Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jHDXbjykiArwgTyp1qv-0Ksr2g4.roa
File:                     jHDXbjykiArwgTyp1qv-0Ksr2g4.roa (raw, json)
Hash identifier:          f7evemtn4p/HfvfiDZ3aCTAgRSavnyAJO5iRtbwtvdo=
Subject key identifier:   8C:70:D7:6E:3C:A4:88:0A:F0:81:3C:A9:D6:AB:FE:D0:AB:2B:DA:0E
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823892310759C50371A45FFA9BCE863
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jHDXbjykiArwgTyp1qv-0Ksr2g4.roa
Signing time:             Thu 02 Jan 2025 17:50:05 +0000
ROA not before:           Thu 02 Jan 2025 17:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400529
IP address blocks:        31.59.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:89:23:10:75:9c:50:37:1a:45:ff:a9:bc:e8:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c70d76e3ca4880af0813ca9d6abfed0ab2bda0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:94:48:bf:b7:1d:87:a9:c8:97:79:d3:d0:1c:
                    d7:de:57:2e:48:f2:02:7c:5b:dc:7d:ee:ef:12:40:
                    23:33:17:46:7d:94:9e:5e:bc:34:19:25:3f:78:78:
                    3d:c9:d5:6a:6f:48:0d:f8:04:f4:ba:0d:82:be:59:
                    43:dc:66:44:29:1e:dd:e0:85:9f:c9:a5:c9:c7:48:
                    80:8f:7a:4b:15:76:57:6b:f1:6a:02:28:86:6d:9c:
                    dc:df:cc:57:43:29:a1:8c:2b:3a:11:e5:af:d1:f0:
                    63:7c:a8:24:92:ce:12:f4:a7:7e:4e:65:8c:4f:59:
                    52:1e:02:d0:3e:36:5b:2d:06:1f:56:0d:cd:00:87:
                    6d:16:2a:b8:28:9d:9d:72:6b:26:66:2d:31:0b:a4:
                    2a:8e:9c:da:1a:18:0d:8a:bd:f0:7b:1c:da:93:b3:
                    aa:52:47:c3:f8:86:a1:d1:94:2d:10:dd:0b:3e:11:
                    85:ae:25:2b:cd:ba:50:6b:4e:c5:b2:0c:1c:a5:a4:
                    2d:69:72:f8:14:53:3a:c3:af:70:7b:a5:7f:68:99:
                    b6:c2:e8:5b:c5:36:ea:e0:b2:f9:d0:32:c1:f3:48:
                    05:6e:59:b1:0f:3e:17:0c:c4:11:b0:8b:c4:ee:b7:
                    97:c0:4d:9b:d7:f7:c3:9f:5b:59:10:64:0f:8d:89:
                    86:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:70:D7:6E:3C:A4:88:0A:F0:81:3C:A9:D6:AB:FE:D0:AB:2B:DA:0E
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/jHDXbjykiArwgTyp1qv-0Ksr2g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.59.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:de:ac:f0:8f:75:de:be:b5:ab:fd:d2:6b:72:de:75:bf:9a:
         46:cd:50:1e:21:39:e5:9f:08:c5:a8:c5:9c:98:84:5d:4c:a4:
         53:36:10:cf:18:8f:4d:a3:9e:a1:4a:9e:38:12:2a:ff:99:77:
         b9:b8:6e:4f:98:14:13:6d:61:d2:cd:d7:22:21:ad:ce:fe:9b:
         cb:b5:1b:60:af:d2:cd:dd:5a:ec:d5:ff:6c:7d:28:bc:c9:11:
         ee:e5:b5:7a:50:2a:73:a3:43:5a:10:99:a0:19:18:71:e7:83:
         b8:4b:78:4a:53:22:45:3c:67:f3:b0:67:00:cb:b0:7a:18:2a:
         9f:52:b6:99:10:1f:39:a1:78:16:9f:a9:46:aa:40:38:f1:fb:
         02:bf:28:fa:1f:99:55:74:f1:b6:a5:e9:4e:7f:58:62:ae:a6:
         0c:df:8e:4a:23:cf:58:86:f4:6a:32:0c:7a:66:46:ec:96:17:
         1e:c7:9e:89:55:01:fd:6b:f1:ae:79:ed:9d:f2:ca:2e:4e:86:
         3a:da:3b:1e:8e:d2:ed:fc:0b:05:61:f6:61:97:7d:fe:d1:31:
         08:54:5d:1d:51:00:20:bf:dc:32:61:39:b6:41:1d:71:13:98:
         0e:b4:48:09:f0:fd:4b:29:c2:d8:1b:04:dd:85:55:f7:09:e1:
         7e:00:79:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4kjEHWcUDcaRf+pvOhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzcwZDc2ZTNjYTQ4ODBhZjA4MTNjYTlkNmFiZmVkMGFiMmJkYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZRIv7cdh6nIl3nT0BzX3lcuSPIC
fFvcfe7vEkAjMxdGfZSeXrw0GSU/eHg9ydVqb0gN+AT0ug2CvllD3GZEKR7d4IWf
yaXJx0iAj3pLFXZXa/FqAiiGbZzc38xXQymhjCs6EeWv0fBjfKgkks4S9Kd+TmWM
T1lSHgLQPjZbLQYfVg3NAIdtFiq4KJ2dcmsmZi0xC6QqjpzaGhgNir3wexzak7Oq
UkfD+Iah0ZQtEN0LPhGFriUrzbpQa07FsgwcpaQtaXL4FFM6w69we6V/aJm2wuhb
xTbq4LL50DLB80gFblmxDz4XDMQRsIvE7reXwE2b1/fDn1tZEGQPjYmGwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxw1248pIgK8IE8qdar/tCrK9oOMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvakhEWGJqeWtpQXJ3Z1R5cDFxdi0wS3NyMmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzs7MA0G
CSqGSIb3DQEBCwUAA4IBAQBn3qzwj3XevrWr/dJrct51v5pGzVAeITnlnwjFqMWc
mIRdTKRTNhDPGI9No56hSp44Eir/mXe5uG5PmBQTbWHSzdciIa3O/pvLtRtgr9LN
3Vrs1f9sfSi8yRHu5bV6UCpzo0NaEJmgGRhx54O4S3hKUyJFPGfzsGcAy7B6GCqf
UraZEB85oXgWn6lGqkA48fsCvyj6H5lVdPG2pelOf1hirqYM345KI89YhvRqMgx6
Zkbslhcex56JVQH9a/Guee2d8souToY62jsejtLt/AsFYfZhl33+0TEIVF0dUQAg
v9wyYTm2QR1xE5gOtEgJ8P1LKcLYGwTdhVX3CeF+AHkB
-----END CERTIFICATE-----