Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/upu_X6h8BoID17QKUEef2O2Y1To.roa
File:                     upu_X6h8BoID17QKUEef2O2Y1To.roa (raw, json)
Hash identifier:          gY42k/AMoAPHSraCfDVZ9CHrW+OvCVfN9fXZv5woVt4=
Subject key identifier:   BA:9B:BF:5F:A8:7C:06:82:03:D7:B4:0A:50:47:9F:D8:ED:98:D5:3A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197E8A09C77A80C8497A36209696C6D45AD
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/upu_X6h8BoID17QKUEef2O2Y1To.roa
Signing time:             Tue 08 Jul 2025 06:02:09 +0000
ROA not before:           Tue 08 Jul 2025 06:02:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214677
IP address blocks:        31.56.7.0/24 maxlen: 24
                          31.56.233.0/24 maxlen: 24
                          31.58.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 16:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:a0:9c:77:a8:0c:84:97:a3:62:09:69:6c:6d:45:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  8 06:02:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba9bbf5fa87c068203d7b40a50479fd8ed98d53a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:71:2b:d3:18:42:b5:07:84:da:d5:fb:56:7d:
                    19:88:b6:be:33:bc:71:84:a8:14:0d:f5:e5:cc:89:
                    f0:c5:d7:0a:73:e4:c5:ce:66:e8:53:80:3e:1e:48:
                    35:d9:e1:25:34:bf:74:f7:c1:5e:5c:50:fe:14:0c:
                    27:52:88:3c:e0:d7:6a:4a:97:8b:22:c3:78:a3:fc:
                    dd:e8:8f:92:f3:be:dc:b1:4b:b5:ac:ee:21:c2:87:
                    5f:a5:f7:5a:ae:7f:c6:8f:b2:0b:bc:46:11:ff:da:
                    97:5f:d7:64:b1:75:a0:6a:a2:aa:c8:7b:e0:7c:8c:
                    a0:54:24:e2:c5:c6:e6:59:f6:68:37:ea:59:f4:ea:
                    c4:e4:a1:cb:6e:01:d8:f7:d7:37:6c:cd:b9:96:45:
                    6d:5a:77:9d:ae:5a:03:58:7d:6b:72:e1:d0:c3:c7:
                    99:6b:1e:4c:0f:ba:6d:02:25:21:52:b9:9e:f5:71:
                    3f:a8:93:2c:ea:72:2b:29:0f:65:82:29:3b:d6:47:
                    84:63:51:82:f7:76:67:cc:f2:bd:ba:ca:26:e0:67:
                    f9:10:73:8f:aa:12:2d:d0:ac:2b:3e:8a:40:10:d3:
                    58:4f:df:7e:77:e5:80:ca:f4:21:9c:33:c2:89:03:
                    a1:c1:e9:83:a3:2d:2d:a5:6c:94:b0:a0:89:22:15:
                    ab:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9B:BF:5F:A8:7C:06:82:03:D7:B4:0A:50:47:9F:D8:ED:98:D5:3A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/upu_X6h8BoID17QKUEef2O2Y1To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.7.0/24
                  31.56.233.0/24
                  31.58.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:41:b6:a1:0c:c5:b5:b3:bc:a6:08:e0:53:f8:a2:b2:12:94:
         ab:0d:d6:34:cd:14:08:f8:8f:91:8f:82:c5:4d:be:27:d7:33:
         64:73:8c:3b:d9:0e:c6:d7:58:bb:12:9c:f5:8e:34:f9:26:a4:
         d8:d8:71:ed:cd:84:73:8a:6d:43:df:0b:53:d1:f9:d8:6b:59:
         53:33:47:41:5c:7f:ba:cf:a8:e2:f6:1e:84:c6:06:b5:1f:ae:
         07:9b:2d:d6:50:c2:d0:3b:b6:24:be:1f:02:8c:c3:02:12:61:
         47:6d:c3:db:25:3d:f9:d6:6b:82:db:49:45:86:19:19:b5:83:
         ad:34:76:cc:7a:a1:d9:c2:4d:f4:c0:14:79:8b:c9:99:80:b1:
         d1:d1:cb:12:72:9a:67:bc:3f:1f:e7:44:cf:45:48:36:25:51:
         33:10:aa:70:01:d1:5d:a1:73:22:42:be:92:82:91:79:a6:95:
         a1:cd:79:4d:de:27:1a:a8:17:1e:e1:ec:90:d5:be:77:07:df:
         51:2b:99:a3:dd:f0:1e:0b:f3:8a:ee:d8:c9:2f:89:ed:31:0d:
         68:e8:38:58:65:dd:3e:91:39:31:15:e5:70:61:de:56:02:10:
         dc:2c:19:0c:9f:d6:6a:1c:73:7c:51:3e:9f:67:df:f9:a3:01:
         07:83:58:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfooJx3qAyEl6NiCWlsbUWtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzA4MDYwMjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTliYmY1ZmE4N2MwNjgyMDNkN2I0MGE1MDQ3OWZkOGVkOThkNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHEr0xhCtQeE2tX7Vn0ZiLa+M7xx
hKgUDfXlzInwxdcKc+TFzmboU4A+Hkg12eElNL9098FeXFD+FAwnUog84NdqSpeL
IsN4o/zd6I+S877csUu1rO4hwodfpfdarn/Gj7ILvEYR/9qXX9dksXWgaqKqyHvg
fIygVCTixcbmWfZoN+pZ9OrE5KHLbgHY99c3bM25lkVtWnedrloDWH1rcuHQw8eZ
ax5MD7ptAiUhUrme9XE/qJMs6nIrKQ9lgik71keEY1GC93ZnzPK9usom4Gf5EHOP
qhIt0KwrPopAENNYT99+d+WAyvQhnDPCiQOhwemDoy0tpWyUsKCJIhWr3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLqbv1+ofAaCA9e0ClBHn9jtmNU6MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdXB1X1g2aDhCb0lEMTdRS1VFZWYyTzJZMVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzgHAwQA
HzjpAwQAHzqcMA0GCSqGSIb3DQEBCwUAA4IBAQCqQbahDMW1s7ymCOBT+KKyEpSr
DdY0zRQI+I+Rj4LFTb4n1zNkc4w72Q7G11i7Epz1jjT5JqTY2HHtzYRzim1D3wtT
0fnYa1lTM0dBXH+6z6ji9h6Exga1H64Hmy3WUMLQO7Ykvh8CjMMCEmFHbcPbJT35
1muC20lFhhkZtYOtNHbMeqHZwk30wBR5i8mZgLHR0csScppnvD8f50TPRUg2JVEz
EKpwAdFdoXMiQr6SgpF5ppWhzXlN3icaqBce4eyQ1b53B99RK5mj3fAeC/OK7tjJ
L4ntMQ1o6DhYZd0+kTkxFeVwYd5WAhDcLBkMn9ZqHHN8UT6fZ9/5owEHg1ga
-----END CERTIFICATE-----
Generated at Fri Jul 25 19:03:53 2025 by rpki-client