Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zkGHAEsRe-kzgL3jpmTBQzU2kfI.roa
File:                     zkGHAEsRe-kzgL3jpmTBQzU2kfI.roa (raw, json)
Hash identifier:          96m1wO1ZMdXg3o47jX09fRqAp8BU6alV/6BdJmZOTes=
Subject key identifier:   CE:41:87:00:4B:11:7B:E9:33:80:BD:E3:A6:64:C1:43:35:36:91:F2
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019317B1B36F42E31A6EABC89C2340577945
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zkGHAEsRe-kzgL3jpmTBQzU2kfI.roa
Signing time:             Sun 10 Nov 2024 20:09:01 +0000
ROA not before:           Sun 10 Nov 2024 20:09:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211215
IP address blocks:        31.58.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:17:b1:b3:6f:42:e3:1a:6e:ab:c8:9c:23:40:57:79:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Nov 10 20:09:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce4187004b117be93380bde3a664c143353691f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:75:09:21:c6:29:59:cb:d0:ee:a7:bb:d6:35:
                    ab:02:07:27:90:a6:90:6c:cc:b5:e7:3c:e7:47:64:
                    b3:ca:bb:6e:23:05:e7:1c:94:d5:ae:81:dc:ab:59:
                    0f:66:2d:82:7a:1f:fb:7b:98:9a:dc:c7:c5:a1:73:
                    8c:20:06:6b:31:a9:1c:5d:9d:7d:d2:47:97:6f:2a:
                    c4:1f:7e:1a:8a:3c:d7:57:0f:6d:f3:73:ee:91:ab:
                    06:2e:9b:49:04:78:34:43:f3:e1:5a:4b:3d:0c:2d:
                    7a:73:6c:28:50:52:58:4b:32:53:c0:98:91:b5:fd:
                    dd:ef:8b:68:7a:10:74:df:81:a6:0a:9b:c3:3a:b9:
                    e2:f2:44:f4:39:9b:b7:18:15:3d:94:1c:42:cf:3d:
                    76:3c:b4:b7:1b:af:fc:c4:a3:bb:35:00:ad:ba:e4:
                    32:43:ae:55:10:57:77:b3:0b:8c:96:7f:e9:7e:de:
                    58:53:de:74:ab:d7:6f:93:14:84:9c:15:a2:99:ef:
                    d7:87:f6:22:2e:10:f1:e7:3d:bf:b8:d5:84:16:a7:
                    e6:e0:31:68:a3:90:4e:e9:59:06:03:bc:c2:b0:d0:
                    2e:7e:2d:60:c4:11:0c:90:ce:8f:bd:f8:5b:8c:40:
                    b8:d1:14:8f:45:4c:38:4a:ee:f6:17:a4:f3:23:81:
                    ec:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:41:87:00:4B:11:7B:E9:33:80:BD:E3:A6:64:C1:43:35:36:91:F2
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/zkGHAEsRe-kzgL3jpmTBQzU2kfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.58.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:e2:04:d2:ec:89:86:0c:bf:21:f3:60:74:a1:18:fc:c4:e3:
         d8:29:4c:c2:27:1c:a0:da:42:d3:8e:28:27:84:a6:e3:49:a9:
         9c:fe:6e:f3:36:3d:62:a6:cc:5d:25:87:42:53:c2:42:1c:2f:
         fc:cd:5c:d2:46:9c:90:f5:9a:b7:dc:c0:60:38:df:45:34:0d:
         62:76:11:b8:05:1c:35:d7:e0:df:93:20:e2:fa:4d:d3:29:43:
         02:9d:e1:d7:17:6b:81:af:1e:f1:ed:cb:53:a1:2b:96:c8:07:
         b8:e4:ae:e2:65:93:35:c0:c0:1c:d3:6f:fb:d5:94:23:fe:0c:
         c7:78:d9:f1:ae:e4:e4:82:ff:7f:eb:73:45:05:4a:94:95:b5:
         d0:39:24:c7:d1:ea:ea:3e:ba:3b:3f:d1:cb:da:60:46:d1:41:
         56:3e:1c:ae:66:98:4e:fa:c1:1d:d8:01:75:81:8c:35:dc:1d:
         0a:42:0b:04:b4:a3:5b:6c:33:d9:77:12:f4:8f:02:76:97:dd:
         3f:12:5c:52:aa:8a:f8:29:f3:54:da:f4:9f:ad:0b:96:a4:1b:
         53:6e:b4:2c:34:58:1d:23:c4:47:ba:83:b8:72:b0:fd:51:e6:
         8b:8b:cb:f3:14:fc:3d:91:5d:22:1e:cf:97:84:ae:ec:30:92:
         e2:98:d3:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMXsbNvQuMabqvInCNAV3lFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMTEwMjAwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQxODcwMDRiMTE3YmU5MzM4MGJkZTNhNjY0YzE0MzM1MzY5MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03UJIcYpWcvQ7qe71jWrAgcnkKaQ
bMy15zznR2SzyrtuIwXnHJTVroHcq1kPZi2Ceh/7e5ia3MfFoXOMIAZrMakcXZ19
0keXbyrEH34aijzXVw9t83PukasGLptJBHg0Q/PhWks9DC16c2woUFJYSzJTwJiR
tf3d74toehB034GmCpvDOrni8kT0OZu3GBU9lBxCzz12PLS3G6/8xKO7NQCtuuQy
Q65VEFd3swuMln/pft5YU950q9dvkxSEnBWime/Xh/YiLhDx5z2/uNWEFqfm4DFo
o5BO6VkGA7zCsNAufi1gxBEMkM6PvfhbjEC40RSPRUw4Su72F6TzI4HsfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5BhwBLEXvpM4C946ZkwUM1NpHyMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvemtHSEFFc1JlLWt6Z0wzanBtVEJRelUya2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHzr4MA0G
CSqGSIb3DQEBCwUAA4IBAQCV4gTS7ImGDL8h82B0oRj8xOPYKUzCJxyg2kLTjign
hKbjSamc/m7zNj1ipsxdJYdCU8JCHC/8zVzSRpyQ9Zq33MBgON9FNA1idhG4BRw1
1+DfkyDi+k3TKUMCneHXF2uBrx7x7ctToSuWyAe45K7iZZM1wMAc02/71ZQj/gzH
eNnxruTkgv9/63NFBUqUlbXQOSTH0erqPro7P9HL2mBG0UFWPhyuZphO+sEd2AF1
gYw13B0KQgsEtKNbbDPZdxL0jwJ2l90/ElxSqor4KfNU2vSfrQuWpBtTbrQsNFgd
I8RHuoO4crD9UeaLi8vzFPw9kV0iHs+XhK7sMJLimNO5
-----END CERTIFICATE-----