Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HKknEEYe8lGuCaFVowhylqmkWG0.roa
File:                     HKknEEYe8lGuCaFVowhylqmkWG0.roa (raw, json)
Hash identifier:          jLjh6pKdN6TJUjLJJE+ErkWFzAg+ff7yDFqZxUDtdHk=
Subject key identifier:   1C:A9:27:10:46:1E:F2:51:AE:09:A1:55:A3:08:72:96:A9:A4:58:6D
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0191FE554D2CC3DAB5331462B5CC1254553F
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HKknEEYe8lGuCaFVowhylqmkWG0.roa
Signing time:             Tue 17 Sep 2024 04:54:48 +0000
ROA not before:           Tue 17 Sep 2024 04:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        31.57.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fe:55:4d:2c:c3:da:b5:33:14:62:b5:cc:12:54:55:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 17 04:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ca92710461ef251ae09a155a3087296a9a4586d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:10:9c:3e:a9:cc:a6:54:a6:d8:07:30:65:5c:
                    1b:1a:31:24:09:2e:9d:05:ad:04:25:37:97:cf:a6:
                    4f:25:1f:7b:df:48:42:f1:b0:a1:97:15:20:eb:89:
                    e7:74:c7:34:fe:45:5e:73:b7:7f:6e:72:4f:c0:91:
                    5d:0d:27:3f:c6:0b:97:4d:a2:24:6f:2e:71:ae:fe:
                    4f:eb:4c:3d:02:e2:89:53:87:bc:14:fd:e7:b5:3a:
                    b1:e0:c8:5a:a3:38:01:e8:5d:5b:ac:2d:c4:50:b2:
                    83:b3:d6:a3:04:78:07:a9:6a:e7:87:3d:b8:17:7b:
                    c8:49:a9:66:10:d5:22:9f:9d:f9:6b:4c:cf:0a:6f:
                    9d:99:17:48:b4:e2:d6:64:35:62:d9:1c:38:50:54:
                    45:2a:50:de:04:4c:75:1b:50:55:9c:c9:41:20:24:
                    24:c7:4a:a4:13:e6:3e:53:a3:ee:58:c4:ef:62:4d:
                    3a:2c:bc:ca:5f:af:2f:77:5a:18:03:f3:c6:56:dd:
                    b9:f0:5b:ac:a4:d3:64:d4:9c:16:3d:81:92:dc:1b:
                    72:46:32:24:a4:c5:fd:d2:45:74:c3:0c:dc:31:6b:
                    1e:8c:a4:31:db:bf:d1:fb:cd:48:a2:a0:36:1b:c0:
                    1f:50:9c:0f:df:d9:bd:ae:c9:32:5b:f7:e2:56:4e:
                    76:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A9:27:10:46:1E:F2:51:AE:09:A1:55:A3:08:72:96:A9:A4:58:6D
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HKknEEYe8lGuCaFVowhylqmkWG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:21:fa:5d:22:b4:0f:9f:7d:5e:e4:24:45:35:fe:3a:36:ad:
         b5:74:a4:83:6e:0b:15:48:21:22:6c:04:a2:6d:38:be:87:2e:
         0c:05:ed:46:1d:87:ff:89:86:c2:12:83:e5:3d:d0:39:8d:85:
         54:3a:46:74:9b:ed:18:6a:da:68:19:bd:db:ee:0e:b1:b4:e2:
         ab:79:0c:71:f2:66:af:86:16:38:f4:e6:a6:43:14:b9:77:37:
         de:6b:3e:42:88:4d:7d:7c:b1:b5:eb:15:9c:2b:6f:89:62:80:
         a9:63:87:a4:8f:86:0f:f7:89:fe:a0:54:6c:eb:10:21:d4:b8:
         eb:a0:e0:47:66:23:6a:a0:7b:2b:01:ca:89:b0:1d:17:9a:bf:
         71:ca:59:e5:f7:29:55:4c:75:d6:5b:d7:98:5a:d9:2c:b3:f1:
         47:bf:16:3a:ac:68:af:de:6d:3c:a8:df:7b:ee:c1:92:02:ba:
         fb:00:ba:1a:6a:69:d2:af:06:a9:3d:ac:aa:37:54:e3:50:e0:
         8a:f1:0b:c1:ec:cb:cd:c5:5c:82:0a:37:66:9c:a6:0e:9f:20:
         38:04:f2:35:8a:78:d3:7d:98:65:10:a2:38:58:d5:5e:71:d1:
         7c:c5:e7:6c:bf:fb:28:82:72:0c:9d:dc:4c:e4:ad:e7:15:d8:
         29:8f:54:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH+VU0sw9q1MxRitcwSVFU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTE3MDQ1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2E5MjcxMDQ2MWVmMjUxYWUwOWExNTVhMzA4NzI5NmE5YTQ1ODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphCcPqnMplSm2AcwZVwbGjEkCS6d
Ba0EJTeXz6ZPJR9730hC8bChlxUg64nndMc0/kVec7d/bnJPwJFdDSc/xguXTaIk
by5xrv5P60w9AuKJU4e8FP3ntTqx4MhaozgB6F1brC3EULKDs9ajBHgHqWrnhz24
F3vISalmENUin535a0zPCm+dmRdItOLWZDVi2Rw4UFRFKlDeBEx1G1BVnMlBICQk
x0qkE+Y+U6PuWMTvYk06LLzKX68vd1oYA/PGVt258FuspNNk1JwWPYGS3BtyRjIk
pMX90kV0wwzcMWsejKQx27/R+81IoqA2G8AfUJwP39m9rskyW/fiVk52TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBypJxBGHvJRrgmhVaMIcpappFhtMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSEtrbkVFWWU4bEd1Q2FGVm93aHlscW1rV0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzmUMA0G
CSqGSIb3DQEBCwUAA4IBAQCOIfpdIrQPn31e5CRFNf46Nq21dKSDbgsVSCEibASi
bTi+hy4MBe1GHYf/iYbCEoPlPdA5jYVUOkZ0m+0YatpoGb3b7g6xtOKreQxx8mav
hhY49OamQxS5dzfeaz5CiE19fLG16xWcK2+JYoCpY4ekj4YP94n+oFRs6xAh1Ljr
oOBHZiNqoHsrAcqJsB0Xmr9xylnl9ylVTHXWW9eYWtkss/FHvxY6rGiv3m08qN97
7sGSArr7ALoaamnSrwapPayqN1TjUOCK8QvB7MvNxVyCCjdmnKYOnyA4BPI1injT
fZhlEKI4WNVecdF8xedsv/sognIMndxM5K3nFdgpj1S9
-----END CERTIFICATE-----