Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a20O-6kl01QOZxZTrPRyPRvEvfE.roa
File:                     a20O-6kl01QOZxZTrPRyPRvEvfE.roa (raw, json)
Hash identifier:          Dfkz3g2McP7eqq+KPxt455nIgsXOm42gNK6pakUFycY=
Subject key identifier:   6B:6D:0E:FB:A9:25:D3:54:0E:67:16:53:AC:F4:72:3D:1B:C4:BD:F1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01927BF82230040D0F8094E9C504037BC316
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a20O-6kl01QOZxZTrPRyPRvEvfE.roa
Signing time:             Fri 11 Oct 2024 14:25:12 +0000
ROA not before:           Fri 11 Oct 2024 14:25:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        31.57.100.0/24 maxlen: 24
                          31.57.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:f8:22:30:04:0d:0f:80:94:e9:c5:04:03:7b:c3:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Oct 11 14:25:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b6d0efba925d3540e671653acf4723d1bc4bdf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:99:34:6d:78:26:0e:33:c2:7f:0c:b1:78:24:
                    8a:aa:f0:c0:17:95:a4:35:10:4e:80:7f:e5:41:bc:
                    2f:40:fa:04:33:22:58:7c:a6:f0:5e:a6:6f:35:5f:
                    c8:e1:b4:3b:0f:db:68:05:66:f7:7b:f2:05:7c:0a:
                    46:22:b3:bf:f8:25:6e:36:5f:45:d1:c5:26:b3:d1:
                    e7:ba:4b:c0:fc:e9:ee:75:01:73:8c:61:21:ba:3e:
                    21:b6:bd:38:d9:ac:5c:99:fe:82:29:6d:29:00:0d:
                    4e:46:62:8a:9a:c7:f6:40:7e:0e:c0:2c:9e:b6:b5:
                    30:c2:fa:82:15:ce:10:39:a9:08:c5:0b:f4:87:4a:
                    a3:22:8b:1b:d1:cb:c6:eb:32:ef:29:be:57:0e:f3:
                    4e:0f:46:fa:7f:bf:23:18:74:25:ce:e6:e9:bf:42:
                    64:cf:d4:f4:90:4f:65:f5:ba:2e:03:d7:9a:76:19:
                    c2:68:7e:fc:92:f9:9e:2c:6c:1c:59:05:2a:7a:2e:
                    41:64:4d:5c:49:4f:60:65:df:43:c5:6e:63:e4:42:
                    b9:70:47:2a:f4:09:d7:7a:25:22:4a:69:65:7e:5e:
                    bd:c6:90:0a:76:7b:91:d1:2a:30:38:5c:34:2c:fc:
                    a9:22:03:08:70:eb:9a:46:d5:9a:70:34:bf:5e:fb:
                    7f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:6D:0E:FB:A9:25:D3:54:0E:67:16:53:AC:F4:72:3D:1B:C4:BD:F1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a20O-6kl01QOZxZTrPRyPRvEvfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.100.0/24
                  31.57.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:86:5a:71:56:73:94:8f:be:cd:c5:8b:83:d7:39:31:ba:5e:
         c3:dc:a1:3e:bf:e6:37:e9:91:2e:fb:8a:16:d4:e1:de:c4:ab:
         72:34:63:c1:af:91:7f:23:d8:09:45:29:2b:85:20:75:93:04:
         9c:69:a9:d0:6d:69:47:e2:51:97:97:bc:82:89:62:6f:87:6f:
         cb:bd:d0:75:9c:db:ee:8c:7e:b6:37:e1:1f:6e:b3:e7:23:17:
         d9:b5:68:e8:31:ca:de:41:3a:fe:4c:ca:01:fc:76:d1:d2:15:
         33:33:49:71:dc:35:7d:12:db:c3:53:4d:2a:cf:92:ac:3f:e3:
         01:0d:b3:fe:cf:5a:1f:06:fe:0e:60:13:b2:28:bf:d0:c8:e0:
         24:ad:d3:5c:c0:e8:a5:84:47:02:ed:01:32:33:73:8b:c2:10:
         d2:a3:78:ce:1a:8c:4b:67:99:71:80:8a:af:27:5c:d5:c0:01:
         e9:48:f5:b1:a1:fd:fd:a4:01:9d:a9:96:a5:f4:60:30:77:78:
         ac:61:16:3c:2e:62:ef:49:eb:7f:63:28:ea:cf:dd:47:23:8e:
         4d:68:50:42:43:0b:46:c6:3e:d4:21:db:00:a3:cb:5a:49:54:
         82:90:28:eb:e2:0b:ef:ce:66:7f:23:14:8a:6f:de:7a:24:cb:
         80:6e:41:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJ7+CIwBA0PgJTpxQQDe8MWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDExMTQyNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjZkMGVmYmE5MjVkMzU0MGU2NzE2NTNhY2Y0NzIzZDFiYzRiZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jk0bXgmDjPCfwyxeCSKqvDAF5Wk
NRBOgH/lQbwvQPoEMyJYfKbwXqZvNV/I4bQ7D9toBWb3e/IFfApGIrO/+CVuNl9F
0cUms9HnukvA/OnudQFzjGEhuj4htr042axcmf6CKW0pAA1ORmKKmsf2QH4OwCye
trUwwvqCFc4QOakIxQv0h0qjIosb0cvG6zLvKb5XDvNOD0b6f78jGHQlzubpv0Jk
z9T0kE9l9bouA9eadhnCaH78kvmeLGwcWQUqei5BZE1cSU9gZd9DxW5j5EK5cEcq
9AnXeiUiSmllfl69xpAKdnuR0SowOFw0LPypIgMIcOuaRtWacDS/Xvt/XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGttDvupJdNUDmcWU6z0cj0bxL3xMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYTIwTy02a2wwMVFPWnhaVHJQUnlQUnZFdmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzlkAwQA
Hzn4MA0GCSqGSIb3DQEBCwUAA4IBAQAlhlpxVnOUj77NxYuD1zkxul7D3KE+v+Y3
6ZEu+4oW1OHexKtyNGPBr5F/I9gJRSkrhSB1kwScaanQbWlH4lGXl7yCiWJvh2/L
vdB1nNvujH62N+EfbrPnIxfZtWjoMcreQTr+TMoB/HbR0hUzM0lx3DV9EtvDU00q
z5KsP+MBDbP+z1ofBv4OYBOyKL/QyOAkrdNcwOilhEcC7QEyM3OLwhDSo3jOGoxL
Z5lxgIqvJ1zVwAHpSPWxof39pAGdqZal9GAwd3isYRY8LmLvSet/Yyjqz91HI45N
aFBCQwtGxj7UIdsAo8taSVSCkCjr4gvvzmZ/IxSKb956JMuAbkE1
-----END CERTIFICATE-----