Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y6olD8Ag-OoNxo9keFvIfbPCUaE.roa
File:                     y6olD8Ag-OoNxo9keFvIfbPCUaE.roa (raw, json)
Hash identifier:          pu1MKvc12jPBG8VMWZBPm3alTjIo2+/N/IX8s/1FSxo=
Subject key identifier:   CB:AA:25:0F:C0:20:F8:EA:0D:C6:8F:64:78:5B:C8:7D:B3:C2:51:A1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0194282389B02F7B2BEF298FA9523C3FEE62
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y6olD8Ag-OoNxo9keFvIfbPCUaE.roa
Signing time:             Thu 02 Jan 2025 17:50:05 +0000
ROA not before:           Thu 02 Jan 2025 17:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400810
IP address blocks:        31.56.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:89:b0:2f:7b:2b:ef:29:8f:a9:52:3c:3f:ee:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbaa250fc020f8ea0dc68f64785bc87db3c251a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9c:fb:c9:63:2f:59:86:6f:0c:9d:34:32:15:
                    3d:3f:78:93:20:e6:a2:a1:f3:c1:93:8a:c2:f3:d3:
                    02:70:4d:e8:e3:61:5a:6b:6b:c0:8b:96:3d:f0:96:
                    69:ed:c7:87:8c:d3:00:6f:fe:d9:3e:d6:1c:10:c4:
                    2b:fa:c6:fe:ad:54:04:0e:c5:4f:6d:b4:43:c7:d5:
                    8e:59:ef:d1:4b:37:57:6e:83:92:7e:2c:61:12:a6:
                    38:6d:c1:7f:63:3e:62:34:97:45:61:aa:b7:40:78:
                    c9:b9:45:33:83:09:3c:af:7b:29:f9:20:e1:34:b8:
                    d8:70:e3:b4:f6:97:22:94:25:16:3c:3a:9c:d7:bb:
                    f0:8f:48:61:5c:43:2f:fc:58:c3:9d:59:91:4c:ab:
                    12:1e:a4:4f:1c:9d:6d:bf:9d:70:81:73:59:9a:29:
                    4e:ee:c1:98:b7:c7:db:2b:5a:8c:dd:bf:84:cf:17:
                    e7:22:9c:c0:05:bb:00:92:49:88:91:85:29:c6:99:
                    54:d0:80:67:a5:f9:dc:1f:40:2d:68:17:5a:82:0f:
                    95:07:2f:6e:33:e3:36:29:4d:89:25:85:d8:8e:ad:
                    77:e6:c9:4e:26:8a:35:57:a4:34:7d:1c:12:50:75:
                    94:c2:c4:38:15:61:98:c1:c1:65:ef:68:a1:f6:c4:
                    b4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:AA:25:0F:C0:20:F8:EA:0D:C6:8F:64:78:5B:C8:7D:B3:C2:51:A1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/y6olD8Ag-OoNxo9keFvIfbPCUaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:60:b1:f4:2d:72:9d:aa:0c:20:58:40:07:a9:74:ce:54:df:
         dc:87:68:13:e4:6c:98:3f:b7:b1:b5:49:11:40:80:29:e5:1b:
         c9:80:9b:58:36:09:30:7a:7b:c3:16:de:cf:8b:5f:12:a1:ab:
         96:29:76:4c:86:f4:f2:52:d6:59:fa:37:f8:81:49:e6:33:2b:
         51:1d:90:b2:15:7c:17:1e:7a:3c:af:f2:5d:b0:20:ff:fc:27:
         6d:3f:30:38:b6:6f:e0:04:b9:75:03:97:39:a7:d9:d2:a8:ec:
         6d:5b:1f:b4:16:06:33:d8:99:06:97:20:90:2f:c1:c6:82:16:
         c2:c4:6f:e9:bf:28:e5:8b:4d:1c:00:d0:cb:3a:1e:c8:eb:16:
         35:1e:03:9c:90:d5:fc:3a:51:0d:06:b3:ef:6d:2b:cb:ca:fe:
         a5:61:2c:74:7e:89:c5:12:4f:46:13:0c:54:f2:5a:a9:7e:82:
         f9:b6:e3:29:c0:b8:2c:e5:98:b3:34:23:8c:7f:97:e5:0f:e5:
         48:67:15:37:60:44:dc:cd:e1:bf:3b:9d:d9:7c:0a:03:83:6a:
         92:b9:20:39:f7:8a:d0:a0:25:8b:f8:be:d5:b9:bb:2d:24:a4:
         66:f8:ae:ef:75:f6:3a:ca:98:cf:6f:e5:34:6a:05:3a:bc:9d:
         84:5a:57:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4mwL3sr7ymPqVI8P+5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFhMjUwZmMwMjBmOGVhMGRjNjhmNjQ3ODViYzg3ZGIzYzI1MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpz7yWMvWYZvDJ00MhU9P3iTIOai
ofPBk4rC89MCcE3o42Faa2vAi5Y98JZp7ceHjNMAb/7ZPtYcEMQr+sb+rVQEDsVP
bbRDx9WOWe/RSzdXboOSfixhEqY4bcF/Yz5iNJdFYaq3QHjJuUUzgwk8r3sp+SDh
NLjYcOO09pcilCUWPDqc17vwj0hhXEMv/FjDnVmRTKsSHqRPHJ1tv51wgXNZmilO
7sGYt8fbK1qM3b+EzxfnIpzABbsAkkmIkYUpxplU0IBnpfncH0AtaBdagg+VBy9u
M+M2KU2JJYXYjq135slOJoo1V6Q0fRwSUHWUwsQ4FWGYwcFl72ih9sS0QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuqJQ/AIPjqDcaPZHhbyH2zwlGhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEveTZvbEQ4QWctT29OeG85a2VGdklmYlBDVWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHzgUMA0G
CSqGSIb3DQEBCwUAA4IBAQC5YLH0LXKdqgwgWEAHqXTOVN/ch2gT5GyYP7extUkR
QIAp5RvJgJtYNgkwenvDFt7Pi18SoauWKXZMhvTyUtZZ+jf4gUnmMytRHZCyFXwX
Hno8r/JdsCD//CdtPzA4tm/gBLl1A5c5p9nSqOxtWx+0FgYz2JkGlyCQL8HGghbC
xG/pvyjli00cANDLOh7I6xY1HgOckNX8OlENBrPvbSvLyv6lYSx0fonFEk9GEwxU
8lqpfoL5tuMpwLgs5ZizNCOMf5flD+VIZxU3YETczeG/O53ZfAoDg2qSuSA594rQ
oCWL+L7VubstJKRm+K7vdfY6ypjPb+U0agU6vJ2EWldP
-----END CERTIFICATE-----