Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y8kP30Fbjnp01SLzUQlb2sgBsDw.roa
File:                     Y8kP30Fbjnp01SLzUQlb2sgBsDw.roa (raw, json)
Hash identifier:          eJlkXxVGLiwJFLsS+k7tf+sJAOkb4cvxDwUZ81DWHf4=
Subject key identifier:   63:C9:0F:DF:41:5B:8E:7A:74:D5:22:F3:51:09:5B:DA:C8:01:B0:3C
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428236BEB1B060599F48B5C8F1884B7B5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y8kP30Fbjnp01SLzUQlb2sgBsDw.roa
Signing time:             Thu 02 Jan 2025 17:49:57 +0000
ROA not before:           Thu 02 Jan 2025 17:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213795
IP address blocks:        31.56.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:6b:eb:1b:06:05:99:f4:8b:5c:8f:18:84:b7:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63c90fdf415b8e7a74d522f351095bdac801b03c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:63:0a:1b:6d:03:f3:13:89:9c:52:e6:ca:ad:
                    52:87:3a:ef:25:2e:49:8c:4b:88:30:19:47:4d:69:
                    e0:0f:73:b2:0b:33:3a:38:7b:dd:4f:c8:55:b4:13:
                    ac:83:4e:a5:22:16:90:74:42:5c:6c:9d:ce:b6:25:
                    ae:ed:73:50:5e:35:97:0e:90:ec:39:d0:1a:94:39:
                    71:60:c9:89:74:bc:cc:c5:a1:09:33:3e:37:80:0f:
                    2f:ad:e9:65:0c:1d:6e:47:84:67:82:a0:d6:33:b0:
                    f2:45:fc:85:ec:27:36:41:53:a4:a9:4d:0e:44:2a:
                    82:62:8b:9e:7d:ae:a1:05:c6:da:8a:7a:d9:d7:49:
                    8c:4f:82:15:9a:e2:b7:c9:93:89:9c:b6:b8:c9:ca:
                    f6:0c:75:82:f9:5b:ff:11:41:74:fb:1c:f2:4f:e1:
                    c9:82:30:b7:96:08:50:93:30:f0:ff:84:af:0c:10:
                    ac:41:c6:67:e7:6e:ad:f1:fa:fb:3c:63:6a:bc:38:
                    2f:4a:e3:c7:bb:06:2a:ce:f9:1d:cc:34:62:b7:ab:
                    10:a3:60:95:cb:89:5b:6a:9d:17:38:6f:83:41:47:
                    81:b4:c0:54:e5:04:83:63:af:41:de:41:f1:52:c4:
                    03:5d:a0:7b:ce:41:31:73:98:ac:1e:0c:93:23:f5:
                    ef:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C9:0F:DF:41:5B:8E:7A:74:D5:22:F3:51:09:5B:DA:C8:01:B0:3C
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Y8kP30Fbjnp01SLzUQlb2sgBsDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a2:16:6b:5a:27:8e:b8:10:c6:e8:45:b2:25:c5:bc:17:59:
         e6:aa:e7:ad:d4:d9:a4:6e:c9:56:6e:ad:52:d2:ca:cc:4f:78:
         f6:14:74:62:71:54:c5:d0:8e:dd:d8:8d:91:de:63:99:31:23:
         7d:97:23:43:f8:b9:f5:15:82:83:f2:07:3e:49:b9:5e:47:1a:
         b4:26:e0:9d:f5:ce:4d:c9:ce:47:cd:55:1a:f5:0e:27:c8:e3:
         cc:e9:b9:25:c0:44:f7:a4:fc:9f:f4:88:c1:6d:63:65:1e:1f:
         77:36:eb:c9:22:99:d8:09:ef:4c:38:e7:c7:e0:9a:fc:71:9f:
         53:be:05:78:ad:ec:1e:18:66:06:dc:26:5c:bd:91:b6:fe:5a:
         98:b5:de:5c:66:00:42:6b:39:f9:fb:86:d9:f4:08:c4:8d:d7:
         ef:b4:f0:41:32:81:55:96:12:9d:59:14:ec:86:0f:1e:72:10:
         66:91:0d:8e:03:0e:36:c1:09:dd:45:bc:f7:f0:04:fa:15:e3:
         3d:0e:88:1d:3f:68:43:49:a6:14:65:53:d4:a5:09:47:f7:1a:
         2b:4d:8b:a8:38:11:cd:eb:15:48:a5:69:e8:08:fb:af:c8:ae:
         a1:da:1f:d0:82:eb:13:2f:be:c8:7a:ed:b1:65:1d:9e:c5:8c:
         a0:e9:02:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI2vrGwYFmfSLXI8YhLe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2M5MGZkZjQxNWI4ZTdhNzRkNTIyZjM1MTA5NWJkYWM4MDFiMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWMKG20D8xOJnFLmyq1ShzrvJS5J
jEuIMBlHTWngD3OyCzM6OHvdT8hVtBOsg06lIhaQdEJcbJ3OtiWu7XNQXjWXDpDs
OdAalDlxYMmJdLzMxaEJMz43gA8vrellDB1uR4RngqDWM7DyRfyF7Cc2QVOkqU0O
RCqCYouefa6hBcbainrZ10mMT4IVmuK3yZOJnLa4ycr2DHWC+Vv/EUF0+xzyT+HJ
gjC3lghQkzDw/4SvDBCsQcZn526t8fr7PGNqvDgvSuPHuwYqzvkdzDRit6sQo2CV
y4lbap0XOG+DQUeBtMBU5QSDY69B3kHxUsQDXaB7zkExc5isHgyTI/XvXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPJD99BW456dNUi81EJW9rIAbA8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvWThrUDMwRmJqbnAwMVNMelVRbGIyc2dCc0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzg8MA0G
CSqGSIb3DQEBCwUAA4IBAQAaohZrWieOuBDG6EWyJcW8F1nmquet1NmkbslWbq1S
0srMT3j2FHRicVTF0I7d2I2R3mOZMSN9lyND+Ln1FYKD8gc+SbleRxq0JuCd9c5N
yc5HzVUa9Q4nyOPM6bklwET3pPyf9IjBbWNlHh93NuvJIpnYCe9MOOfH4Jr8cZ9T
vgV4reweGGYG3CZcvZG2/lqYtd5cZgBCazn5+4bZ9AjEjdfvtPBBMoFVlhKdWRTs
hg8echBmkQ2OAw42wQndRbz38AT6FeM9DogdP2hDSaYUZVPUpQlH9xorTYuoOBHN
6xVIpWnoCPuvyK6h2h/QgusTL77Ieu2xZR2exYyg6QIp
-----END CERTIFICATE-----