Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xyhLng84X-zYvP0uywrG9B0W13I.roa
File:                     xyhLng84X-zYvP0uywrG9B0W13I.roa (raw, json)
Hash identifier:          XYK5u+O9dwMu61euEYRR9Jy5RqFm1qbkvB6EcQcXv3k=
Subject key identifier:   C7:28:4B:9E:0F:38:5F:EC:D8:BC:FD:2E:CB:0A:C6:F4:1D:16:D7:72
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0191D17EF002D18DDB80E40111ADBCC9806C
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xyhLng84X-zYvP0uywrG9B0W13I.roa
Signing time:             Sun 08 Sep 2024 11:57:22 +0000
ROA not before:           Sun 08 Sep 2024 11:57:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214879
IP address blocks:        31.57.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d1:7e:f0:02:d1:8d:db:80:e4:01:11:ad:bc:c9:80:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Sep  8 11:57:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7284b9e0f385fecd8bcfd2ecb0ac6f41d16d772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:43:91:25:37:c0:41:87:e1:24:0d:2d:f9:e8:
                    19:c2:23:76:e9:b3:ea:04:0d:e5:89:c6:9a:17:c1:
                    53:03:56:c4:c7:08:6f:b2:f6:e1:0b:6f:05:60:49:
                    89:67:5d:01:f7:8d:4c:17:ff:63:e4:2c:09:3d:4f:
                    15:1c:c3:5a:59:49:38:e8:a3:2a:90:d1:8b:7e:94:
                    65:1f:59:47:c7:a2:b4:91:61:55:6f:45:90:c4:1b:
                    88:12:0e:46:56:a5:51:9a:02:77:7b:c6:69:1e:66:
                    fb:a9:77:a3:ea:0e:af:74:a8:39:f3:1c:69:1d:33:
                    56:40:14:bf:b5:44:d0:bd:c8:e9:60:82:fc:e2:6a:
                    5c:39:63:90:e1:ab:c2:ba:69:98:c7:7a:f7:01:2c:
                    c8:a3:9c:69:1b:ad:2f:19:4a:4e:7b:5a:95:21:74:
                    55:c5:72:1f:92:41:b3:69:17:3f:f7:8f:4c:33:09:
                    db:7c:f8:a6:a7:73:02:64:60:1b:49:5a:cb:0b:31:
                    e8:e2:2d:4f:09:1e:6a:c5:87:23:7b:22:44:59:a5:
                    11:67:f1:da:21:77:e8:ff:a0:a7:3e:da:95:59:c1:
                    90:56:a5:1d:6b:38:38:bf:01:9c:8e:86:c0:fe:10:
                    7c:f6:6e:4e:d0:47:18:75:fb:59:ef:cc:ba:cf:03:
                    63:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:28:4B:9E:0F:38:5F:EC:D8:BC:FD:2E:CB:0A:C6:F4:1D:16:D7:72
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/xyhLng84X-zYvP0uywrG9B0W13I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.57.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:ca:93:03:9c:b5:6a:58:dc:9a:d2:db:d6:0f:00:8d:f0:1a:
         94:66:75:73:5a:cd:f6:c1:d5:05:19:13:ea:16:d9:52:09:aa:
         3e:3a:38:9a:24:76:db:16:5f:67:61:22:30:a0:c2:ef:50:56:
         f8:73:7d:85:a2:41:15:e7:89:52:94:7b:76:66:bb:8e:45:10:
         45:93:e3:af:14:a0:a1:ce:df:d1:6e:e5:5a:24:c9:34:ea:fe:
         f7:00:5e:ef:27:7d:1f:0d:83:72:01:3d:fd:c3:3e:dd:5a:bd:
         d5:6d:b1:35:d9:a9:34:e3:cd:c2:77:1c:91:05:7f:45:cb:a9:
         6e:06:59:5a:9e:9f:ce:f9:51:a5:9a:8d:cd:9e:60:27:3d:ce:
         ae:54:e0:5f:4f:0d:d3:ec:fc:24:52:ce:08:05:74:1a:a4:46:
         4d:6b:21:2e:71:82:26:da:ec:fe:c5:41:08:c5:03:a3:9c:f1:
         2a:b1:c1:ab:ca:ce:f5:32:fb:a2:36:6b:2f:a8:80:62:0f:dc:
         f6:84:b5:ef:e4:b6:82:1c:4b:df:3e:73:82:50:bf:94:72:78:
         85:e7:a5:ba:bb:0c:83:73:88:13:50:e9:21:0c:72:1e:34:07:
         31:92:39:49:65:98:ff:8a:6d:1a:2b:f9:fe:9f:28:e1:c3:53:
         c3:76:e9:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHRfvAC0Y3bgOQBEa28yYBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwOTA4MTE1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI4NGI5ZTBmMzg1ZmVjZDhiY2ZkMmVjYjBhYzZmNDFkMTZkNzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kORJTfAQYfhJA0t+egZwiN26bPq
BA3licaaF8FTA1bExwhvsvbhC28FYEmJZ10B941MF/9j5CwJPU8VHMNaWUk46KMq
kNGLfpRlH1lHx6K0kWFVb0WQxBuIEg5GVqVRmgJ3e8ZpHmb7qXej6g6vdKg58xxp
HTNWQBS/tUTQvcjpYIL84mpcOWOQ4avCummYx3r3ASzIo5xpG60vGUpOe1qVIXRV
xXIfkkGzaRc/949MMwnbfPimp3MCZGAbSVrLCzHo4i1PCR5qxYcjeyJEWaURZ/Ha
IXfo/6CnPtqVWcGQVqUdazg4vwGcjobA/hB89m5O0EcYdftZ78y6zwNjawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcoS54POF/s2Lz9LssKxvQdFtdyMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveHloTG5nODRYLXpZdlAwdXl3ckc5QjBXMTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHzmAMA0G
CSqGSIb3DQEBCwUAA4IBAQC+ypMDnLVqWNya0tvWDwCN8BqUZnVzWs32wdUFGRPq
FtlSCao+OjiaJHbbFl9nYSIwoMLvUFb4c32FokEV54lSlHt2ZruORRBFk+OvFKCh
zt/RbuVaJMk06v73AF7vJ30fDYNyAT39wz7dWr3VbbE12ak0483CdxyRBX9Fy6lu
Bllanp/O+VGlmo3NnmAnPc6uVOBfTw3T7PwkUs4IBXQapEZNayEucYIm2uz+xUEI
xQOjnPEqscGrys71MvuiNmsvqIBiD9z2hLXv5LaCHEvfPnOCUL+UcniF56W6uwyD
c4gTUOkhDHIeNAcxkjlJZZj/im0aK/n+nyjhw1PDdum9
-----END CERTIFICATE-----