Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vYmm1UmbObg_-z6DAJc8a-toe_w.roa
File:                     vYmm1UmbObg_-z6DAJc8a-toe_w.roa (raw, json)
Hash identifier:          L8g5LnxOTJhsqHB6AJRAIe9HjMLL/sDChmDxbUB0m8Y=
Subject key identifier:   BD:89:A6:D5:49:9B:39:B8:3F:FB:3E:83:00:97:3C:6B:EB:68:7B:FC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0199332A9C398084FCE8C7754D8AACC9D268
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vYmm1UmbObg_-z6DAJc8a-toe_w.roa
Signing time:             Wed 10 Sep 2025 10:27:34 +0000
ROA not before:           Wed 10 Sep 2025 10:27:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216221
IP address blocks:        31.57.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:2a:9c:39:80:84:fc:e8:c7:75:4d:8a:ac:c9:d2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep 10 10:27:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd89a6d5499b39b83ffb3e8300973c6beb687bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a6:8e:36:3e:e1:8e:d3:d6:a7:96:c7:b2:d2:
                    ce:b0:2b:c6:ff:55:27:9c:c5:d2:24:01:20:bd:02:
                    ca:f3:1a:d1:90:8d:bb:49:84:1f:23:9f:ab:7f:d8:
                    e5:c6:2e:10:2a:30:1a:6d:0d:56:08:64:e8:eb:76:
                    eb:1d:df:bf:8c:e7:98:49:94:58:9a:bf:cd:f4:05:
                    b2:09:f4:7c:4b:c9:d9:bb:eb:ed:ad:38:fa:68:e3:
                    ce:81:d1:bb:3d:66:43:26:ea:eb:12:09:03:4c:8c:
                    a0:3f:30:03:3a:8b:cd:fe:50:4a:43:ca:80:a6:52:
                    8b:35:e9:f7:c9:f0:65:30:c9:1a:b2:90:dd:d6:98:
                    ff:63:dc:93:f3:a1:32:1f:d1:6e:52:df:11:75:90:
                    3a:a8:4e:92:57:aa:91:78:4b:ab:c1:de:95:47:c6:
                    a1:ad:2f:80:16:d3:5e:6a:d1:6b:83:92:2b:79:e0:
                    6a:b2:81:db:42:69:19:14:b7:21:0c:3e:09:8d:30:
                    41:19:8f:3e:2c:9b:08:91:6c:ef:71:09:8f:bf:85:
                    07:83:1a:1f:bc:2a:7b:33:df:83:4e:f2:c2:9c:b3:
                    f9:94:26:2e:cd:96:b1:23:a7:52:f9:11:3c:e8:3b:
                    8f:32:bf:d2:93:b6:41:43:b8:fd:03:20:27:7b:8b:
                    22:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:89:A6:D5:49:9B:39:B8:3F:FB:3E:83:00:97:3C:6B:EB:68:7B:FC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/vYmm1UmbObg_-z6DAJc8a-toe_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:e4:4e:4e:b0:73:4c:e2:f2:a6:d9:9a:38:2e:50:54:ea:73:
         4f:c0:d5:39:11:a0:31:82:08:53:52:97:8f:00:ad:4e:e5:65:
         7e:83:9a:57:47:6f:7a:c4:1e:d4:a8:08:7a:59:8e:64:99:0d:
         f7:f5:30:76:bf:30:5b:8c:12:cb:19:7b:44:ad:4b:1e:74:a1:
         4e:c9:5a:55:fa:ec:7f:6a:ff:a2:b7:b0:27:bb:d7:14:36:e0:
         59:86:b0:b6:f3:9f:8f:9c:9d:84:4d:f2:0c:ee:dd:48:54:78:
         90:7e:39:3c:57:90:1a:39:76:16:e6:6c:8f:ff:3f:9e:7f:99:
         67:d2:df:fb:7b:1a:7f:61:ff:78:9e:a5:cb:af:8a:51:80:f9:
         f1:2c:10:11:ae:72:55:95:b1:7d:6f:c5:4b:18:ff:4d:e2:7a:
         33:d0:9f:bc:3a:48:b5:93:fd:65:4d:eb:2a:aa:ff:3b:84:d8:
         04:d3:13:78:97:e0:b9:3f:47:18:59:8b:63:2e:c4:88:86:47:
         e8:d4:9f:5b:51:7b:b8:0e:a7:ed:94:85:82:3d:94:2c:99:94:
         31:e4:e7:41:b3:a0:d5:5c:29:e6:c0:dd:34:4c:9a:e0:6d:c2:
         9a:46:eb:25:64:72:0b:4e:aa:10:46:26:e2:d0:eb:ed:f8:99:
         47:c0:50:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkzKpw5gIT86Md1TYqsydJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwOTEwMTAyNzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg5YTZkNTQ5OWIzOWI4M2ZmYjNlODMwMDk3M2M2YmViNjg3YmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaaONj7hjtPWp5bHstLOsCvG/1Un
nMXSJAEgvQLK8xrRkI27SYQfI5+rf9jlxi4QKjAabQ1WCGTo63brHd+/jOeYSZRY
mr/N9AWyCfR8S8nZu+vtrTj6aOPOgdG7PWZDJurrEgkDTIygPzADOovN/lBKQ8qA
plKLNen3yfBlMMkaspDd1pj/Y9yT86EyH9FuUt8RdZA6qE6SV6qReEurwd6VR8ah
rS+AFtNeatFrg5IreeBqsoHbQmkZFLchDD4JjTBBGY8+LJsIkWzvcQmPv4UHgxof
vCp7M9+DTvLCnLP5lCYuzZaxI6dS+RE86DuPMr/Sk7ZBQ7j9AyAne4siEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2JptVJmzm4P/s+gwCXPGvraHv8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvdlltbTFVbWJPYmdfLXo2REFKYzhhLXRvZV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzlwMA0G
CSqGSIb3DQEBCwUAA4IBAQCz5E5OsHNM4vKm2Zo4LlBU6nNPwNU5EaAxgghTUpeP
AK1O5WV+g5pXR296xB7UqAh6WY5kmQ339TB2vzBbjBLLGXtErUsedKFOyVpV+ux/
av+it7Anu9cUNuBZhrC285+PnJ2ETfIM7t1IVHiQfjk8V5AaOXYW5myP/z+ef5ln
0t/7exp/Yf94nqXLr4pRgPnxLBARrnJVlbF9b8VLGP9N4noz0J+8Oki1k/1lTesq
qv87hNgE0xN4l+C5P0cYWYtjLsSIhkfo1J9bUXu4DqftlIWCPZQsmZQx5OdBs6DV
XCnmwN00TJrgbcKaRuslZHILTqoQRibi0Ovt+JlHwFBk
-----END CERTIFICATE-----