Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2yRmW8s8bvtOw_MhFW1DvM6jdxI.roa
File:                     2yRmW8s8bvtOw_MhFW1DvM6jdxI.roa (raw, json)
Hash identifier:          es881poqW3eHuBmg+NOFpg/NWO9pAzHgvk3sOLUutL0=
Subject key identifier:   DB:24:66:5B:CB:3C:6E:FB:4E:C3:F3:21:15:6D:43:BC:CE:A3:77:12
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0197405E1B978C798CCC3CC81F50F3F066C2
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2yRmW8s8bvtOw_MhFW1DvM6jdxI.roa
Signing time:             Thu 05 Jun 2025 13:53:18 +0000
ROA not before:           Thu 05 Jun 2025 13:53:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211539
IP address blocks:        31.58.235.0/24 maxlen: 24
                          217.60.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:5e:1b:97:8c:79:8c:cc:3c:c8:1f:50:f3:f0:66:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jun  5 13:53:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db24665bcb3c6efb4ec3f321156d43bccea37712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:5d:e2:87:ff:f9:34:6b:1d:06:35:63:45:37:
                    e7:06:bd:8f:c7:bc:5e:e4:31:45:80:af:e6:87:53:
                    97:25:ec:bf:23:7e:99:b4:c7:52:41:40:e5:29:73:
                    18:9d:7b:9b:b5:2b:77:1d:32:cd:a1:e6:d6:89:16:
                    e9:84:38:b6:55:0b:b8:d6:2c:31:36:27:9b:ee:3b:
                    9d:2f:17:a2:05:a1:54:53:c6:aa:50:7b:f9:ac:38:
                    8a:5a:8f:95:5b:fc:0d:64:a1:58:a1:6a:7c:2d:96:
                    1b:f5:cc:b3:3a:c2:58:2f:bd:08:5d:16:3b:c9:8d:
                    86:ef:bc:6b:3f:ce:4b:87:5e:ce:e3:29:a7:df:55:
                    4f:1b:4a:1a:b8:55:7b:48:56:66:20:52:ad:28:6e:
                    0e:d5:5a:60:18:54:ef:0e:99:87:dd:97:c4:40:29:
                    ab:0b:21:b1:29:62:0c:d4:2b:62:e5:3c:b9:db:43:
                    d4:52:c9:0e:15:a2:43:d7:90:ed:ab:62:cd:62:cf:
                    98:85:46:7c:61:f7:f3:92:7d:19:39:c9:81:0a:74:
                    bc:2f:2d:be:66:04:56:67:0e:57:58:dc:3c:03:9e:
                    13:3b:be:9a:b7:75:c2:fa:13:ce:7a:3e:5e:ce:d3:
                    44:fd:cf:93:95:ee:81:5a:6c:2a:f7:eb:ed:46:e4:
                    f4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:24:66:5B:CB:3C:6E:FB:4E:C3:F3:21:15:6D:43:BC:CE:A3:77:12
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/2yRmW8s8bvtOw_MhFW1DvM6jdxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.235.0/24
                  217.60.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:3f:11:0b:87:55:4d:23:f8:f8:86:c2:ce:be:96:7e:2d:21:
         bf:9d:02:1a:79:55:3c:e6:20:27:4b:fa:70:9d:ea:aa:7e:c3:
         43:f5:1e:a0:54:e0:dd:81:d3:d4:cd:2f:33:3e:ee:4c:bf:fc:
         65:0a:16:1d:fa:fe:2d:5e:7a:ec:e1:48:cd:dc:b2:cb:eb:a9:
         a1:55:05:b9:5f:67:30:8e:c6:8c:ed:5c:bc:48:16:be:92:d0:
         dd:2b:41:07:75:0d:33:61:cd:d3:11:37:9b:fc:db:26:6b:37:
         4d:9e:f4:e0:85:87:a7:72:9e:34:d9:72:c2:9d:5d:96:49:b8:
         f3:80:b0:09:8c:d6:17:56:b9:6b:90:55:92:e6:5a:e7:e7:f5:
         fb:30:d3:f6:f6:38:45:ac:19:7e:6b:9b:23:d1:95:e0:df:7b:
         fb:93:bf:65:84:bb:7a:ab:98:4f:50:b4:8c:c9:d5:f6:71:2c:
         26:27:c2:b5:91:50:56:e9:ea:23:59:5a:86:4f:85:ae:2c:9e:
         93:d2:a3:55:0d:c1:c6:54:99:1a:2b:8d:a0:2e:fa:10:bb:00:
         24:cc:a3:e0:58:09:5e:a2:18:e8:4a:52:cf:9c:7f:d2:01:6d:
         60:67:4b:6d:ea:76:d8:97:54:f5:53:58:bc:c4:26:86:38:d0:
         f8:1f:67:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdAXhuXjHmMzDzIH1Dz8GbCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNjA1MTM1MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjI0NjY1YmNiM2M2ZWZiNGVjM2YzMjExNTZkNDNiY2NlYTM3NzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0F3ih//5NGsdBjVjRTfnBr2Px7xe
5DFFgK/mh1OXJey/I36ZtMdSQUDlKXMYnXubtSt3HTLNoebWiRbphDi2VQu41iwx
Nieb7judLxeiBaFUU8aqUHv5rDiKWo+VW/wNZKFYoWp8LZYb9cyzOsJYL70IXRY7
yY2G77xrP85Lh17O4ymn31VPG0oauFV7SFZmIFKtKG4O1VpgGFTvDpmH3ZfEQCmr
CyGxKWIM1Cti5Ty520PUUskOFaJD15Dtq2LNYs+YhUZ8Yffzkn0ZOcmBCnS8Ly2+
ZgRWZw5XWNw8A54TO76at3XC+hPOej5eztNE/c+Tle6BWmwq9+vtRuT0cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNskZlvLPG77TsPzIRVtQ7zOo3cSMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMnlSbVc4czhidnRPd19NaEZXMUR2TTZqZHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzrrAwQA
2Ty7MA0GCSqGSIb3DQEBCwUAA4IBAQBrPxELh1VNI/j4hsLOvpZ+LSG/nQIaeVU8
5iAnS/pwneqqfsND9R6gVODdgdPUzS8zPu5Mv/xlChYd+v4tXnrs4UjN3LLL66mh
VQW5X2cwjsaM7Vy8SBa+ktDdK0EHdQ0zYc3TETeb/NsmazdNnvTghYencp402XLC
nV2WSbjzgLAJjNYXVrlrkFWS5lrn5/X7MNP29jhFrBl+a5sj0ZXg33v7k79lhLt6
q5hPULSMydX2cSwmJ8K1kVBW6eojWVqGT4WuLJ6T0qNVDcHGVJkaK42gLvoQuwAk
zKPgWAleohjoSlLPnH/SAW1gZ0tt6nbYl1T1U1i8xCaGOND4H2e5
-----END CERTIFICATE-----