Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/scTc1qfZ7q1U5Iy5sES_6kV2kik.roa
File:                     scTc1qfZ7q1U5Iy5sES_6kV2kik.roa (raw, json)
Hash identifier:          z6dVM4SOC7v7hItQPRdq7rit417ZBxu36ak01mCBkuM=
Subject key identifier:   B1:C4:DC:D6:A7:D9:EE:AD:54:E4:8C:B9:B0:44:BF:EA:45:76:92:29
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019428235B49F8781FC9EBFE76BCBA17B50C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/scTc1qfZ7q1U5Iy5sES_6kV2kik.roa
Signing time:             Thu 02 Jan 2025 17:49:53 +0000
ROA not before:           Thu 02 Jan 2025 17:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198020
IP address blocks:        31.56.108.0/24 maxlen: 24
                          31.56.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:5b:49:f8:78:1f:c9:eb:fe:76:bc:ba:17:b5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1c4dcd6a7d9eead54e48cb9b044bfea45769229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:92:c7:4f:c8:73:cd:29:d7:61:ed:b7:f5:53:
                    7d:bc:99:1d:d7:f2:80:dd:2a:96:32:6d:1c:d5:70:
                    fc:3d:dd:3a:95:56:8e:2c:78:56:9d:06:08:7f:97:
                    88:fb:53:2e:10:5f:a4:2a:c3:df:ec:3a:0f:4a:17:
                    2e:bb:98:3f:5a:90:ea:27:94:7c:15:a2:93:26:d4:
                    14:02:4d:28:7e:2a:2d:63:3d:73:e6:18:ca:e1:56:
                    b8:0c:85:6f:a5:46:e1:da:cb:53:e8:34:e5:1f:cc:
                    e0:06:10:93:76:95:5f:cb:29:e4:e7:86:81:ea:93:
                    e2:37:36:30:9f:69:1a:92:57:f4:77:49:79:98:d2:
                    92:70:9b:43:40:c8:4c:9f:f2:16:cd:ed:30:7f:84:
                    cb:16:a3:0b:b8:0e:9d:3a:6d:b8:d6:a8:91:71:f4:
                    b0:ff:07:dd:a9:f9:01:8c:94:2c:a3:e7:1f:bd:d6:
                    f9:c2:42:20:50:3d:fd:41:37:d9:1f:f8:f5:78:21:
                    89:3b:5b:7e:33:79:13:93:7a:38:00:ac:28:c3:07:
                    dd:8c:fd:80:3f:83:ed:9f:b1:b2:b1:23:02:87:54:
                    84:5b:64:ff:1e:23:d0:1f:fb:78:e8:d2:70:f0:46:
                    06:7d:e8:01:08:62:da:86:79:f1:fd:f0:51:49:dc:
                    ee:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C4:DC:D6:A7:D9:EE:AD:54:E4:8C:B9:B0:44:BF:EA:45:76:92:29
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/scTc1qfZ7q1U5Iy5sES_6kV2kik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:9b:09:b3:74:23:7c:32:de:3e:f7:57:bd:2a:2f:da:77:4a:
         39:3e:39:06:eb:33:48:d3:95:be:c8:e4:a2:91:99:de:30:2b:
         47:e5:46:24:d0:c9:8b:30:3c:b3:12:31:19:d0:aa:f4:d5:7a:
         b9:2e:a3:94:15:2b:1e:72:96:8e:00:d5:e1:5a:8b:8f:7f:c3:
         4d:4e:55:6a:26:6e:54:3a:dd:27:16:3e:3a:d0:f3:74:f9:16:
         77:44:fe:e3:49:1d:ee:11:5e:a3:05:41:1e:99:58:de:23:2f:
         dc:d4:66:1f:13:b6:b0:01:e3:c4:80:ac:58:a1:da:09:a2:a6:
         15:10:35:7f:32:85:0c:a5:af:a5:28:49:77:3c:06:ba:06:cc:
         54:56:be:a1:14:16:87:7a:4f:06:56:b1:37:9a:db:89:08:28:
         01:4b:d1:f8:f8:2b:3b:4f:e3:a2:65:a6:db:e5:66:56:d3:46:
         c7:68:aa:d9:90:5f:d9:94:27:78:9c:37:40:eb:94:51:cd:3f:
         57:ec:a4:52:1c:47:73:69:c7:3e:8b:1c:0e:e4:2b:0a:34:01:
         79:be:d7:0f:37:ff:ad:88:58:d4:ce:fc:b9:67:1e:73:5c:4e:
         27:a9:ce:b8:18:ad:f2:6a:27:2c:7c:22:1c:d0:3a:cc:8b:ab:
         98:d4:1c:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI1tJ+Hgfyev+dry6F7UMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM0ZGNkNmE3ZDllZWFkNTRlNDhjYjliMDQ0YmZlYTQ1NzY5MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZLHT8hzzSnXYe239VN9vJkd1/KA
3SqWMm0c1XD8Pd06lVaOLHhWnQYIf5eI+1MuEF+kKsPf7DoPShcuu5g/WpDqJ5R8
FaKTJtQUAk0ofiotYz1z5hjK4Va4DIVvpUbh2stT6DTlH8zgBhCTdpVfyynk54aB
6pPiNzYwn2kaklf0d0l5mNKScJtDQMhMn/IWze0wf4TLFqMLuA6dOm241qiRcfSw
/wfdqfkBjJQso+cfvdb5wkIgUD39QTfZH/j1eCGJO1t+M3kTk3o4AKwowwfdjP2A
P4Ptn7GysSMCh1SEW2T/HiPQH/t46NJw8EYGfegBCGLahnnx/fBRSdzutQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHE3Nan2e6tVOSMubBEv+pFdpIpMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvc2NUYzFxZlo3cTFVNUl5NXNFU182a1Yya2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzhsMA0G
CSqGSIb3DQEBCwUAA4IBAQABmwmzdCN8Mt4+91e9Ki/ad0o5PjkG6zNI05W+yOSi
kZneMCtH5UYk0MmLMDyzEjEZ0Kr01Xq5LqOUFSsecpaOANXhWouPf8NNTlVqJm5U
Ot0nFj460PN0+RZ3RP7jSR3uEV6jBUEemVjeIy/c1GYfE7awAePEgKxYodoJoqYV
EDV/MoUMpa+lKEl3PAa6BsxUVr6hFBaHek8GVrE3mtuJCCgBS9H4+Cs7T+OiZabb
5WZW00bHaKrZkF/ZlCd4nDdA65RRzT9X7KRSHEdzacc+ixwO5CsKNAF5vtcPN/+t
iFjUzvy5Zx5zXE4nqc64GK3yaicsfCIc0DrMi6uY1Bx+
-----END CERTIFICATE-----