Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6f85b1-6a3c-408d-a39b-24f7f9436cec/1/LEgJcT1HJwyV1gNb8G6Nv4QQcdA.roa
File:                     LEgJcT1HJwyV1gNb8G6Nv4QQcdA.roa (raw, json)
Hash identifier:          MrTCL4S0d15bcXIlwlUs8e8j+hHw3EZvbQGkeB92Lzs=
Subject key identifier:   2C:48:09:71:3D:47:27:0C:95:D6:03:5B:F0:6E:8D:BF:84:10:71:D0
Certificate issuer:       /CN=8ea43bb38d6e0be8c289094ba4adf387d0de40a0
Certificate serial:       0194FF71E85E063D46B73FC68D65A1B47C31
Authority key identifier: 8E:A4:3B:B3:8D:6E:0B:E8:C2:89:09:4B:A4:AD:F3:87:D0:DE:40:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jqQ7s41uC-jCiQlLpK3zh9DeQKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6f85b1-6a3c-408d-a39b-24f7f9436cec/1/LEgJcT1HJwyV1gNb8G6Nv4QQcdA.roa
Signing time:             Thu 13 Feb 2025 13:14:02 +0000
ROA not before:           Thu 13 Feb 2025 13:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215161
IP address blocks:        31.22.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6f85b1-6a3c-408d-a39b-24f7f9436cec/1/jqQ7s41uC-jCiQlLpK3zh9DeQKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6f85b1-6a3c-408d-a39b-24f7f9436cec/1/jqQ7s41uC-jCiQlLpK3zh9DeQKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jqQ7s41uC-jCiQlLpK3zh9DeQKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ff:71:e8:5e:06:3d:46:b7:3f:c6:8d:65:a1:b4:7c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ea43bb38d6e0be8c289094ba4adf387d0de40a0
        Validity
            Not Before: Feb 13 13:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c4809713d47270c95d6035bf06e8dbf841071d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d8:ad:e7:54:59:82:cd:20:34:71:d1:92:3a:
                    c4:f9:d4:dc:4c:d4:78:5d:08:bd:1e:f5:fd:e6:70:
                    96:83:f9:6b:67:8e:c6:2c:08:4f:12:48:5c:98:76:
                    3f:40:08:3b:c1:90:c3:84:d4:ee:fa:b6:04:14:20:
                    f9:6c:60:3e:4a:d7:c1:8b:d2:da:8a:bd:3f:17:01:
                    83:cf:b4:fe:ec:7e:b6:28:40:c3:c4:b1:2e:34:97:
                    d4:bf:fe:a3:5e:e4:a8:5e:fc:d3:79:fa:a3:31:82:
                    a7:59:e8:7f:52:75:15:66:cf:1b:33:5c:93:32:ed:
                    4c:51:ad:50:87:c3:7f:55:d7:b7:eb:25:81:f7:68:
                    13:c7:12:70:c3:ac:61:14:b4:59:0a:e7:91:ab:23:
                    4b:b7:53:55:1d:72:51:02:a8:48:0f:aa:f0:4d:84:
                    2a:a8:1b:fe:26:bd:0a:00:d2:19:3a:73:77:3c:7f:
                    f6:18:33:d4:8f:58:e0:97:13:eb:61:18:54:78:6b:
                    79:57:41:fa:ee:05:62:ca:3f:fc:22:5c:ad:99:3b:
                    46:ea:0b:05:46:a8:66:8c:70:eb:05:aa:31:b3:87:
                    18:af:0f:06:22:ab:f0:29:cf:58:78:c7:57:67:cf:
                    bf:62:b6:2f:37:8b:f7:97:11:79:27:3c:4b:a8:3a:
                    01:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:48:09:71:3D:47:27:0C:95:D6:03:5B:F0:6E:8D:BF:84:10:71:D0
            X509v3 Authority Key Identifier:
                keyid:8E:A4:3B:B3:8D:6E:0B:E8:C2:89:09:4B:A4:AD:F3:87:D0:DE:40:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jqQ7s41uC-jCiQlLpK3zh9DeQKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6f85b1-6a3c-408d-a39b-24f7f9436cec/1/LEgJcT1HJwyV1gNb8G6Nv4QQcdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6f85b1-6a3c-408d-a39b-24f7f9436cec/1/jqQ7s41uC-jCiQlLpK3zh9DeQKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c3:07:7d:4c:54:f3:ab:ac:d3:ed:f4:f5:ce:26:1b:00:bf:
         80:87:99:9d:31:3c:f4:92:b1:91:86:ba:b9:8c:2c:c4:ac:d0:
         ed:0a:07:91:14:2e:8b:37:ac:f4:10:02:3d:09:6d:69:cd:8e:
         5e:b4:e3:25:12:9e:b7:c5:d0:e9:eb:15:f9:21:77:c1:fa:42:
         18:61:8a:bf:09:d3:dd:28:7c:09:b3:b5:a3:ed:0c:f8:5e:62:
         b6:ba:2e:76:cb:48:6c:30:86:85:dd:fd:06:3c:60:a2:77:90:
         86:92:53:c6:51:c0:c7:e4:42:ef:35:f2:29:97:f8:f9:20:85:
         4c:00:8b:58:a8:81:c1:dd:1f:f7:f3:a4:d6:4b:dd:b4:7e:03:
         c9:54:5e:83:43:5e:44:72:a4:b3:cd:b7:ec:c2:f5:55:b8:cf:
         99:1e:d3:88:8e:93:d7:02:be:b4:23:eb:a5:95:f1:73:bb:c7:
         e3:dd:62:5c:4d:07:c8:9e:eb:df:4d:f6:16:8f:42:9c:0e:1f:
         6f:a7:8f:79:f6:d0:25:fe:ba:c7:32:29:6b:bf:0e:4f:b3:e7:
         96:f7:10:77:5b:16:34:ba:30:d0:0d:92:d9:c6:d7:b4:ce:42:
         f4:ef:f3:40:bb:38:d7:6f:87:d8:11:0b:f8:17:95:6e:4d:10:
         a2:c1:d5:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT/ceheBj1Gtz/GjWWhtHwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYTQzYmIzOGQ2ZTBiZThjMjg5MDk0YmE0YWRmMzg3ZDBk
ZTQwYTAwHhcNMjUwMjEzMTMxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzQ4MDk3MTNkNDcyNzBjOTVkNjAzNWJmMDZlOGRiZjg0MTA3MWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptit51RZgs0gNHHRkjrE+dTcTNR4
XQi9HvX95nCWg/lrZ47GLAhPEkhcmHY/QAg7wZDDhNTu+rYEFCD5bGA+StfBi9La
ir0/FwGDz7T+7H62KEDDxLEuNJfUv/6jXuSoXvzTefqjMYKnWeh/UnUVZs8bM1yT
Mu1MUa1Qh8N/Vde36yWB92gTxxJww6xhFLRZCueRqyNLt1NVHXJRAqhID6rwTYQq
qBv+Jr0KANIZOnN3PH/2GDPUj1jglxPrYRhUeGt5V0H67gViyj/8IlytmTtG6gsF
RqhmjHDrBaoxs4cYrw8GIqvwKc9YeMdXZ8+/YrYvN4v3lxF5JzxLqDoBqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxICXE9RycMldYDW/Bujb+EEHHQMB8GA1UdIwQY
MBaAFI6kO7ONbgvowokJS6St84fQ3kCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanFRN3M0MXVDLWpDaVFsTHBLM3poOURlUUtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82Zjg1YjEtNmEzYy00MDhkLWEzOWIt
MjRmN2Y5NDM2Y2VjLzEvTEVnSmNUMUhKd3lWMWdOYjhHNk52NFFRY2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82Zjg1YjEtNmEzYy00MDhkLWEzOWItMjRmN2Y5NDM2Y2Vj
LzEvanFRN3M0MXVDLWpDaVFsTHBLM3poOURlUUtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxZ2MA0G
CSqGSIb3DQEBCwUAA4IBAQBGwwd9TFTzq6zT7fT1ziYbAL+Ah5mdMTz0krGRhrq5
jCzErNDtCgeRFC6LN6z0EAI9CW1pzY5etOMlEp63xdDp6xX5IXfB+kIYYYq/CdPd
KHwJs7Wj7Qz4XmK2ui52y0hsMIaF3f0GPGCid5CGklPGUcDH5ELvNfIpl/j5IIVM
AItYqIHB3R/386TWS920fgPJVF6DQ15EcqSzzbfswvVVuM+ZHtOIjpPXAr60I+ul
lfFzu8fj3WJcTQfInuvfTfYWj0KcDh9vp4959tAl/rrHMilrvw5Ps+eW9xB3WxY0
ujDQDZLZxte0zkL07/NAuzjXb4fYEQv4F5VuTRCiwdVq
-----END CERTIFICATE-----