Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gN7CDdtdb6YnAw1T2OtZ113Ye4g.roa
File:                     gN7CDdtdb6YnAw1T2OtZ113Ye4g.roa (raw, json)
Hash identifier:          /3DrwXIQUt36ERxgekW6jH1XyVXHnKwsqf/O9WUFo7E=
Subject key identifier:   80:DE:C2:0D:DB:5D:6F:A6:27:03:0D:53:D8:EB:59:D7:5D:D8:7B:88
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428235A4C677280CDE1A942C33B4C5E1D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gN7CDdtdb6YnAw1T2OtZ113Ye4g.roa
Signing time:             Thu 02 Jan 2025 17:49:52 +0000
ROA not before:           Thu 02 Jan 2025 17:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197071
IP address blocks:        31.56.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:5a:4c:67:72:80:cd:e1:a9:42:c3:3b:4c:5e:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80dec20ddb5d6fa627030d53d8eb59d75dd87b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b4:16:f0:49:dd:2d:f7:c2:60:12:41:96:17:
                    14:da:a3:95:65:a4:aa:50:ef:91:42:0b:1b:4c:60:
                    a9:e2:93:90:4c:52:3b:59:ff:36:7b:79:da:1c:aa:
                    9f:6a:74:b2:dc:8a:d4:4c:46:25:bd:ed:f5:d8:39:
                    a3:89:fa:29:f8:31:a8:15:f5:bb:38:38:66:e7:8f:
                    15:8f:a9:70:d8:05:05:be:2e:c5:bd:53:25:68:d8:
                    95:86:73:38:2d:71:41:f0:d9:7e:79:d7:76:65:de:
                    aa:5b:6a:01:69:b6:f6:ab:0b:ef:4c:a5:01:ec:c3:
                    25:c3:ad:7d:83:a2:1e:30:d5:91:50:f8:0b:53:d3:
                    35:2a:f9:11:71:eb:8b:4e:ac:47:d5:03:87:1a:1a:
                    ee:cd:70:59:b2:18:b7:0d:a6:31:78:3e:4f:48:d1:
                    34:d8:30:8d:33:2c:76:ed:46:14:e9:d6:27:9b:08:
                    52:ab:3c:95:75:8e:3b:1e:a9:25:31:6e:6b:bb:b0:
                    ab:93:ed:87:05:22:3a:bc:f6:03:54:13:6c:f0:6e:
                    fb:c7:80:85:68:a9:68:5c:bb:51:ec:38:82:53:21:
                    c1:32:58:7c:a1:ec:54:42:93:72:11:6e:a0:d9:62:
                    29:c8:31:57:48:7d:50:5a:4f:ed:a8:98:c0:40:d9:
                    73:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:DE:C2:0D:DB:5D:6F:A6:27:03:0D:53:D8:EB:59:D7:5D:D8:7B:88
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/gN7CDdtdb6YnAw1T2OtZ113Ye4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:9c:79:22:7f:14:25:4f:69:5d:51:d5:cc:7b:9c:1f:7c:84:
         2c:85:b9:a8:e4:08:37:5e:72:3b:62:00:b7:5f:72:92:1f:0b:
         d7:6e:8e:fd:df:8c:e1:7a:e0:67:5a:dd:f2:a1:50:88:66:d8:
         08:ca:22:bc:2e:50:44:67:f5:1b:f1:b8:e8:45:cf:f8:39:99:
         c6:76:8b:ab:57:be:ab:7e:3c:3f:d9:12:34:c2:e0:12:ab:5b:
         e8:0d:14:0d:bc:5a:c2:5d:d5:d8:07:3a:d1:48:00:10:12:87:
         82:89:54:da:49:7d:b1:bc:cf:39:09:ff:cf:10:32:0f:b3:db:
         98:31:09:e7:ba:9f:f0:dc:a7:6e:4a:65:66:ac:e0:59:be:09:
         9f:b4:cd:d7:d8:a9:55:19:37:f7:6d:12:79:31:6e:5f:1d:25:
         5d:dd:4f:2c:29:ca:8e:a8:de:26:03:4f:f3:5e:3c:3a:9d:97:
         d8:c6:1a:44:b8:7d:ef:08:a9:46:16:57:46:ad:9b:63:dd:30:
         47:ee:2d:89:a5:28:52:8b:43:33:5c:9a:6c:fa:a7:06:49:ec:
         37:4d:4d:43:0f:bd:e9:50:95:cf:3a:25:f0:5b:da:3b:b9:e8:
         59:2c:e8:f5:4a:af:0a:ce:99:e3:37:55:b2:e9:97:6a:84:b6:
         37:5f:2e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI1pMZ3KAzeGpQsM7TF4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGRlYzIwZGRiNWQ2ZmE2MjcwMzBkNTNkOGViNTlkNzVkZDg3Yjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrQW8EndLffCYBJBlhcU2qOVZaSq
UO+RQgsbTGCp4pOQTFI7Wf82e3naHKqfanSy3IrUTEYlve312Dmjifop+DGoFfW7
ODhm548Vj6lw2AUFvi7FvVMlaNiVhnM4LXFB8Nl+edd2Zd6qW2oBabb2qwvvTKUB
7MMlw619g6IeMNWRUPgLU9M1KvkRceuLTqxH1QOHGhruzXBZshi3DaYxeD5PSNE0
2DCNMyx27UYU6dYnmwhSqzyVdY47HqklMW5ru7Crk+2HBSI6vPYDVBNs8G77x4CF
aKloXLtR7DiCUyHBMlh8oexUQpNyEW6g2WIpyDFXSH1QWk/tqJjAQNlzEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDewg3bXW+mJwMNU9jrWddd2HuIMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvZ043Q0RkdGRiNlluQXcxVDJPdFoxMTNZZTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgHMA0G
CSqGSIb3DQEBCwUAA4IBAQA6nHkifxQlT2ldUdXMe5wffIQshbmo5Ag3XnI7YgC3
X3KSHwvXbo7934zheuBnWt3yoVCIZtgIyiK8LlBEZ/Ub8bjoRc/4OZnGdourV76r
fjw/2RI0wuASq1voDRQNvFrCXdXYBzrRSAAQEoeCiVTaSX2xvM85Cf/PEDIPs9uY
MQnnup/w3KduSmVmrOBZvgmftM3X2KlVGTf3bRJ5MW5fHSVd3U8sKcqOqN4mA0/z
Xjw6nZfYxhpEuH3vCKlGFldGrZtj3TBH7i2JpShSi0MzXJps+qcGSew3TU1DD73p
UJXPOiXwW9o7uehZLOj1Sq8KzpnjN1Wy6ZdqhLY3Xy6G
-----END CERTIFICATE-----