Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5n21IOVh3ZT7FUE7A7hV-3fm8is.roa
File:                     5n21IOVh3ZT7FUE7A7hV-3fm8is.roa (raw, json)
Hash identifier:          DBY7UJPSdrH6qQeaGAo0HhHo7PbAuxbN6+DUatSrEp0=
Subject key identifier:   E6:7D:B5:20:E5:61:DD:94:FB:15:41:3B:03:B8:55:FB:77:E6:F2:2B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019267A3ECF5818663216026ACFE661B0980
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5n21IOVh3ZT7FUE7A7hV-3fm8is.roa
Signing time:             Mon 07 Oct 2024 15:40:49 +0000
ROA not before:           Mon 07 Oct 2024 15:40:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        31.56.4.0/24 maxlen: 24
                          31.56.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:67:a3:ec:f5:81:86:63:21:60:26:ac:fe:66:1b:09:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct  7 15:40:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e67db520e561dd94fb15413b03b855fb77e6f22b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:70:ad:83:e6:41:50:a7:55:76:24:7e:52:ac:
                    84:03:95:4f:8b:d3:1f:9b:f6:c1:fb:0c:74:53:78:
                    07:07:3f:d4:2a:bc:13:55:10:8e:32:c0:d5:a7:70:
                    b8:b0:aa:2f:db:a7:4f:24:e4:30:c1:14:ca:3f:ec:
                    d5:e8:c4:06:29:66:c6:1c:19:b5:f2:82:74:40:e0:
                    e0:70:b4:dd:58:1c:19:b5:cc:0b:fa:4e:7d:44:62:
                    3f:2f:78:89:09:b4:32:d0:04:d6:b8:8e:5b:38:e3:
                    56:3e:6f:b8:d2:d4:6c:83:70:6e:c5:c1:c1:2a:15:
                    73:39:0c:7b:11:31:eb:dd:e2:b7:29:b6:c2:7f:21:
                    09:0b:71:c8:2f:ea:e2:d2:eb:ae:64:18:ee:cc:af:
                    71:1f:32:6d:54:b9:59:bd:80:5f:a7:13:a1:5e:bc:
                    4f:e4:ed:ed:cf:52:1c:e3:ad:84:21:92:84:28:23:
                    94:7a:d0:4e:04:51:a8:4f:6d:35:df:af:df:ab:ea:
                    c3:32:2a:00:78:5f:69:04:52:17:c1:57:a4:c3:9f:
                    0f:3b:50:31:9b:a1:6d:2e:1e:99:10:2d:ed:b4:1b:
                    91:b7:e2:b2:e0:0b:23:05:3d:b5:f8:62:f8:8d:5f:
                    e9:60:e1:cb:18:cf:ef:1a:fd:29:0e:db:be:3e:53:
                    5a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7D:B5:20:E5:61:DD:94:FB:15:41:3B:03:B8:55:FB:77:E6:F2:2B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/5n21IOVh3ZT7FUE7A7hV-3fm8is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.4.0/24
                  31.56.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:55:cb:6a:8e:75:db:e7:57:e3:09:c3:a4:0c:ec:7a:f4:58:
         ec:18:36:2b:b5:e3:f4:e0:9b:82:17:34:34:44:12:65:67:33:
         3c:56:94:6e:8e:82:54:b2:a3:51:0d:b0:b4:49:84:5f:2d:52:
         77:8e:7e:ba:4d:c4:0b:2b:cf:2f:af:89:eb:73:60:b2:b8:02:
         13:9b:74:59:b9:5c:78:19:ea:da:e1:4d:be:f5:15:ea:9d:ec:
         d0:ca:0a:23:52:f0:38:06:43:b9:60:79:16:3e:d5:df:9f:04:
         89:86:4c:7e:67:7b:80:ba:9b:80:8d:e4:3c:e5:82:15:ec:e3:
         b7:bf:69:12:d9:ea:3e:ec:03:72:8e:c1:34:4f:36:4e:eb:ee:
         a9:44:62:c7:00:84:c8:82:ed:2c:89:20:e3:f3:0f:3e:f9:2d:
         96:8c:97:14:54:eb:6c:81:69:83:3e:c8:f2:95:c2:d9:72:69:
         ea:1d:2c:3e:d0:58:24:68:a3:28:53:bd:5a:ca:c3:f9:04:63:
         56:af:6f:ea:0d:03:1a:03:2c:7a:84:eb:d3:fe:33:17:22:53:
         3b:b0:04:35:7c:e7:81:6d:e8:91:47:20:f3:dd:ff:e5:26:ad:
         6e:f0:7d:9f:68:92:69:2a:19:4d:90:46:18:29:3d:84:11:8b:
         51:01:54:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJno+z1gYZjIWAmrP5mGwmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDA3MTU0MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdkYjUyMGU1NjFkZDk0ZmIxNTQxM2IwM2I4NTVmYjc3ZTZmMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHCtg+ZBUKdVdiR+UqyEA5VPi9Mf
m/bB+wx0U3gHBz/UKrwTVRCOMsDVp3C4sKov26dPJOQwwRTKP+zV6MQGKWbGHBm1
8oJ0QODgcLTdWBwZtcwL+k59RGI/L3iJCbQy0ATWuI5bOONWPm+40tRsg3BuxcHB
KhVzOQx7ETHr3eK3KbbCfyEJC3HIL+ri0uuuZBjuzK9xHzJtVLlZvYBfpxOhXrxP
5O3tz1Ic462EIZKEKCOUetBOBFGoT20136/fq+rDMioAeF9pBFIXwVekw58PO1Ax
m6FtLh6ZEC3ttBuRt+Ky4AsjBT21+GL4jV/pYOHLGM/vGv0pDtu+PlNaSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOZ9tSDlYd2U+xVBOwO4Vft35vIrMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvNW4yMUlPVmgzWlQ3RlVFN0E3aFYtM2ZtOGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzgEAwQA
Hzg/MA0GCSqGSIb3DQEBCwUAA4IBAQAgVctqjnXb51fjCcOkDOx69FjsGDYrteP0
4JuCFzQ0RBJlZzM8VpRujoJUsqNRDbC0SYRfLVJ3jn66TcQLK88vr4nrc2CyuAIT
m3RZuVx4Gera4U2+9RXqnezQygojUvA4BkO5YHkWPtXfnwSJhkx+Z3uAupuAjeQ8
5YIV7OO3v2kS2eo+7ANyjsE0TzZO6+6pRGLHAITIgu0siSDj8w8++S2WjJcUVOts
gWmDPsjylcLZcmnqHSw+0FgkaKMoU71aysP5BGNWr2/qDQMaAyx6hOvT/jMXIlM7
sAQ1fOeBbeiRRyDz3f/lJq1u8H2faJJpKhlNkEYYKT2EEYtRAVTP
-----END CERTIFICATE-----