Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OGy_ZWicbi11dMMHjq4GefTjI3Y.roa
File:                     OGy_ZWicbi11dMMHjq4GefTjI3Y.roa (raw, json)
Hash identifier:          bHEPBMM0cQwsNeVo5Yw8caVQSAiCTiZagjH55oiVdVk=
Subject key identifier:   38:6C:BF:65:68:9C:6E:2D:75:74:C3:07:8E:AE:06:79:F4:E3:23:76
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0191BEC4525234247CCC46CA939027075596
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OGy_ZWicbi11dMMHjq4GefTjI3Y.roa
Signing time:             Wed 04 Sep 2024 20:40:22 +0000
ROA not before:           Wed 04 Sep 2024 20:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273034
IP address blocks:        31.56.152.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:be:c4:52:52:34:24:7c:cc:46:ca:93:90:27:07:55:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  4 20:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=386cbf65689c6e2d7574c3078eae0679f4e32376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e8:83:8a:38:2d:c0:25:36:19:79:e4:f8:b1:
                    f7:11:e3:96:f3:d1:93:3a:2f:37:ce:80:a1:6b:0b:
                    56:c8:b0:5b:1d:83:4b:f7:47:66:f0:23:ef:74:89:
                    03:bd:d3:a2:25:5c:31:23:ff:e6:4d:4c:79:c2:d4:
                    f9:04:3d:01:5d:c1:cf:e9:ef:87:20:b9:ee:65:0a:
                    3c:df:f2:59:8d:ee:10:83:f6:2a:11:bb:73:21:42:
                    ee:9b:df:aa:24:b4:6c:ea:32:3c:6f:e3:4e:4b:ae:
                    f2:3e:ea:57:d3:81:b8:38:69:71:28:cb:c2:17:bb:
                    69:48:54:39:7f:03:c6:53:a0:20:4c:8a:f0:f5:eb:
                    c8:98:23:3a:d1:d0:3d:4f:40:82:40:06:28:c4:0a:
                    36:54:ad:44:51:7c:c8:b2:6f:5e:d3:7d:62:87:6f:
                    d8:fa:62:46:c7:f5:2f:ce:63:1c:c6:b3:0e:04:6a:
                    21:48:a4:0f:76:c4:d6:75:50:27:c5:7e:0a:e4:11:
                    8c:3c:54:b9:4e:e4:f8:0b:d3:c7:9c:c5:12:c2:8f:
                    85:2b:f7:bf:fb:97:ef:ae:46:a5:5d:2f:2b:98:35:
                    d8:44:7c:c7:79:73:42:8e:a2:e1:c4:79:ff:98:33:
                    88:3b:81:2c:3f:2b:90:78:91:bc:fd:a0:0f:77:b1:
                    9d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6C:BF:65:68:9C:6E:2D:75:74:C3:07:8E:AE:06:79:F4:E3:23:76
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/OGy_ZWicbi11dMMHjq4GefTjI3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:7a:99:df:ca:7b:91:2b:72:cf:d0:26:06:77:59:2b:32:3a:
         2f:70:b8:53:cc:97:8f:3d:20:5c:a0:2b:c7:88:f7:da:4a:6d:
         d5:da:04:0f:db:c2:96:86:51:1e:15:ca:c0:55:e7:15:5a:35:
         ba:90:83:d7:de:d0:02:5a:c7:08:03:0e:3c:81:83:69:af:12:
         4c:e1:72:e7:14:d0:af:ed:ff:0c:d4:a1:07:05:fa:1a:40:94:
         73:ee:7e:b8:c9:6a:53:07:41:45:fa:9c:38:fe:96:e1:7f:c7:
         fd:64:17:45:2d:e9:80:ad:23:41:0e:77:6e:73:63:16:b8:62:
         be:c6:da:3d:c4:51:05:27:e9:f7:1a:bb:ed:1e:57:a1:a3:d4:
         90:10:69:93:39:09:20:65:4e:e1:db:35:01:6d:8e:4f:33:1f:
         e3:d6:1f:72:f1:a3:85:89:32:a8:3a:c7:d3:ba:24:26:2a:5f:
         f5:17:a3:f4:b5:c8:74:09:88:d0:d1:be:b3:7b:ef:76:3d:93:
         0b:79:6f:4c:63:c0:2d:5f:a9:a6:9b:87:87:fe:39:10:8f:95:
         5c:c5:bd:24:92:9d:61:4a:98:4d:cc:ad:6e:e0:97:f9:4d:02:
         0a:0b:53:cf:cf:65:aa:a0:14:31:a0:b6:eb:6a:e0:1c:2d:7e:
         47:70:75:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG+xFJSNCR8zEbKk5AnB1WWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTA0MjA0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZjYmY2NTY4OWM2ZTJkNzU3NGMzMDc4ZWFlMDY3OWY0ZTMyMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOiDijgtwCU2GXnk+LH3EeOW89GT
Oi83zoChawtWyLBbHYNL90dm8CPvdIkDvdOiJVwxI//mTUx5wtT5BD0BXcHP6e+H
ILnuZQo83/JZje4Qg/YqEbtzIULum9+qJLRs6jI8b+NOS67yPupX04G4OGlxKMvC
F7tpSFQ5fwPGU6AgTIrw9evImCM60dA9T0CCQAYoxAo2VK1EUXzIsm9e031ih2/Y
+mJGx/UvzmMcxrMOBGohSKQPdsTWdVAnxX4K5BGMPFS5TuT4C9PHnMUSwo+FK/e/
+5fvrkalXS8rmDXYRHzHeXNCjqLhxHn/mDOIO4EsPyuQeJG8/aAPd7GdgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhsv2VonG4tdXTDB46uBnn04yN2MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvT0d5X1pXaWNiaTExZE1NSGpxNEdlZlRqSTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHziYMA0G
CSqGSIb3DQEBCwUAA4IBAQAuepnfynuRK3LP0CYGd1krMjovcLhTzJePPSBcoCvH
iPfaSm3V2gQP28KWhlEeFcrAVecVWjW6kIPX3tACWscIAw48gYNprxJM4XLnFNCv
7f8M1KEHBfoaQJRz7n64yWpTB0FF+pw4/pbhf8f9ZBdFLemArSNBDnduc2MWuGK+
xto9xFEFJ+n3GrvtHleho9SQEGmTOQkgZU7h2zUBbY5PMx/j1h9y8aOFiTKoOsfT
uiQmKl/1F6P0tch0CYjQ0b6ze+92PZMLeW9MY8AtX6mmm4eH/jkQj5Vcxb0kkp1h
SphNzK1u4Jf5TQIKC1PPz2WqoBQxoLbrauAcLX5HcHUY
-----END CERTIFICATE-----