Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HpIcv1AMZGkDF0ziP8eXzZlCnBs.roa
File:                     HpIcv1AMZGkDF0ziP8eXzZlCnBs.roa (raw, json)
Hash identifier:          SZXgCVBQBnYEDStYQnpECwcECdML6QBVDeDW1w0fGgk=
Subject key identifier:   1E:92:1C:BF:50:0C:64:69:03:17:4C:E2:3F:C7:97:CD:99:42:9C:1B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282378E4FC85EF19BED195A13BE14F61
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HpIcv1AMZGkDF0ziP8eXzZlCnBs.roa
Signing time:             Thu 02 Jan 2025 17:50:00 +0000
ROA not before:           Thu 02 Jan 2025 17:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214914
IP address blocks:        31.57.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:78:e4:fc:85:ef:19:be:d1:95:a1:3b:e1:4f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e921cbf500c646903174ce23fc797cd99429c1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6f:b8:9a:f7:49:33:a9:2e:3e:11:e0:17:a5:
                    6a:a0:65:3e:d1:8f:7f:a3:86:26:39:28:0c:12:da:
                    39:b7:46:c9:5e:66:7d:c5:67:58:68:10:72:89:92:
                    02:e9:31:9e:61:67:78:be:fe:7c:dd:47:f2:78:e7:
                    b8:0a:7d:69:2a:da:20:04:ca:75:85:1f:44:49:56:
                    28:84:a2:8f:c5:e9:df:05:3f:7b:82:06:6b:d6:84:
                    56:3e:0a:ac:54:c9:a6:48:e9:a2:d0:5b:f4:50:4a:
                    ac:06:bd:67:15:2d:3b:ea:2b:a6:6b:d5:8c:15:ee:
                    36:5a:af:c5:75:45:15:ea:d1:4e:65:61:9d:03:22:
                    08:36:be:dc:05:9e:be:b7:47:61:cb:0f:37:42:54:
                    18:ad:7d:f4:25:7e:32:9c:a3:fa:1f:3a:da:ac:32:
                    0f:1b:62:bf:8f:ad:84:27:4c:2e:3c:f2:68:83:ef:
                    80:db:96:2b:f9:11:3b:70:e1:f0:a5:6a:20:6d:45:
                    b6:6e:96:8b:96:f1:52:c1:e3:05:ad:ed:81:69:78:
                    16:7e:fc:47:97:9b:fe:38:b0:45:e6:c8:72:25:e1:
                    cd:b6:5b:67:92:fa:88:9c:a1:24:5a:25:f9:f3:95:
                    cf:26:9a:0a:24:67:29:19:0c:ce:12:da:4d:e2:76:
                    b7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:92:1C:BF:50:0C:64:69:03:17:4C:E2:3F:C7:97:CD:99:42:9C:1B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/HpIcv1AMZGkDF0ziP8eXzZlCnBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:db:af:46:92:a8:73:14:db:b3:2f:ad:3d:ec:56:8b:cf:ea:
         12:4d:2e:b0:7e:36:e1:81:82:f8:11:c0:44:02:97:dd:0d:ae:
         6f:fd:89:01:46:89:95:02:78:9f:65:28:92:f6:1d:eb:ca:c0:
         a1:10:d5:73:6a:74:38:49:5f:0e:4e:93:a5:20:4e:22:7b:e4:
         0f:43:46:ba:24:a7:2c:c5:d2:17:0f:69:68:d6:80:4b:86:73:
         72:ca:22:65:0f:9b:44:6c:80:0f:58:5f:f4:c0:51:a7:c3:47:
         2e:98:e1:2d:37:3a:22:80:01:30:dd:8f:e2:25:9a:af:42:0a:
         d6:b2:93:16:29:98:0e:8c:60:28:d3:37:3f:c0:4f:92:ea:9c:
         3f:2d:80:06:9c:8a:a0:25:51:97:a8:5e:a7:32:14:02:d7:46:
         9e:1e:f0:71:f8:eb:ce:40:30:b7:d4:30:31:ad:e4:7a:27:5d:
         86:c1:ef:1d:f1:6e:bd:21:2c:18:cb:66:2c:4d:12:d6:cb:6e:
         25:f3:a1:c3:09:01:4c:b9:06:a6:65:2a:8e:e6:16:ad:93:6a:
         0b:2c:e0:80:bf:6d:7e:d9:08:c1:be:2a:6b:de:94:c4:fa:f1:
         99:ed:5c:fb:3b:5f:e6:41:c9:7a:4c:23:97:bf:a2:fe:d3:d9:
         34:2b:2b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI3jk/IXvGb7RlaE74U9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkyMWNiZjUwMGM2NDY5MDMxNzRjZTIzZmM3OTdjZDk5NDI5YzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2+4mvdJM6kuPhHgF6VqoGU+0Y9/
o4YmOSgMEto5t0bJXmZ9xWdYaBByiZIC6TGeYWd4vv583UfyeOe4Cn1pKtogBMp1
hR9ESVYohKKPxenfBT97ggZr1oRWPgqsVMmmSOmi0Fv0UEqsBr1nFS076iuma9WM
Fe42Wq/FdUUV6tFOZWGdAyIINr7cBZ6+t0dhyw83QlQYrX30JX4ynKP6HzrarDIP
G2K/j62EJ0wuPPJog++A25Yr+RE7cOHwpWogbUW2bpaLlvFSweMFre2BaXgWfvxH
l5v+OLBF5shyJeHNtltnkvqInKEkWiX585XPJpoKJGcpGQzOEtpN4na3oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6SHL9QDGRpAxdM4j/Hl82ZQpwbMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSHBJY3YxQU1aR2tERjB6aVA4ZVh6WmxDbkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlCMA0G
CSqGSIb3DQEBCwUAA4IBAQBr269GkqhzFNuzL6097FaLz+oSTS6wfjbhgYL4EcBE
ApfdDa5v/YkBRomVAnifZSiS9h3rysChENVzanQ4SV8OTpOlIE4ie+QPQ0a6JKcs
xdIXD2lo1oBLhnNyyiJlD5tEbIAPWF/0wFGnw0cumOEtNzoigAEw3Y/iJZqvQgrW
spMWKZgOjGAo0zc/wE+S6pw/LYAGnIqgJVGXqF6nMhQC10aeHvBx+OvOQDC31DAx
reR6J12Gwe8d8W69ISwYy2YsTRLWy24l86HDCQFMuQamZSqO5hatk2oLLOCAv21+
2QjBvipr3pTE+vGZ7Vz7O1/mQcl6TCOXv6L+09k0Kytu
-----END CERTIFICATE-----