Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Bg5-eLrGj8S9wZyVMyRA3SQyC54.roa
File:                     Bg5-eLrGj8S9wZyVMyRA3SQyC54.roa (raw, json)
Hash identifier:          3R+W5uTThdYALYN5iZh6OfWPpeIYvyEWh2bTpzMVp8s=
Subject key identifier:   06:0E:7E:78:BA:C6:8F:C4:BD:C1:9C:95:33:24:40:DD:24:32:0B:9E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428234494131E0EDCCD8C58FF1C6FAF2F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Bg5-eLrGj8S9wZyVMyRA3SQyC54.roa
Signing time:             Thu 02 Jan 2025 17:49:47 +0000
ROA not before:           Thu 02 Jan 2025 17:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44714
IP address blocks:        31.58.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:44:94:13:1e:0e:dc:cd:8c:58:ff:1c:6f:af:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=060e7e78bac68fc4bdc19c95332440dd24320b9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7f:db:8b:be:6e:6e:38:d5:34:d1:62:ef:20:
                    61:0f:6d:8a:6f:70:1c:cc:f8:d0:da:bf:1e:8e:c3:
                    43:92:88:f4:3c:da:10:25:23:4f:73:3d:0a:ef:7c:
                    5a:28:69:4d:56:7b:c5:56:38:40:56:a0:a3:84:06:
                    15:23:87:cc:14:16:9c:b6:b8:af:29:cb:4c:c4:d4:
                    d9:c1:59:34:0f:76:28:fa:0c:bb:6d:4d:11:57:36:
                    5e:c6:af:e5:89:ef:95:72:49:a8:20:94:f1:cf:1e:
                    0f:c9:8c:1e:e5:02:41:fb:0a:70:44:3b:32:5c:bc:
                    0f:c1:07:db:36:c0:21:f2:f5:3b:bb:38:40:f8:d1:
                    5a:b2:2f:86:5a:70:ad:26:c7:94:15:2f:3b:9f:96:
                    79:d5:64:a1:8c:be:99:a4:d7:7a:cd:99:84:99:b3:
                    ef:c3:ce:52:e9:d2:e6:23:eb:a3:a2:d3:b8:2d:7d:
                    c2:9a:6d:ea:2e:fc:ff:88:f3:a0:29:a7:58:a5:b3:
                    1d:8d:10:b2:ff:4f:05:b4:7b:38:78:c8:d3:e8:1d:
                    ef:41:b9:ec:a0:9a:44:34:80:29:83:a5:46:88:a2:
                    e0:dd:5e:98:d4:30:4e:bc:94:30:6d:ea:5f:53:37:
                    c5:f8:c6:20:1f:59:98:bd:d4:94:4d:95:ac:77:22:
                    20:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0E:7E:78:BA:C6:8F:C4:BD:C1:9C:95:33:24:40:DD:24:32:0B:9E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Bg5-eLrGj8S9wZyVMyRA3SQyC54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:33:4d:0c:eb:4b:79:3e:72:55:3c:09:36:49:0d:7b:2a:25:
         7c:72:46:a8:ea:c5:99:8e:00:46:a9:d4:71:ad:42:e2:a3:4f:
         a5:ff:d9:b2:05:7b:b8:75:50:f1:45:af:7b:6e:89:c4:39:7f:
         ca:33:71:d6:8a:19:74:37:3a:07:e2:e6:51:97:90:61:2a:f7:
         30:fe:35:b7:7c:a8:47:a0:da:6d:bb:bf:2d:ca:da:30:7a:dc:
         6f:4d:9f:aa:5e:ad:41:29:4e:9f:ee:4c:57:93:7e:80:2d:ae:
         f4:62:d7:13:2a:b5:39:4a:37:68:89:31:b6:2b:af:d6:80:d7:
         2c:7f:fe:30:4d:af:ee:92:dd:60:37:d6:13:37:bd:97:53:9a:
         3b:12:60:64:42:a6:c5:76:c9:0f:76:99:97:58:88:40:87:7f:
         b3:55:9a:b4:f1:c6:8b:3d:da:60:ee:fa:dd:58:a1:f2:09:26:
         ac:70:93:5f:01:d8:c7:be:38:65:2b:6d:d3:f2:d1:f5:71:d6:
         fa:3d:e6:8e:5d:4f:bc:8a:b0:fb:d7:83:90:3a:7b:53:34:41:
         02:a4:05:cb:2a:79:88:21:d2:06:b4:1a:40:f4:50:0e:25:03:
         82:ee:cb:72:f5:0f:86:90:6c:fb:06:9a:44:81:91:dd:63:e7:
         62:1c:92:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0SUEx4O3M2MWP8cb68vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBlN2U3OGJhYzY4ZmM0YmRjMTljOTUzMzI0NDBkZDI0MzIwYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH/bi75ubjjVNNFi7yBhD22Kb3Ac
zPjQ2r8ejsNDkoj0PNoQJSNPcz0K73xaKGlNVnvFVjhAVqCjhAYVI4fMFBactriv
KctMxNTZwVk0D3Yo+gy7bU0RVzZexq/lie+VckmoIJTxzx4PyYwe5QJB+wpwRDsy
XLwPwQfbNsAh8vU7uzhA+NFasi+GWnCtJseUFS87n5Z51WShjL6ZpNd6zZmEmbPv
w85S6dLmI+ujotO4LX3Cmm3qLvz/iPOgKadYpbMdjRCy/08FtHs4eMjT6B3vQbns
oJpENIApg6VGiKLg3V6Y1DBOvJQwbepfUzfF+MYgH1mYvdSUTZWsdyIgBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYOfni6xo/EvcGclTMkQN0kMgueMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQmc1LWVMckdqOFM5d1p5Vk15UkEzU1F5QzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzr2MA0G
CSqGSIb3DQEBCwUAA4IBAQC+M00M60t5PnJVPAk2SQ17KiV8ckao6sWZjgBGqdRx
rULio0+l/9myBXu4dVDxRa97bonEOX/KM3HWihl0NzoH4uZRl5BhKvcw/jW3fKhH
oNptu78tytowetxvTZ+qXq1BKU6f7kxXk36ALa70YtcTKrU5SjdoiTG2K6/WgNcs
f/4wTa/ukt1gN9YTN72XU5o7EmBkQqbFdskPdpmXWIhAh3+zVZq08caLPdpg7vrd
WKHyCSascJNfAdjHvjhlK23T8tH1cdb6PeaOXU+8irD714OQOntTNEECpAXLKnmI
IdIGtBpA9FAOJQOC7sty9Q+GkGz7BppEgZHdY+diHJIy
-----END CERTIFICATE-----