Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/RjOBwIFljRUhiVrI9XvSXMwaJck.roa
File:                     RjOBwIFljRUhiVrI9XvSXMwaJck.roa (raw, json)
Hash identifier:          ZAwxVD/8E3+xj0G2CJTbEAoUfa1sKt4feqSdrZWNfig=
Subject key identifier:   46:33:81:C0:81:65:8D:15:21:89:5A:C8:F5:7B:D2:5C:CC:1A:25:C9
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       018FC20ADBC60AF3B842CA0516EDA14AA3FB
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/RjOBwIFljRUhiVrI9XvSXMwaJck.roa
Signing time:             Wed 29 May 2024 01:50:42 +0000
ROA not before:           Wed 29 May 2024 01:50:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57456
IP address blocks:        31.24.87.0/24 maxlen: 24
                          185.124.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 02:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c2:0a:db:c6:0a:f3:b8:42:ca:05:16:ed:a1:4a:a3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: May 29 01:50:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=463381c081658d1521895ac8f57bd25ccc1a25c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:88:42:f2:63:9b:e7:41:32:5f:25:66:27:
                    bc:00:5a:55:69:75:a4:49:f2:4f:7b:57:b2:6e:80:
                    d3:ff:d7:95:95:d6:fe:70:6e:93:ba:1c:44:f7:03:
                    9d:88:51:31:98:35:5d:45:59:20:8a:8c:21:05:e1:
                    03:e6:e1:89:1a:f4:af:46:63:08:4b:d2:3f:a5:3a:
                    79:30:3c:2a:3a:51:dc:1a:e5:5e:c7:c1:b5:8c:64:
                    ac:b9:ba:90:4f:c1:2d:38:fd:1f:c1:50:cd:be:7c:
                    a6:8c:2b:c9:00:97:48:8c:a2:46:80:26:20:b3:ff:
                    b3:2d:f8:a7:cd:c1:04:21:bb:3e:05:8d:cc:39:ea:
                    e1:70:0a:a4:e0:e3:7f:03:2d:2e:e2:22:83:f2:8c:
                    3c:4a:30:87:c6:b0:dd:16:3a:5d:f5:19:54:b3:b0:
                    9d:85:95:be:cc:60:ac:c6:b1:1a:40:fe:d0:3f:d4:
                    87:da:d8:b7:0f:91:c7:ca:cd:8b:1e:6a:95:50:52:
                    c3:72:20:5b:e0:25:3c:e2:8e:46:1c:4e:3f:aa:39:
                    f2:4e:28:37:0b:95:f0:0a:8f:96:d3:aa:eb:28:c3:
                    e0:43:41:49:e7:34:dd:60:2c:5d:78:36:71:f1:53:
                    ce:52:16:70:2a:a8:2d:e5:7b:30:60:bb:2f:8b:8c:
                    bd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:33:81:C0:81:65:8D:15:21:89:5A:C8:F5:7B:D2:5C:CC:1A:25:C9
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/RjOBwIFljRUhiVrI9XvSXMwaJck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.87.0/24
                  185.124.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:39:dd:15:c0:e4:75:a2:f9:5d:9e:a3:89:27:85:35:15:60:
         d6:4c:27:28:23:8b:d1:3b:3d:7a:4c:79:3a:d8:83:10:12:22:
         d6:64:e2:88:d7:1a:18:d9:2b:01:ab:ed:0e:39:a8:1d:2a:23:
         81:07:8c:ed:0f:91:43:74:6f:06:e4:74:ba:af:f2:57:43:47:
         a6:c0:ae:da:f2:ad:b1:22:ed:41:72:e3:30:cd:d1:37:e2:9d:
         75:82:1b:ab:60:35:2f:b2:ec:9c:c0:c8:64:f8:5a:af:b3:cf:
         b8:59:3e:70:b6:ae:6b:26:26:fb:60:af:65:8c:ba:f0:d6:dd:
         c4:02:20:32:4a:e4:2c:3b:99:31:00:2c:05:fe:16:fb:77:70:
         e5:d2:8c:75:79:82:46:5c:17:98:84:b6:5b:40:a5:95:34:04:
         27:6e:03:98:8c:0d:79:23:3e:97:4a:7a:59:5b:13:b4:0f:50:
         59:cd:fb:91:50:13:44:99:f3:93:27:ce:a0:b3:32:f7:81:71:
         71:a3:af:0d:6c:b9:29:c5:92:7e:fe:dd:2f:33:c4:6e:fb:84:
         94:90:6c:06:b0:41:b6:c8:61:9b:6b:fe:7d:ad:f2:d5:12:95:
         e3:73:b6:c2:d0:b6:55:09:3e:b0:2c:0b:bb:99:b3:19:7f:68:
         3e:af:3b:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/CCtvGCvO4QsoFFu2hSqP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjQwNTI5MDE1MDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjMzODFjMDgxNjU4ZDE1MjE4OTVhYzhmNTdiZDI1Y2NjMWEyNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEaIQvJjm+dBMl8lZie8AFpVaXWk
SfJPe1eyboDT/9eVldb+cG6TuhxE9wOdiFExmDVdRVkgiowhBeED5uGJGvSvRmMI
S9I/pTp5MDwqOlHcGuVex8G1jGSsubqQT8EtOP0fwVDNvnymjCvJAJdIjKJGgCYg
s/+zLfinzcEEIbs+BY3MOerhcAqk4ON/Ay0u4iKD8ow8SjCHxrDdFjpd9RlUs7Cd
hZW+zGCsxrEaQP7QP9SH2ti3D5HHys2LHmqVUFLDciBb4CU84o5GHE4/qjnyTig3
C5XwCo+W06rrKMPgQ0FJ5zTdYCxdeDZx8VPOUhZwKqgt5XswYLsvi4y9pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEYzgcCBZY0VIYlayPV70lzMGiXJMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvUmpPQndJRmxqUlVoaVZySTlYdlNYTXdhSmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHxhXAwQA
uXxAMA0GCSqGSIb3DQEBCwUAA4IBAQBWOd0VwOR1ovldnqOJJ4U1FWDWTCcoI4vR
Oz16THk62IMQEiLWZOKI1xoY2SsBq+0OOagdKiOBB4ztD5FDdG8G5HS6r/JXQ0em
wK7a8q2xIu1BcuMwzdE34p11ghurYDUvsuycwMhk+Fqvs8+4WT5wtq5rJib7YK9l
jLrw1t3EAiAySuQsO5kxACwF/hb7d3Dl0ox1eYJGXBeYhLZbQKWVNAQnbgOYjA15
Iz6XSnpZWxO0D1BZzfuRUBNEmfOTJ86gszL3gXFxo68NbLkpxZJ+/t0vM8Ru+4SU
kGwGsEG2yGGba/59rfLVEpXjc7bC0LZVCT6wLAu7mbMZf2g+rzvX
-----END CERTIFICATE-----