Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R3lvBTpsmzy1jgqWDTZ0hh-ukps.roa
File:                     R3lvBTpsmzy1jgqWDTZ0hh-ukps.roa (raw, json)
Hash identifier:          8X16HoBlasL+EKgKnurcRwAwXKxbvfYHLybr5ug5FRA=
Subject key identifier:   47:79:6F:05:3A:6C:9B:3C:B5:8E:0A:96:0D:36:74:86:1F:AE:92:9B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196FDB27DAD3CC8E5AA9DAF0534060F28B3
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R3lvBTpsmzy1jgqWDTZ0hh-ukps.roa
Signing time:             Fri 23 May 2025 15:10:55 +0000
ROA not before:           Fri 23 May 2025 15:10:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216022
IP address blocks:        31.56.241.0/24 maxlen: 24
                          31.57.40.0/24 maxlen: 24
                          31.57.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:b2:7d:ad:3c:c8:e5:aa:9d:af:05:34:06:0f:28:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May 23 15:10:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47796f053a6c9b3cb58e0a960d3674861fae929b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:17:39:ae:01:de:ad:36:9f:ac:da:b6:72:4a:
                    4d:77:1a:24:b3:ad:16:c3:6e:fa:d0:c2:b8:4c:84:
                    5a:c1:57:bb:ae:df:e9:c4:17:98:33:a7:a9:89:40:
                    90:0e:bd:c2:9b:cd:9a:ca:f7:63:bd:f1:3a:54:65:
                    58:b6:d1:8d:54:9d:a6:c1:b3:03:f3:1c:68:4d:be:
                    e3:ee:9c:5a:90:af:84:1b:ac:67:36:cc:a6:4c:30:
                    c9:19:14:78:5a:2f:1a:1c:0b:37:87:7a:0d:8e:c8:
                    3e:95:81:2d:37:ce:a4:38:c6:a1:33:c2:44:b6:b6:
                    38:d4:7d:b9:54:c2:d4:a7:d3:ce:1e:31:11:92:16:
                    bf:41:b8:5e:86:dd:69:24:a3:51:0b:c0:a9:0f:94:
                    38:67:d8:10:e7:4d:62:1a:01:81:e3:1f:cb:47:ee:
                    77:8b:79:53:23:36:be:53:85:ec:6c:ba:ec:d5:e2:
                    2d:9a:08:7d:08:9e:c0:35:32:21:5a:02:89:f1:e7:
                    ff:e7:04:62:3e:47:ad:b5:ea:30:c2:d1:c7:e3:0a:
                    25:eb:5e:a1:25:ee:20:7b:8e:c2:fa:95:65:05:fc:
                    a6:a5:2e:c5:09:79:46:32:0a:14:47:3b:21:30:eb:
                    e0:b5:32:32:ff:c8:37:49:29:c8:a7:c1:b6:54:12:
                    db:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:79:6F:05:3A:6C:9B:3C:B5:8E:0A:96:0D:36:74:86:1F:AE:92:9B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/R3lvBTpsmzy1jgqWDTZ0hh-ukps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.241.0/24
                  31.57.40.0/24
                  31.57.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:48:8c:5f:d7:23:70:52:af:13:22:81:46:c3:a8:ff:df:55:
         e0:33:44:f9:b3:ff:57:4b:49:89:7d:b0:02:2b:c6:60:34:03:
         da:82:bc:9c:d7:ba:7a:f5:2d:f8:fd:3a:7b:7d:d5:13:21:8b:
         42:b6:69:14:8c:ce:92:8c:34:aa:8e:9e:12:25:ca:90:8a:cd:
         97:35:1d:ca:e2:41:ba:1e:7b:a0:97:17:86:88:88:d2:ad:aa:
         f4:8a:27:92:a4:45:43:a9:b4:b6:aa:5b:74:40:58:50:10:4b:
         c5:5b:d3:15:72:fa:14:1e:39:e8:4d:3c:4f:cb:51:d2:c1:64:
         cc:dd:a1:d2:e2:18:89:04:f0:8f:35:f9:51:e9:15:21:67:8f:
         08:37:16:c9:de:60:c4:0b:4d:e8:c4:84:fe:68:1f:86:dc:98:
         a2:f3:6d:86:ec:0c:1e:c3:73:bb:f4:04:50:f4:90:56:2a:c6:
         65:16:b0:cf:b3:23:fb:84:3c:4f:b7:a8:fd:05:7a:4b:aa:6c:
         bf:f4:f8:c0:fc:30:5e:ab:83:0d:eb:5c:82:23:71:a4:57:95:
         55:b1:e9:86:20:9a:4f:2f:01:8a:86:b0:f0:3d:94:a7:a1:a4:
         fb:57:2a:c6:b8:3d:8f:89:93:06:b8:6b:54:13:17:7d:83:59:
         c7:94:f5:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZb9sn2tPMjlqp2vBTQGDyizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTIzMTUxMDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc5NmYwNTNhNmM5YjNjYjU4ZTBhOTYwZDM2NzQ4NjFmYWU5MjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBc5rgHerTafrNq2ckpNdxoks60W
w2760MK4TIRawVe7rt/pxBeYM6epiUCQDr3Cm82ayvdjvfE6VGVYttGNVJ2mwbMD
8xxoTb7j7pxakK+EG6xnNsymTDDJGRR4Wi8aHAs3h3oNjsg+lYEtN86kOMahM8JE
trY41H25VMLUp9POHjERkha/Qbheht1pJKNRC8CpD5Q4Z9gQ501iGgGB4x/LR+53
i3lTIza+U4XsbLrs1eItmgh9CJ7ANTIhWgKJ8ef/5wRiPketteowwtHH4wol616h
Je4ge47C+pVlBfympS7FCXlGMgoURzshMOvgtTIy/8g3SSnIp8G2VBLbmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEd5bwU6bJs8tY4Klg02dIYfrpKbMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUjNsdkJUcHNtenkxamdxV0RUWjBoaC11a3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjxAwQA
HzkoAwQAHzlzMA0GCSqGSIb3DQEBCwUAA4IBAQBESIxf1yNwUq8TIoFGw6j/31Xg
M0T5s/9XS0mJfbACK8ZgNAPagryc17p69S34/Tp7fdUTIYtCtmkUjM6SjDSqjp4S
JcqQis2XNR3K4kG6HnuglxeGiIjSrar0iieSpEVDqbS2qlt0QFhQEEvFW9MVcvoU
HjnoTTxPy1HSwWTM3aHS4hiJBPCPNflR6RUhZ48INxbJ3mDEC03oxIT+aB+G3Jii
822G7Awew3O79ARQ9JBWKsZlFrDPsyP7hDxPt6j9BXpLqmy/9PjA/DBeq4MN61yC
I3GkV5VVsemGIJpPLwGKhrDwPZSnoaT7VyrGuD2PiZMGuGtUExd9g1nHlPWD
-----END CERTIFICATE-----