Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5SEsWmJg9cdBkOUkdDfwS0UjB9M.roa
File:                     5SEsWmJg9cdBkOUkdDfwS0UjB9M.roa (raw, json)
Hash identifier:          WbaDtJWcDgfwF/QN7twXVlKvOt7/8ExBHkwKQGNgPJg=
Subject key identifier:   E5:21:2C:5A:62:60:F5:C7:41:90:E5:24:74:37:F0:4B:45:23:07:D3
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019203CA66829D167660529927E2D5658BEA
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5SEsWmJg9cdBkOUkdDfwS0UjB9M.roa
Signing time:             Wed 18 Sep 2024 06:20:49 +0000
ROA not before:           Wed 18 Sep 2024 06:20:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     132335
IP address blocks:        31.57.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:03:ca:66:82:9d:16:76:60:52:99:27:e2:d5:65:8b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 18 06:20:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5212c5a6260f5c74190e5247437f04b452307d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e6:06:66:83:0a:32:f7:c0:95:35:8d:d8:6b:
                    85:b1:53:98:5c:5a:b3:53:02:3f:5b:a6:de:60:a3:
                    ec:bf:d6:7e:0c:23:c9:f3:33:6b:96:96:38:1f:c1:
                    08:7e:9c:e8:04:1d:4a:92:11:0b:21:13:ac:99:b3:
                    3b:1a:15:c2:e7:8a:c5:3e:92:df:0e:ee:87:4b:9d:
                    e5:73:03:6c:7c:36:1c:34:45:9e:eb:d6:e9:28:57:
                    12:cc:0d:23:39:2e:24:c1:81:3f:21:eb:b7:f2:98:
                    99:dc:bf:fc:22:3a:db:77:c2:87:c6:06:d6:4f:7d:
                    35:3c:ae:cd:e1:28:00:95:8b:ac:4d:b9:7a:cc:b6:
                    13:b2:e6:70:aa:ee:78:22:e1:5a:04:9e:ec:08:87:
                    56:be:83:77:ba:bd:17:c5:40:11:52:19:b7:91:af:
                    53:64:4a:d9:40:14:17:30:1d:27:75:85:8c:08:ba:
                    9d:27:c0:34:d1:49:d8:1d:4e:87:41:ce:d2:e6:7b:
                    ad:2b:ef:f5:d8:40:da:c6:df:30:c3:48:1e:e3:32:
                    74:74:7b:d3:3c:11:30:20:f5:e6:5b:3c:bc:e2:17:
                    6b:7a:27:93:db:a6:49:0d:30:28:e0:44:33:d8:0d:
                    6f:b1:61:96:a5:df:1e:15:92:73:cc:8a:b1:73:10:
                    6e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:21:2C:5A:62:60:F5:C7:41:90:E5:24:74:37:F0:4B:45:23:07:D3
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5SEsWmJg9cdBkOUkdDfwS0UjB9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:dd:d5:17:ce:6c:d1:54:1b:ba:8a:7e:bf:18:84:af:79:3f:
         36:0e:25:82:9d:1d:9a:f3:16:92:7d:c1:6f:20:7c:f0:a2:87:
         46:d4:00:39:b4:4a:98:a2:07:07:b5:d9:5a:61:6e:76:0f:a7:
         11:aa:3f:94:78:c4:ea:d6:84:72:93:56:b4:8f:b1:45:90:e9:
         4e:f6:2d:1c:64:5c:d6:a6:ae:47:2e:a8:cc:1d:40:05:4b:61:
         04:ed:cd:40:b2:8e:b2:31:6a:2a:3e:95:b8:62:90:4b:43:bb:
         18:97:a3:e6:68:a2:77:09:aa:78:d5:db:c6:2a:78:67:a8:96:
         08:00:e2:5d:4f:a9:28:2c:62:b3:00:fe:5d:59:00:d4:7c:3a:
         aa:69:80:20:33:d0:e9:8e:b2:10:f9:a4:12:19:06:16:3f:b0:
         d1:94:67:e5:42:fd:ee:cc:c5:ec:fa:8f:95:36:37:c5:10:d1:
         f5:5d:f7:8f:15:c6:c3:2d:dc:b1:96:57:97:0c:4f:d7:b2:24:
         ec:61:e1:a5:50:8c:b5:44:90:c3:41:85:fd:c2:1a:b4:4c:79:
         75:38:24:c1:1a:55:e6:ff:30:36:9b:ed:28:57:ce:a1:98:e0:
         ed:2a:d8:e1:6d:c1:ea:dc:0d:9a:3a:c2:58:78:f4:91:f8:70:
         d1:31:c1:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIDymaCnRZ2YFKZJ+LVZYvqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTE4MDYyMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTIxMmM1YTYyNjBmNWM3NDE5MGU1MjQ3NDM3ZjA0YjQ1MjMwN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOYGZoMKMvfAlTWN2GuFsVOYXFqz
UwI/W6beYKPsv9Z+DCPJ8zNrlpY4H8EIfpzoBB1KkhELIROsmbM7GhXC54rFPpLf
Du6HS53lcwNsfDYcNEWe69bpKFcSzA0jOS4kwYE/Ieu38piZ3L/8Ijrbd8KHxgbW
T301PK7N4SgAlYusTbl6zLYTsuZwqu54IuFaBJ7sCIdWvoN3ur0XxUARUhm3ka9T
ZErZQBQXMB0ndYWMCLqdJ8A00UnYHU6HQc7S5nutK+/12EDaxt8ww0ge4zJ0dHvT
PBEwIPXmWzy84hdreieT26ZJDTAo4EQz2A1vsWGWpd8eFZJzzIqxcxBuyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUhLFpiYPXHQZDlJHQ38EtFIwfTMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNVNFc1dtSmc5Y2RCa09Va2REZndTMFVqQjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmRMA0G
CSqGSIb3DQEBCwUAA4IBAQAq3dUXzmzRVBu6in6/GISveT82DiWCnR2a8xaSfcFv
IHzwoodG1AA5tEqYogcHtdlaYW52D6cRqj+UeMTq1oRyk1a0j7FFkOlO9i0cZFzW
pq5HLqjMHUAFS2EE7c1Aso6yMWoqPpW4YpBLQ7sYl6PmaKJ3Cap41dvGKnhnqJYI
AOJdT6koLGKzAP5dWQDUfDqqaYAgM9DpjrIQ+aQSGQYWP7DRlGflQv3uzMXs+o+V
NjfFENH1XfePFcbDLdyxlleXDE/XsiTsYeGlUIy1RJDDQYX9whq0THl1OCTBGlXm
/zA2m+0oV86hmODtKtjhbcHq3A2aOsJYePSR+HDRMcG5
-----END CERTIFICATE-----