Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pbmUWgi4T_E0tlQcJltnh0uC4Vo.roa
File:                     pbmUWgi4T_E0tlQcJltnh0uC4Vo.roa (raw, json)
Hash identifier:          +eBTDTP2FbprTLJjFgmtXlzKNvh5kAT/pkdaJfAjMgo=
Subject key identifier:   A5:B9:94:5A:08:B8:4F:F1:34:B6:54:1C:26:5B:67:87:4B:82:E1:5A
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01921A1FDDFD1B24FDB27DC4C41E342294A5
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pbmUWgi4T_E0tlQcJltnh0uC4Vo.roa
Signing time:             Sun 22 Sep 2024 14:25:48 +0000
ROA not before:           Sun 22 Sep 2024 14:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151349
IP address blocks:        31.56.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1a:1f:dd:fd:1b:24:fd:b2:7d:c4:c4:1e:34:22:94:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 22 14:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5b9945a08b84ff134b6541c265b67874b82e15a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:40:20:fc:ea:74:7b:c1:b8:7a:82:79:b0:6f:
                    7e:d3:9c:fb:1f:2a:2d:d6:f7:b8:e4:39:79:54:ac:
                    b4:a7:30:2b:e5:85:17:4f:f7:fe:99:0e:03:16:d5:
                    83:d1:e2:e8:17:0e:33:52:34:19:81:17:77:da:89:
                    d1:bc:d5:57:5b:e9:df:23:59:36:05:3e:40:78:25:
                    7d:c4:33:e3:c8:70:69:ca:f1:2f:9b:40:18:7b:62:
                    7c:4e:57:a1:2a:2f:89:12:83:c4:5f:d5:14:d1:50:
                    a5:db:df:03:69:b6:b3:0c:ea:0c:b4:af:aa:56:1f:
                    e2:82:05:1f:88:c0:5a:23:98:b9:fa:4e:07:55:11:
                    7a:3f:79:9c:56:5a:62:40:3a:7c:e8:c8:6b:f9:8c:
                    2c:46:61:9b:8a:91:0c:80:7f:14:17:50:9d:ae:45:
                    ab:d8:bf:fd:de:b8:76:e5:50:69:4c:ad:b6:a7:ec:
                    2e:95:d8:d7:d9:bd:91:44:37:91:67:bf:65:57:81:
                    9c:9e:7d:f8:42:f8:a3:ca:96:b7:e4:da:3b:68:c2:
                    54:a2:8c:0b:7f:6f:be:71:06:b6:80:9a:8a:70:be:
                    9b:a6:ff:90:7c:b5:ee:62:6b:b7:ea:80:98:da:b0:
                    70:9b:95:82:60:26:5a:f9:e3:b4:fb:19:a9:45:54:
                    98:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B9:94:5A:08:B8:4F:F1:34:B6:54:1C:26:5B:67:87:4B:82:E1:5A
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pbmUWgi4T_E0tlQcJltnh0uC4Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:59:06:80:01:0c:7b:c3:29:82:f2:f6:ae:c8:91:94:bb:a3:
         81:46:5c:41:a6:4d:64:08:96:90:7e:86:25:8f:53:64:26:80:
         b1:a7:62:6a:b9:eb:c3:b3:4e:22:97:24:be:ac:85:0d:d9:6f:
         eb:07:80:52:b3:09:93:b2:28:f0:e0:4c:fa:fa:82:5f:b9:00:
         ee:db:87:e8:fe:da:72:5f:15:ca:40:03:21:92:65:0a:41:71:
         d0:53:94:ea:46:70:aa:33:ec:9b:50:92:d5:28:96:e9:3a:21:
         e6:2d:d3:85:33:29:c8:45:15:2e:f2:ca:c6:d4:10:21:3c:73:
         67:61:d8:76:95:ac:ef:8b:e8:65:fa:b7:a0:90:40:f8:c4:01:
         28:16:b2:e0:dc:18:73:20:ca:8d:56:0c:f2:59:ae:f7:10:e1:
         91:33:d1:47:37:48:86:28:de:02:f7:fe:5b:0c:28:d4:53:80:
         09:8b:8d:e0:98:87:47:af:5f:cb:ce:c1:c7:78:44:8e:20:61:
         d8:e4:33:4a:60:5c:93:53:ab:af:8b:ac:9d:2d:6a:65:6c:a8:
         6a:0b:c6:a8:2a:70:ca:5c:5e:fa:73:9e:53:d8:2b:d6:c3:0b:
         d9:c7:14:8e:b0:46:ef:eb:03:71:cb:7d:26:e7:49:7d:87:09:
         33:5b:3e:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIaH939GyT9sn3ExB40IpSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTIyMTQyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI5OTQ1YTA4Yjg0ZmYxMzRiNjU0MWMyNjViNjc4NzRiODJlMTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEAg/Op0e8G4eoJ5sG9+05z7Hyot
1ve45Dl5VKy0pzAr5YUXT/f+mQ4DFtWD0eLoFw4zUjQZgRd32onRvNVXW+nfI1k2
BT5AeCV9xDPjyHBpyvEvm0AYe2J8TlehKi+JEoPEX9UU0VCl298DabazDOoMtK+q
Vh/iggUfiMBaI5i5+k4HVRF6P3mcVlpiQDp86Mhr+YwsRmGbipEMgH8UF1CdrkWr
2L/93rh25VBpTK22p+wuldjX2b2RRDeRZ79lV4Gcnn34Qvijypa35No7aMJUoowL
f2++cQa2gJqKcL6bpv+QfLXuYmu36oCY2rBwm5WCYCZa+eO0+xmpRVSYYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW5lFoIuE/xNLZUHCZbZ4dLguFaMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcGJtVVdnaTRUX0UwdGxRY0psdG5oMHVDNFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzgxMA0G
CSqGSIb3DQEBCwUAA4IBAQCgWQaAAQx7wymC8vauyJGUu6OBRlxBpk1kCJaQfoYl
j1NkJoCxp2JquevDs04ilyS+rIUN2W/rB4BSswmTsijw4Ez6+oJfuQDu24fo/tpy
XxXKQAMhkmUKQXHQU5TqRnCqM+ybUJLVKJbpOiHmLdOFMynIRRUu8srG1BAhPHNn
Ydh2lazvi+hl+regkED4xAEoFrLg3BhzIMqNVgzyWa73EOGRM9FHN0iGKN4C9/5b
DCjUU4AJi43gmIdHr1/LzsHHeESOIGHY5DNKYFyTU6uvi6ydLWplbKhqC8aoKnDK
XF76c55T2CvWwwvZxxSOsEbv6wNxy30m50l9hwkzWz6D
-----END CERTIFICATE-----