Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/i88DlmMKLpc376zJAgDl4pV4EYI.roa
File:                     i88DlmMKLpc376zJAgDl4pV4EYI.roa (raw, json)
Hash identifier:          JsWaGkx/ckyMOSf7kDRQ7Yir3hTZ767oYcgxGkoCYUY=
Subject key identifier:   8B:CF:03:96:63:0A:2E:97:37:EF:AC:C9:02:00:E5:E2:95:78:11:82
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019915A2F4B6AD019E3E406143D55D51D07C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/i88DlmMKLpc376zJAgDl4pV4EYI.roa
Signing time:             Thu 04 Sep 2025 16:50:24 +0000
ROA not before:           Thu 04 Sep 2025 16:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216022
IP address blocks:        31.56.241.0/24 maxlen: 24
                          31.57.115.0/24 maxlen: 24
                          31.57.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 19:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:a2:f4:b6:ad:01:9e:3e:40:61:43:d5:5d:51:d0:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  4 16:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bcf0396630a2e9737efacc90200e5e295781182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5a:cb:fa:75:45:55:e6:f0:a2:68:67:72:26:
                    b8:25:1c:9e:4b:30:d5:a6:3e:91:7e:2b:b9:23:93:
                    09:5c:23:24:78:fa:f1:12:91:3d:fc:93:f7:7a:22:
                    57:e1:1e:0e:8d:66:13:3d:68:15:1d:01:31:2f:5d:
                    15:ad:5a:8b:bc:43:3a:69:4a:9d:f8:5e:a7:4a:72:
                    98:46:de:59:b7:79:d0:0f:a2:42:9e:22:41:27:16:
                    ff:44:0c:1a:b4:08:74:62:51:5d:95:c5:eb:b0:c7:
                    54:d0:6d:bd:93:b1:7a:79:c4:f2:dc:2b:a9:f2:95:
                    42:5f:21:01:13:04:18:18:d1:18:df:86:26:e0:a9:
                    a4:00:e1:2e:4a:cc:93:12:95:a6:87:8b:1b:9f:45:
                    49:31:57:5f:a2:65:52:52:a8:89:60:e3:ba:dc:c0:
                    0f:45:23:59:e3:ca:d5:85:fc:e1:56:7d:b8:e2:9f:
                    ae:82:1c:c4:55:0a:b4:21:6e:25:60:17:e2:76:90:
                    a6:3d:fb:2d:1b:1d:8c:e7:d4:c3:67:fa:78:94:2d:
                    99:e6:38:0b:08:d3:66:29:16:41:47:ff:a7:cc:85:
                    ec:15:5c:21:35:ec:52:df:17:28:b4:1f:d6:e6:27:
                    12:7e:98:88:e0:bd:13:81:4a:2e:21:c9:c1:10:68:
                    40:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CF:03:96:63:0A:2E:97:37:EF:AC:C9:02:00:E5:E2:95:78:11:82
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/i88DlmMKLpc376zJAgDl4pV4EYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.241.0/24
                  31.57.115.0/24
                  31.57.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:06:98:68:80:43:f3:82:ff:de:1e:ce:da:a5:c6:7a:fc:17:
         24:e5:69:8c:22:6f:e8:5f:93:3c:08:ae:b4:ff:38:fa:f9:28:
         bd:ea:a4:bf:7d:37:69:49:d0:a2:b1:9e:90:bd:7c:84:fc:ba:
         8e:58:27:4c:34:45:e4:1e:16:fd:6d:16:20:5f:a6:2a:65:8c:
         77:81:ae:ae:b7:76:99:ae:c9:81:05:35:45:9f:3c:73:c9:35:
         be:8d:e9:3c:9e:42:a3:70:82:13:9f:1d:84:33:f8:2e:51:86:
         9b:59:24:03:a7:a1:8c:83:82:13:af:2d:67:aa:43:06:cb:ec:
         cd:1b:5d:be:0d:f3:12:52:45:c9:b6:e9:81:ad:35:a1:a9:cf:
         37:08:05:4f:2a:c0:ef:a6:2e:c4:d2:e6:63:52:64:50:24:da:
         13:74:da:90:70:9f:b5:50:5c:dc:4d:d3:07:a7:07:01:05:8f:
         e6:bc:47:c0:7a:1c:e2:4d:dd:4d:cc:90:d4:4f:94:e7:1e:c3:
         42:a2:a7:88:aa:cd:d7:db:22:8e:b8:9a:3e:5b:e5:7d:b9:04:
         ad:cb:ad:02:b9:d1:54:58:9d:72:f0:8a:f4:f6:c7:43:d0:f0:
         34:d0:a3:a2:29:0b:76:45:7d:8f:cc:83:59:72:50:9f:32:3f:
         d1:cd:4e:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkVovS2rQGePkBhQ9VdUdB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTA0MTY1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmNmMDM5NjYzMGEyZTk3MzdlZmFjYzkwMjAwZTVlMjk1NzgxMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1rL+nVFVebwomhncia4JRyeSzDV
pj6Rfiu5I5MJXCMkePrxEpE9/JP3eiJX4R4OjWYTPWgVHQExL10VrVqLvEM6aUqd
+F6nSnKYRt5Zt3nQD6JCniJBJxb/RAwatAh0YlFdlcXrsMdU0G29k7F6ecTy3Cup
8pVCXyEBEwQYGNEY34Ym4KmkAOEuSsyTEpWmh4sbn0VJMVdfomVSUqiJYOO63MAP
RSNZ48rVhfzhVn244p+ughzEVQq0IW4lYBfidpCmPfstGx2M59TDZ/p4lC2Z5jgL
CNNmKRZBR/+nzIXsFVwhNexS3xcotB/W5icSfpiI4L0TgUouIcnBEGhA4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIvPA5ZjCi6XN++syQIA5eKVeBGCMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvaTg4RGxtTUtMcGMzNzZ6SkFnRGw0cFY0RVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHzjxAwQA
HzlzAwQAHzn0MA0GCSqGSIb3DQEBCwUAA4IBAQCmBphogEPzgv/eHs7apcZ6/Bck
5WmMIm/oX5M8CK60/zj6+Si96qS/fTdpSdCisZ6QvXyE/LqOWCdMNEXkHhb9bRYg
X6YqZYx3ga6ut3aZrsmBBTVFnzxzyTW+jek8nkKjcIITnx2EM/guUYabWSQDp6GM
g4ITry1nqkMGy+zNG12+DfMSUkXJtumBrTWhqc83CAVPKsDvpi7E0uZjUmRQJNoT
dNqQcJ+1UFzcTdMHpwcBBY/mvEfAehziTd1NzJDUT5TnHsNCoqeIqs3X2yKOuJo+
W+V9uQSty60CudFUWJ1y8Ir09sdD0PA00KOiKQt2RX2PzINZclCfMj/RzU52
-----END CERTIFICATE-----