Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XDyTljaL9M8YMxybcFirvGCPoxY.roa
File:                     XDyTljaL9M8YMxybcFirvGCPoxY.roa (raw, json)
Hash identifier:          8XkuyHldun9qYJTSdaaqYvEnUieo3tl7H1BlCgIVofM=
Subject key identifier:   5C:3C:93:96:36:8B:F4:CF:18:33:1C:9B:70:58:AB:BC:60:8F:A3:16
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01951CBC163734A13123BF183C0E804A8681
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XDyTljaL9M8YMxybcFirvGCPoxY.roa
Signing time:             Wed 19 Feb 2025 05:44:02 +0000
ROA not before:           Wed 19 Feb 2025 05:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207994
IP address blocks:        31.57.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1c:bc:16:37:34:a1:31:23:bf:18:3c:0e:80:4a:86:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Feb 19 05:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c3c9396368bf4cf18331c9b7058abbc608fa316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0b:e4:17:5d:3c:9d:b7:9d:5c:1a:9a:77:66:
                    02:b9:b3:03:5e:8b:fc:7f:fe:e6:67:0f:61:d9:31:
                    31:52:dc:82:8f:3c:f9:11:84:e0:3b:6a:5a:d5:b9:
                    7b:d5:ce:cb:81:63:26:33:ff:95:3f:6b:f6:e6:aa:
                    e6:ad:82:5d:7f:3e:9b:ae:48:26:a4:09:45:4b:20:
                    fa:fa:89:cc:cf:cc:5d:43:0c:1c:ae:13:d1:a2:a9:
                    30:f6:c8:14:15:5b:12:de:62:2a:45:e2:95:7e:66:
                    e0:6e:32:0d:53:41:57:18:bd:36:6b:d4:4f:4b:19:
                    f1:ee:59:b8:8b:fa:c4:45:91:b5:a0:15:f3:60:ea:
                    b7:f2:ee:0b:6f:84:23:fc:b9:bd:0e:86:8b:6e:55:
                    c7:3b:47:4b:7c:32:76:a6:de:41:84:08:6c:b7:86:
                    0a:e5:67:a5:5e:75:91:31:8d:a2:6d:cd:72:96:ff:
                    76:2a:58:a9:a9:a4:39:77:74:b8:bc:5f:07:6b:53:
                    0b:ea:09:47:46:9f:fe:c0:17:0a:d2:8e:eb:86:20:
                    19:d9:bc:ce:14:80:8a:8e:55:71:dd:af:6d:30:fc:
                    cb:11:56:7f:20:28:37:6e:22:5c:5b:29:2a:c5:53:
                    bd:c6:9f:ce:5d:c8:e0:51:cf:84:34:8a:9e:d8:40:
                    68:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3C:93:96:36:8B:F4:CF:18:33:1C:9B:70:58:AB:BC:60:8F:A3:16
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/XDyTljaL9M8YMxybcFirvGCPoxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:25:e1:17:34:5e:6a:e1:42:23:82:c5:8b:fa:42:1b:68:50:
         47:89:0d:59:42:32:fd:f4:46:9b:cc:20:64:a1:1f:fc:b6:b2:
         79:5c:c3:ae:71:ae:04:ad:fa:0c:a1:c1:15:14:90:ad:52:af:
         53:74:b3:59:ea:6b:a4:88:6e:8c:bf:0e:11:df:c4:f0:e8:a0:
         72:08:15:a9:4b:55:da:51:8a:2c:21:52:0a:23:07:c3:9f:45:
         2d:24:6e:bb:c9:4e:9c:77:57:13:e7:31:59:24:44:2b:8a:ea:
         b2:75:1c:e3:f0:ea:27:38:9f:7c:d7:bc:f2:d1:64:49:72:c1:
         99:fd:8d:52:31:80:d3:7e:3f:a7:58:bc:89:3b:49:6d:20:72:
         47:4f:e4:95:38:8f:a4:fc:7f:31:51:fa:b0:18:19:fd:d7:8c:
         47:1c:95:42:9b:5b:31:17:a3:e5:a8:89:11:20:a5:51:f6:2e:
         14:2a:e8:80:97:cf:bf:88:37:9e:4b:5d:fc:ca:5e:8d:7f:bd:
         01:6c:2f:d4:93:06:bd:d5:ec:61:ef:8b:20:4a:a9:c4:ad:a1:
         63:a9:f0:74:a5:61:ab:66:ae:5f:f1:ea:2b:56:42:27:fc:05:
         55:71:76:e4:cf:3a:04:46:dc:7c:0c:c4:3f:f2:bf:8f:ec:ff:
         e4:5e:00:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUcvBY3NKExI78YPA6ASoaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMjE5MDU0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNjOTM5NjM2OGJmNGNmMTgzMzFjOWI3MDU4YWJiYzYwOGZhMzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAvkF108nbedXBqad2YCubMDXov8
f/7mZw9h2TExUtyCjzz5EYTgO2pa1bl71c7LgWMmM/+VP2v25qrmrYJdfz6brkgm
pAlFSyD6+onMz8xdQwwcrhPRoqkw9sgUFVsS3mIqReKVfmbgbjINU0FXGL02a9RP
Sxnx7lm4i/rERZG1oBXzYOq38u4Lb4Qj/Lm9DoaLblXHO0dLfDJ2pt5BhAhst4YK
5WelXnWRMY2ibc1ylv92KlipqaQ5d3S4vF8Ha1ML6glHRp/+wBcK0o7rhiAZ2bzO
FICKjlVx3a9tMPzLEVZ/ICg3biJcWykqxVO9xp/OXcjgUc+ENIqe2EBoQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw8k5Y2i/TPGDMcm3BYq7xgj6MWMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWER5VGxqYUw5TThZTXh5YmNGaXJ2R0NQb3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzkiMA0G
CSqGSIb3DQEBCwUAA4IBAQAOJeEXNF5q4UIjgsWL+kIbaFBHiQ1ZQjL99EabzCBk
oR/8trJ5XMOuca4ErfoMocEVFJCtUq9TdLNZ6mukiG6Mvw4R38Tw6KByCBWpS1Xa
UYosIVIKIwfDn0UtJG67yU6cd1cT5zFZJEQriuqydRzj8OonOJ9817zy0WRJcsGZ
/Y1SMYDTfj+nWLyJO0ltIHJHT+SVOI+k/H8xUfqwGBn914xHHJVCm1sxF6PlqIkR
IKVR9i4UKuiAl8+/iDeeS138yl6Nf70BbC/Ukwa91exh74sgSqnEraFjqfB0pWGr
Zq5f8eorVkIn/AVVcXbkzzoERtx8DMQ/8r+P7P/kXgCk
-----END CERTIFICATE-----