Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uvYBlHGnbhlzCTdfDEmKRx7TtDs.roa
File:                     uvYBlHGnbhlzCTdfDEmKRx7TtDs.roa (raw, json)
Hash identifier:          KfLIFEgtpFNpZ01L54nMoVcmpyu7wA5VkvaRDyyArYM=
Subject key identifier:   BA:F6:01:94:71:A7:6E:19:73:09:37:5F:0C:49:8A:47:1E:D3:B4:3B
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199420CC1C9D6CD1FDD981FED668AF891A9
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uvYBlHGnbhlzCTdfDEmKRx7TtDs.roa
Signing time:             Sat 13 Sep 2025 07:49:16 +0000
ROA not before:           Sat 13 Sep 2025 07:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21928
IP address blocks:        31.57.212.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:42:0c:c1:c9:d6:cd:1f:dd:98:1f:ed:66:8a:f8:91:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 13 07:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baf6019471a76e197309375f0c498a471ed3b43b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f8:e1:c8:6e:6e:38:4d:9b:8f:0f:b4:14:20:
                    58:dd:87:4d:55:fa:29:c3:4e:72:7c:51:da:fc:e3:
                    99:49:13:b0:1b:78:d1:a3:83:14:38:1b:e0:4c:6d:
                    4d:be:ef:98:c4:76:2f:ae:8e:aa:f5:d9:33:69:c0:
                    e5:dc:6f:0f:1c:ed:de:a7:40:f5:a7:90:86:90:17:
                    8e:2e:a8:b3:af:24:e9:cc:7a:02:26:6d:90:2b:cf:
                    85:ca:c2:ce:10:5e:0a:8d:5e:d4:f7:4f:37:6a:1a:
                    11:90:02:d7:45:b1:d5:05:4c:cc:bc:7c:79:68:f5:
                    66:99:b9:20:83:fc:ee:46:8b:8c:7e:1f:c7:ad:f6:
                    a8:71:6c:b9:83:52:de:93:61:5a:e6:89:ec:8b:3f:
                    9c:4e:4a:df:f9:7e:7b:19:70:be:19:61:5d:7c:41:
                    7f:69:b0:e7:3e:26:41:b5:82:b2:56:49:45:94:1b:
                    5c:3c:48:a2:65:b4:27:33:f2:f3:e6:d3:72:ed:cd:
                    1b:0f:0d:d8:52:16:ad:67:08:11:7d:e7:a7:94:0e:
                    d9:02:59:5b:bd:f1:a8:ed:80:66:df:a5:ab:76:d0:
                    ef:06:63:d8:4e:77:ba:f5:f5:1f:e0:93:56:2d:42:
                    bc:07:f8:20:5c:54:c8:f9:1f:2a:b8:c9:11:fd:7a:
                    33:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F6:01:94:71:A7:6E:19:73:09:37:5F:0C:49:8A:47:1E:D3:B4:3B
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/uvYBlHGnbhlzCTdfDEmKRx7TtDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:e4:81:35:c5:fc:d6:c5:91:d3:9e:e0:13:b7:8c:71:ca:ee:
         48:17:66:7d:67:45:8b:28:8f:98:be:f9:f2:15:93:f6:9c:e5:
         fe:19:75:ab:c9:7c:bf:9b:17:a5:b5:4b:40:9b:a5:01:47:6c:
         b4:a5:33:0a:99:e3:67:24:ee:67:9d:7e:a8:9b:fd:38:c0:5b:
         6a:b1:43:df:61:38:44:a6:5b:25:7a:ad:93:c5:a7:93:63:17:
         3a:51:0a:af:64:49:84:55:b4:46:7a:75:f2:4f:df:3c:a4:4f:
         83:f4:91:69:ad:87:7c:86:2f:54:29:94:7e:46:b0:e6:c7:b8:
         5f:8b:b1:75:e9:f5:d6:dd:e8:7c:ee:3c:4a:13:64:72:5d:6b:
         85:bd:7c:11:df:f6:2c:de:2d:ea:5b:c4:7e:b0:a6:0a:0d:c8:
         c3:ad:1e:9c:ff:58:ad:e0:60:a8:10:f1:81:16:d7:9c:64:ee:
         7f:84:be:bb:9e:36:fb:9a:74:13:c0:fa:62:27:67:38:63:a8:
         44:0a:66:22:3a:b6:62:97:41:7d:2e:29:27:1f:c2:bf:38:e6:
         d0:12:19:d7:8e:07:b9:ea:4c:52:e9:f0:2e:fe:ff:ce:60:33:
         e1:a6:72:1e:f4:35:bf:13:ec:83:8e:3b:ae:d9:63:2c:4d:b1:
         a0:cd:76:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlCDMHJ1s0f3Zgf7WaK+JGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTEzMDc0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWY2MDE5NDcxYTc2ZTE5NzMwOTM3NWYwYzQ5OGE0NzFlZDNiNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPjhyG5uOE2bjw+0FCBY3YdNVfop
w05yfFHa/OOZSROwG3jRo4MUOBvgTG1Nvu+YxHYvro6q9dkzacDl3G8PHO3ep0D1
p5CGkBeOLqizryTpzHoCJm2QK8+FysLOEF4KjV7U9083ahoRkALXRbHVBUzMvHx5
aPVmmbkgg/zuRouMfh/HrfaocWy5g1Lek2Fa5onsiz+cTkrf+X57GXC+GWFdfEF/
abDnPiZBtYKyVklFlBtcPEiiZbQnM/Lz5tNy7c0bDw3YUhatZwgRfeenlA7ZAllb
vfGo7YBm36WrdtDvBmPYTne69fUf4JNWLUK8B/ggXFTI+R8quMkR/XozuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLr2AZRxp24Zcwk3XwxJikce07Q7MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdXZZQmxIR25iaGx6Q1RkZkRFbUtSeDdUdERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHznUMA0G
CSqGSIb3DQEBCwUAA4IBAQCa5IE1xfzWxZHTnuATt4xxyu5IF2Z9Z0WLKI+Yvvny
FZP2nOX+GXWryXy/mxeltUtAm6UBR2y0pTMKmeNnJO5nnX6om/04wFtqsUPfYThE
plsleq2TxaeTYxc6UQqvZEmEVbRGenXyT988pE+D9JFprYd8hi9UKZR+RrDmx7hf
i7F16fXW3eh87jxKE2RyXWuFvXwR3/Ys3i3qW8R+sKYKDcjDrR6c/1it4GCoEPGB
FtecZO5/hL67njb7mnQTwPpiJ2c4Y6hECmYiOrZil0F9LiknH8K/OObQEhnXjge5
6kxS6fAu/v/OYDPhpnIe9DW/E+yDjjuu2WMsTbGgzXbG
-----END CERTIFICATE-----