Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r_tcE3Ii97w0k3CLXgRKGQ8Od4M.roa
File:                     r_tcE3Ii97w0k3CLXgRKGQ8Od4M.roa (raw, json)
Hash identifier:          9VA9NgUOVRjMtWppBQ1/cGmvyXKHFV8pRfnANAOoAN0=
Subject key identifier:   AF:FB:5C:13:72:22:F7:BC:34:93:70:8B:5E:04:4A:19:0F:0E:77:83
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197E8A09BA479AD41E6ED28F984FE8628BE
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r_tcE3Ii97w0k3CLXgRKGQ8Od4M.roa
Signing time:             Tue 08 Jul 2025 06:02:09 +0000
ROA not before:           Tue 08 Jul 2025 06:02:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214481
IP address blocks:        31.58.51.0/24 maxlen: 24
                          31.59.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:a0:9b:a4:79:ad:41:e6:ed:28:f9:84:fe:86:28:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  8 06:02:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=affb5c137222f7bc3493708b5e044a190f0e7783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7b:ff:0c:72:53:40:ef:f8:79:3f:97:63:7f:
                    a5:c1:e5:8a:a2:13:a6:5f:d1:20:a6:01:1c:62:13:
                    09:ff:ef:c8:c8:ee:d2:f5:2e:b2:bf:61:2d:ae:cd:
                    72:70:39:a2:2b:56:b6:8d:8f:8c:d7:ba:db:04:d3:
                    2a:12:ed:f7:79:54:5c:8d:f2:dc:9e:c6:4b:a9:77:
                    18:86:4a:ae:6b:5e:5d:73:17:1d:bd:be:cf:9f:8f:
                    d3:5a:34:78:7e:7c:ba:9d:9e:4b:9c:7f:c2:17:24:
                    00:a6:82:40:50:47:a8:e0:79:1a:79:a3:c8:14:ab:
                    80:23:a1:59:90:29:b6:9a:62:aa:62:65:21:18:df:
                    29:a5:dc:a9:c0:3a:33:d5:d7:54:ab:4d:49:36:60:
                    bc:ae:78:a6:08:3c:b6:45:e6:c3:fa:d5:3c:10:ee:
                    dd:b4:35:89:71:62:76:da:ef:a4:e7:24:1f:c4:c7:
                    a7:f9:66:81:32:a0:4f:ce:8d:15:32:63:ca:89:76:
                    e4:47:aa:a9:f4:05:4b:01:47:ac:67:78:58:bd:58:
                    db:87:d0:59:fc:c6:dd:3a:32:b3:4d:af:41:3b:8d:
                    90:72:d1:6e:56:f2:40:1c:7e:74:05:24:c0:98:89:
                    50:a3:c7:cd:2a:e5:ca:fc:32:34:13:3d:df:53:34:
                    c4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FB:5C:13:72:22:F7:BC:34:93:70:8B:5E:04:4A:19:0F:0E:77:83
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/r_tcE3Ii97w0k3CLXgRKGQ8Od4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.51.0/24
                  31.59.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:67:c8:e1:7c:9a:b3:38:fa:d0:26:0d:93:db:a7:86:5b:c3:
         7d:4c:2a:2f:2c:14:9b:57:04:0c:bf:f0:77:80:6a:89:2c:27:
         40:c3:8d:ee:d4:38:bf:7e:a4:98:b4:1b:6d:a9:08:ea:ed:e1:
         79:0b:94:25:64:af:cc:fd:a9:8f:c8:6d:64:c3:ad:d3:9f:07:
         b7:65:17:fa:64:61:ea:ce:39:40:c0:85:58:f1:06:74:4a:55:
         9a:87:7b:1f:7f:56:dc:c6:29:e8:8f:33:3c:0c:d2:d8:3f:1e:
         6c:29:07:e8:65:2b:4d:5d:cd:b2:8e:08:98:63:d3:c5:a8:9c:
         c4:f3:18:35:c5:bd:be:44:b0:99:99:f9:5e:0e:03:84:5b:cc:
         59:ac:a4:28:77:c4:00:fd:65:db:a7:c9:6c:ef:13:e4:d8:30:
         46:51:0e:e7:49:a2:36:54:23:d6:24:51:8b:8c:6f:f4:c2:e9:
         2b:89:c6:5c:53:30:d1:43:a4:b3:5a:f9:8e:f4:5f:bd:80:a6:
         ef:24:0c:e2:41:eb:55:a6:d2:00:08:26:af:f7:7b:27:bd:bd:
         08:2a:4e:2e:5d:7c:ee:ba:65:4a:c1:d2:28:8d:e3:ce:72:59:
         d1:be:c2:c6:a6:40:7f:d1:3a:ad:43:56:81:74:f6:55:03:f1:
         16:26:84:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfooJukea1B5u0o+YT+hii+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzA4MDYwMjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZiNWMxMzcyMjJmN2JjMzQ5MzcwOGI1ZTA0NGExOTBmMGU3NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3v/DHJTQO/4eT+XY3+lweWKohOm
X9EgpgEcYhMJ/+/IyO7S9S6yv2Etrs1ycDmiK1a2jY+M17rbBNMqEu33eVRcjfLc
nsZLqXcYhkqua15dcxcdvb7Pn4/TWjR4fny6nZ5LnH/CFyQApoJAUEeo4HkaeaPI
FKuAI6FZkCm2mmKqYmUhGN8ppdypwDoz1ddUq01JNmC8rnimCDy2RebD+tU8EO7d
tDWJcWJ22u+k5yQfxMen+WaBMqBPzo0VMmPKiXbkR6qp9AVLAUesZ3hYvVjbh9BZ
/MbdOjKzTa9BO42QctFuVvJAHH50BSTAmIlQo8fNKuXK/DI0Ez3fUzTE6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK/7XBNyIve8NJNwi14EShkPDneDMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcl90Y0UzSWk5N3cwazNDTFhnUktHUThPZDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzozAwQA
HzuBMA0GCSqGSIb3DQEBCwUAA4IBAQCTZ8jhfJqzOPrQJg2T26eGW8N9TCovLBSb
VwQMv/B3gGqJLCdAw43u1Di/fqSYtBttqQjq7eF5C5QlZK/M/amPyG1kw63Tnwe3
ZRf6ZGHqzjlAwIVY8QZ0SlWah3sff1bcxinojzM8DNLYPx5sKQfoZStNXc2yjgiY
Y9PFqJzE8xg1xb2+RLCZmfleDgOEW8xZrKQod8QA/WXbp8ls7xPk2DBGUQ7nSaI2
VCPWJFGLjG/0wukricZcUzDRQ6SzWvmO9F+9gKbvJAziQetVptIACCav93snvb0I
Kk4uXXzuumVKwdIojePOclnRvsLGpkB/0TqtQ1aBdPZVA/EWJoSx
-----END CERTIFICATE-----