Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/DgGUdPH4yyo9Vx65CiZdtzd3798.roa
File:                     DgGUdPH4yyo9Vx65CiZdtzd3798.roa (raw, json)
Hash identifier:          X4MgidQc/KEcOswc25QGUR5QQIhKifKiJUeVy65QCH4=
Subject key identifier:   0E:01:94:74:F1:F8:CB:2A:3D:57:1E:B9:0A:26:5D:B7:37:77:EF:DF
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018FBFE0E23B5AD3FB5C0504F3687E236D01
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/DgGUdPH4yyo9Vx65CiZdtzd3798.roa
Signing time:             Tue 28 May 2024 15:45:37 +0000
ROA not before:           Tue 28 May 2024 15:45:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212541
IP address blocks:        31.24.249.0/24 maxlen: 32
                          2a12:4946:4050::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:e0:e2:3b:5a:d3:fb:5c:05:04:f3:68:7e:23:6d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: May 28 15:45:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e019474f1f8cb2a3d571eb90a265db73777efdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f3:dd:b1:4f:e5:64:44:76:cb:7e:df:b2:58:
                    f4:ba:1b:33:5f:5d:cd:f0:b0:b3:08:16:39:07:a1:
                    9e:6c:53:72:40:b9:ee:50:db:c1:72:5e:e2:ed:f9:
                    f8:8d:cd:31:f8:15:32:7a:f8:e7:27:5b:d6:07:f5:
                    d4:b1:9c:08:f2:21:eb:7b:a9:b0:73:a4:e8:84:ce:
                    c3:8e:0c:a6:e0:69:8f:32:21:72:18:60:a4:13:b3:
                    58:00:0a:5e:9b:cb:44:59:e6:2a:8d:5d:69:a2:b8:
                    f5:40:36:db:21:0f:a0:e2:28:1a:d9:23:d6:f0:4a:
                    d1:f3:5b:60:42:43:11:0f:33:dd:41:28:7a:88:ce:
                    3f:e2:d4:9c:8e:fb:46:78:2b:3d:59:53:01:3f:d8:
                    b5:9a:01:62:ee:b1:0a:3e:04:14:a2:03:c2:15:98:
                    dc:e1:f7:51:f0:b1:77:e7:09:90:dd:61:07:cc:d7:
                    c1:52:45:9a:07:da:75:0d:3e:f0:bb:da:b1:cc:a6:
                    16:34:ed:77:7d:f9:18:7a:88:d6:33:33:27:18:7d:
                    70:9e:fb:f3:c8:3c:59:98:97:50:b0:ab:22:6d:ee:
                    0b:b2:5b:da:b6:ba:bb:ad:17:62:21:d3:d7:39:6c:
                    9a:6e:7a:82:23:c4:10:2e:b4:24:2b:09:c4:d4:d9:
                    cb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:01:94:74:F1:F8:CB:2A:3D:57:1E:B9:0A:26:5D:B7:37:77:EF:DF
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/DgGUdPH4yyo9Vx65CiZdtzd3798.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.249.0/24
                IPv6:
                  2a12:4946:4050::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:55:9a:82:35:7b:63:6a:83:4d:17:e8:ea:5c:82:51:5c:0d:
         f2:0e:ba:72:3d:79:2d:b1:0e:c0:c4:00:1d:14:a4:ae:6a:0f:
         5d:e4:b6:b2:fc:15:ab:ad:30:90:73:a3:37:ea:6f:58:9d:50:
         65:8b:9b:c5:2d:02:39:f7:f6:ed:20:52:e3:6b:65:ee:85:02:
         4a:9f:0b:fe:3e:7f:f2:24:e3:f1:a7:54:34:d2:4d:7c:6c:1c:
         82:f5:38:fe:ea:78:a8:2a:51:6b:54:40:12:d6:aa:b4:77:1c:
         5b:49:3b:1c:9b:8a:ea:e3:0d:61:fb:c0:ee:11:41:15:6f:d8:
         02:6b:62:34:9c:f6:12:b9:f1:e0:b3:da:d5:8b:66:19:80:c2:
         27:9e:11:0c:26:22:ab:70:5a:03:f4:45:34:d0:ad:02:92:05:
         e7:32:a7:b4:99:b3:64:3b:bc:08:c8:88:0a:fa:47:0f:02:fb:
         7f:63:64:63:5c:2c:ec:ae:79:20:3e:17:f2:6a:ea:db:a5:11:
         b0:56:78:a5:8f:4c:19:34:f2:87:fa:ed:04:0a:67:e9:0a:21:
         d6:f3:e9:a3:6e:ed:60:f4:d5:9c:c5:c1:b6:30:e8:9f:da:df:
         f6:97:93:50:55:03:c0:c1:f5:5f:9a:df:33:88:23:0c:6d:c4:
         fd:78:64:5a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+/4OI7WtP7XAUE82h+I20BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwNTI4MTU0NTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTAxOTQ3NGYxZjhjYjJhM2Q1NzFlYjkwYTI2NWRiNzM3NzdlZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovPdsU/lZER2y37fslj0uhszX13N
8LCzCBY5B6GebFNyQLnuUNvBcl7i7fn4jc0x+BUyevjnJ1vWB/XUsZwI8iHre6mw
c6TohM7Djgym4GmPMiFyGGCkE7NYAApem8tEWeYqjV1porj1QDbbIQ+g4iga2SPW
8ErR81tgQkMRDzPdQSh6iM4/4tScjvtGeCs9WVMBP9i1mgFi7rEKPgQUogPCFZjc
4fdR8LF35wmQ3WEHzNfBUkWaB9p1DT7wu9qxzKYWNO13ffkYeojWMzMnGH1wnvvz
yDxZmJdQsKsibe4Lslvatrq7rRdiIdPXOWyabnqCI8QQLrQkKwnE1NnLqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA4BlHTx+MsqPVceuQomXbc3d+/fMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvRGdHVWRQSDR5eW85Vng2NUNpWmR0emQzNzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAHxj5MA8E
AgACMAkDBwQqEklGQFAwDQYJKoZIhvcNAQELBQADggEBAIFVmoI1e2Nqg00X6Opc
glFcDfIOunI9eS2xDsDEAB0UpK5qD13ktrL8FautMJBzozfqb1idUGWLm8UtAjn3
9u0gUuNrZe6FAkqfC/4+f/Ik4/GnVDTSTXxsHIL1OP7qeKgqUWtUQBLWqrR3HFtJ
OxybiurjDWH7wO4RQRVv2AJrYjSc9hK58eCz2tWLZhmAwieeEQwmIqtwWgP0RTTQ
rQKSBecyp7SZs2Q7vAjIiAr6Rw8C+39jZGNcLOyueSA+F/Jq6tulEbBWeKWPTBk0
8of67QQKZ+kKIdbz6aNu7WD01ZzFwbYw6J/a3/aXk1BVA8DB9V+a3zOIIwxtxP14
ZFo=
-----END CERTIFICATE-----