFUl5Ss3nUlNMkgSAZy4a00/8EQL+OXgqkmc1cSy7m5FYUCr/P3wY2WxcHMH70s1
KA+LFKL47vMgcCbxvCMGIsVjAwBaF5dlQE9SGsIWaDLv3DbX/D2+UnVsm9QC7Lab
rmc962rdZ/9ihXheK7RzmZXlL67aX8jzfjPOpPPXHd+if/7etqn40JYwowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO145a+jXBsT2d18k3Vmf3kBoudPMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvN1hqbHI2TmNHeFBaM1h5VGRXWl9lUUdpNTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjGAwQA
HzvVMA0GCSqGSIb3DQEBCwUAA4IBAQBpu9BaXjmth+al51znua/YExDgYmcj4WmN
u2bQ8vcSmtOEYVC/YvvJlQRJBOcu+oYXkJYeuIoqkgn2ovPrG5/UAjFNOOLoHJjk
0IYvijtb0lZiniTRph++17mpRq7nBsvRuYclrQ7N4BFAxAt2lwGsXv9QEH4K2cz4
YUoqJROqUEpWqXWaiCL+j1qbnJZwCQTJGj2lzmzHYQWpeVQCCZ3kNOHjQYooyaE2
QELwcwfhBJZB+abBmOsXZ/KUzPoIa2YzhJlmtqXFYS77rbuNU98Omvifr8UlMIxk
WO6boqP5qTUiZ+FS6CrMa12/uolLsPdqdIBRpuiVGMcizgQPsqpg
-----END CERTIFICATE-----