Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WAhJZAlTDUaB6vmjVLZqksIGzmk.roa
File:                     WAhJZAlTDUaB6vmjVLZqksIGzmk.roa (raw, json)
Hash identifier:          Ik7C6qmxni3KBC9zQeT1wej9gtYUxK6ifPjNRKdWczs=
Subject key identifier:   58:08:49:64:09:53:0D:46:81:EA:F9:A3:54:B6:6A:92:C2:06:CE:69
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0194266C2D2D0D8A8F79CC59EFEE7D62F251
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WAhJZAlTDUaB6vmjVLZqksIGzmk.roa
Signing time:             Thu 02 Jan 2025 09:50:11 +0000
ROA not before:           Thu 02 Jan 2025 09:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204415
IP address blocks:        31.192.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2d:2d:0d:8a:8f:79:cc:59:ef:ee:7d:62:f2:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  2 09:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5808496409530d4681eaf9a354b66a92c206ce69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:55:67:47:15:cc:e4:c2:24:c7:ab:9a:b9:2b:
                    9b:aa:fb:fe:15:11:b8:fa:b9:d3:b8:74:57:46:5e:
                    e7:9e:c2:4f:14:b9:36:a3:e2:96:d7:02:58:2b:d8:
                    33:2b:11:c9:eb:73:6e:ba:69:5c:8f:78:82:45:9f:
                    87:4a:d3:d4:6b:94:3f:c7:d7:a4:48:a8:ca:fd:5c:
                    27:46:df:2d:83:a2:c7:a1:71:52:3a:18:7c:1a:ac:
                    72:2f:db:ef:ab:f9:df:06:6b:fa:21:ef:1f:e6:24:
                    00:28:6b:41:66:bc:46:1c:52:a0:b4:e9:a4:88:23:
                    39:63:3e:24:d2:f3:df:13:98:98:8e:a6:91:15:55:
                    cf:f4:18:83:05:85:c2:03:f0:72:04:70:d3:07:f9:
                    af:6c:2f:70:b6:7c:c8:cf:5f:7a:b4:94:1b:d2:62:
                    74:64:7f:93:18:5f:aa:75:fa:7a:dc:ce:8b:b4:2d:
                    51:de:96:e5:d6:9c:d8:33:ee:c0:7d:d5:34:a6:ba:
                    05:e1:21:f8:09:69:a9:ef:77:a4:c0:51:d0:98:83:
                    12:f7:92:3a:d2:14:f2:07:6b:f5:09:b5:f1:df:30:
                    b4:88:db:11:28:2a:18:93:4e:26:08:2e:43:fe:c9:
                    ec:5d:38:b6:6c:0e:df:4f:1c:4a:ad:ce:d0:02:32:
                    34:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:08:49:64:09:53:0D:46:81:EA:F9:A3:54:B6:6A:92:C2:06:CE:69
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WAhJZAlTDUaB6vmjVLZqksIGzmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:3b:4c:f9:34:79:f3:be:c6:a2:d5:e6:9e:1c:50:2d:5a:d7:
         11:0d:26:4c:c6:90:4f:46:84:f4:1d:34:2a:f2:61:c9:c0:4f:
         3f:0c:8d:40:0d:e7:08:d1:08:c9:dc:63:4e:16:55:ea:68:f2:
         53:16:c6:f4:72:62:f5:63:18:0e:76:79:c1:ca:ee:46:ef:ba:
         77:f0:df:9e:f2:17:e9:75:7c:f6:a7:75:ad:db:1a:18:47:fb:
         41:39:ac:c8:87:26:e1:ef:4b:1e:a0:c6:0b:6a:fe:f4:f8:da:
         d5:d8:6f:d2:3e:49:71:de:7b:b4:d7:2e:ee:f6:b5:e9:9c:37:
         b7:99:f8:4f:2e:51:ef:cd:8a:f9:7f:99:d8:76:8d:f1:60:68:
         70:9a:83:27:49:aa:61:83:c9:d1:c5:a4:de:fb:c0:88:2a:b6:
         d4:16:ec:2a:8f:96:09:11:39:92:56:60:72:a3:4e:b9:0e:79:
         0e:8f:99:3f:70:bd:35:09:aa:36:f1:80:34:e3:f7:bc:23:8f:
         8e:04:21:20:6b:72:f4:7c:14:7a:e2:66:0f:72:eb:6f:d8:a2:
         e2:e3:0e:cb:28:02:e1:a0:8e:e6:29:d7:37:a9:c8:93:79:a2:
         23:18:92:2c:b2:06:c5:84:68:de:1d:a1:b5:74:39:63:f8:c7:
         b7:f0:14:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbC0tDYqPecxZ7+59YvJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwMTAyMDk1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODA4NDk2NDA5NTMwZDQ2ODFlYWY5YTM1NGI2NmE5MmMyMDZjZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlVnRxXM5MIkx6uauSubqvv+FRG4
+rnTuHRXRl7nnsJPFLk2o+KW1wJYK9gzKxHJ63Nuumlcj3iCRZ+HStPUa5Q/x9ek
SKjK/VwnRt8tg6LHoXFSOhh8GqxyL9vvq/nfBmv6Ie8f5iQAKGtBZrxGHFKgtOmk
iCM5Yz4k0vPfE5iYjqaRFVXP9BiDBYXCA/ByBHDTB/mvbC9wtnzIz196tJQb0mJ0
ZH+TGF+qdfp63M6LtC1R3pbl1pzYM+7AfdU0proF4SH4CWmp73ekwFHQmIMS95I6
0hTyB2v1CbXx3zC0iNsRKCoYk04mCC5D/snsXTi2bA7fTxxKrc7QAjI0zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgISWQJUw1Gger5o1S2apLCBs5pMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvV0FoSlpBbFREVWFCNnZtalZMWnFrc0lHem1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8D3MA0G
CSqGSIb3DQEBCwUAA4IBAQBfO0z5NHnzvsai1eaeHFAtWtcRDSZMxpBPRoT0HTQq
8mHJwE8/DI1ADecI0QjJ3GNOFlXqaPJTFsb0cmL1YxgOdnnByu5G77p38N+e8hfp
dXz2p3Wt2xoYR/tBOazIhybh70seoMYLav70+NrV2G/SPklx3nu01y7u9rXpnDe3
mfhPLlHvzYr5f5nYdo3xYGhwmoMnSaphg8nRxaTe+8CIKrbUFuwqj5YJETmSVmBy
o065DnkOj5k/cL01Cao28YA04/e8I4+OBCEga3L0fBR64mYPcutv2KLi4w7LKALh
oI7mKdc3qciTeaIjGJIssgbFhGjeHaG1dDlj+Me38BS1
-----END CERTIFICATE-----