Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/COnujFu8_V7hJCeyoafGwYVTng8.roa
File:                     COnujFu8_V7hJCeyoafGwYVTng8.roa (raw, json)
Hash identifier:          McG8M7YDKi9vNKP9jQ5aPKRG6YSCteA0Gfjd0U5R02E=
Subject key identifier:   08:E9:EE:8C:5B:BC:FD:5E:E1:24:27:B2:A1:A7:C6:C1:85:53:9E:0F
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019937EDD1D1C6857B891149DA4F17F68508
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/COnujFu8_V7hJCeyoafGwYVTng8.roa
Signing time:             Thu 11 Sep 2025 08:39:16 +0000
ROA not before:           Thu 11 Sep 2025 08:39:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56655
IP address blocks:        31.56.194.0/24 maxlen: 24
                          31.56.216.0/24 maxlen: 24
                          31.56.217.0/24 maxlen: 24
                          31.57.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:ed:d1:d1:c6:85:7b:89:11:49:da:4f:17:f6:85:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 11 08:39:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08e9ee8c5bbcfd5ee12427b2a1a7c6c185539e0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:16:6e:39:60:d4:23:2d:8a:92:b2:e3:cf:5e:
                    45:d2:a0:93:11:de:ab:3b:32:cf:06:8f:bb:2b:f8:
                    37:f9:cd:2f:9f:18:0b:0d:29:9b:8c:d3:20:6d:bd:
                    6e:3c:55:ba:0e:bc:84:8f:0c:98:66:04:2f:46:85:
                    c6:6d:af:07:f0:63:fc:af:f9:f8:c2:67:28:1f:4b:
                    19:5a:8b:1f:2f:ad:1c:60:86:a6:97:66:71:d1:b0:
                    d1:24:1e:cd:b0:05:12:6c:a4:9a:a3:28:1e:6b:97:
                    d2:14:ec:41:de:05:43:5d:4d:58:d2:fc:91:dd:eb:
                    b7:39:f0:11:72:65:c2:b1:75:8a:89:b6:b1:af:86:
                    de:2e:8f:cb:95:7e:2a:87:da:8c:56:76:e7:c3:8b:
                    3b:73:23:59:ea:b0:44:c5:b7:d4:f2:05:33:16:9d:
                    d2:0f:62:be:83:a1:05:a0:b6:f1:21:b3:04:25:e2:
                    56:0a:70:ac:bc:e5:a7:c6:b5:89:b6:ad:94:b2:b9:
                    57:00:88:a0:52:34:a4:ad:4e:13:fe:48:8c:17:b4:
                    93:7f:4e:f7:7a:ba:7e:20:85:31:95:78:36:33:a6:
                    5d:14:0f:10:a4:94:a9:03:59:a5:f8:bc:3e:0d:85:
                    88:68:3c:24:92:d1:16:45:5f:2d:62:96:d4:ca:5d:
                    24:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E9:EE:8C:5B:BC:FD:5E:E1:24:27:B2:A1:A7:C6:C1:85:53:9E:0F
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/COnujFu8_V7hJCeyoafGwYVTng8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.194.0/24
                  31.56.216.0/23
                  31.57.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:0b:bd:15:bc:c5:1f:83:33:8b:0a:83:db:b1:47:d5:91:32:
         d8:1f:f1:84:4f:b1:14:93:45:49:7e:e3:fd:04:76:4d:3c:43:
         54:47:ed:2a:8e:96:f9:56:b1:77:2c:86:ea:5c:fb:6e:87:21:
         bc:15:01:3e:f0:1c:17:b7:d4:e5:88:1f:db:90:6a:df:b5:22:
         11:d3:6b:c3:32:e0:0e:0c:f1:66:5d:6a:d6:d9:9f:c9:8b:9f:
         20:c8:69:8e:f1:83:67:3b:9d:87:e1:ba:8e:44:43:2c:e0:88:
         c6:fb:c0:d5:86:73:c7:3d:2c:e2:b4:59:fd:ad:c3:2f:34:5e:
         9f:ae:2b:51:ce:8d:f7:0f:27:3d:92:ae:c0:d2:16:f2:57:1f:
         a7:61:8a:36:b5:29:c1:f5:04:8a:1b:86:3b:21:41:e9:8d:a9:
         bc:d0:9b:ce:e6:13:38:16:fe:3c:74:50:cd:f9:0b:bc:94:81:
         9a:14:f9:94:2a:63:ce:74:47:63:11:4e:94:e2:9b:f3:4b:a3:
         05:65:e1:ad:f6:54:57:c0:16:3d:0c:04:d7:43:d0:ff:b4:bb:
         a3:a5:66:e7:46:c9:59:3c:a7:79:83:fc:08:cd:80:84:9f:76:
         4f:89:39:13:d7:b0:ed:d9:e3:44:b5:af:d6:2a:af:99:f0:03:
         3d:a0:93:2d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZk37dHRxoV7iRFJ2k8X9oUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTExMDgzOTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGU5ZWU4YzViYmNmZDVlZTEyNDI3YjJhMWE3YzZjMTg1NTM5ZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hZuOWDUIy2KkrLjz15F0qCTEd6r
OzLPBo+7K/g3+c0vnxgLDSmbjNMgbb1uPFW6DryEjwyYZgQvRoXGba8H8GP8r/n4
wmcoH0sZWosfL60cYIaml2Zx0bDRJB7NsAUSbKSaoygea5fSFOxB3gVDXU1Y0vyR
3eu3OfARcmXCsXWKibaxr4beLo/LlX4qh9qMVnbnw4s7cyNZ6rBExbfU8gUzFp3S
D2K+g6EFoLbxIbMEJeJWCnCsvOWnxrWJtq2UsrlXAIigUjSkrU4T/kiMF7STf073
erp+IIUxlXg2M6ZdFA8QpJSpA1ml+Lw+DYWIaDwkktEWRV8tYpbUyl0kcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAjp7oxbvP1e4SQnsqGnxsGFU54PMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvQ09udWpGdThfVjdoSkNleW9hZkd3WVZUbmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjCAwQB
HzjYAwQAHzkPMA0GCSqGSIb3DQEBCwUAA4IBAQCZC70VvMUfgzOLCoPbsUfVkTLY
H/GET7EUk0VJfuP9BHZNPENUR+0qjpb5VrF3LIbqXPtuhyG8FQE+8BwXt9TliB/b
kGrftSIR02vDMuAODPFmXWrW2Z/Ji58gyGmO8YNnO52H4bqOREMs4IjG+8DVhnPH
PSzitFn9rcMvNF6fritRzo33Dyc9kq7A0hbyVx+nYYo2tSnB9QSKG4Y7IUHpjam8
0JvO5hM4Fv48dFDN+Qu8lIGaFPmUKmPOdEdjEU6U4pvzS6MFZeGt9lRXwBY9DATX
Q9D/tLujpWbnRslZPKd5g/wIzYCEn3ZPiTkT17Dt2eNEta/WKq+Z8AM9oJMt
-----END CERTIFICATE-----