Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/1JbOtzxYDWM2qenUOTdlSY3fd5Q.roa
File:                     1JbOtzxYDWM2qenUOTdlSY3fd5Q.roa (raw, json)
Hash identifier:          29iS50bByv5wLzXr4K0Csf8RD3fhTCBvX8TAVNzMbwo=
Subject key identifier:   D4:96:CE:B7:3C:58:0D:63:36:A9:E9:D4:39:37:65:49:8D:DF:77:94
Certificate issuer:       /CN=8dc4587335c290ff8f2b374df24abe2333bced5e
Certificate serial:       01941FFA54F560E5389A8986A40844CF0481
Authority key identifier: 8D:C4:58:73:35:C2:90:FF:8F:2B:37:4D:F2:4A:BE:23:33:BC:ED:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/1JbOtzxYDWM2qenUOTdlSY3fd5Q.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51048
IP address blocks:        31.25.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:54:f5:60:e5:38:9a:89:86:a4:08:44:cf:04:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc4587335c290ff8f2b374df24abe2333bced5e
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d496ceb73c580d6336a9e9d4393765498ddf7794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b1:c1:b8:ee:93:b3:7c:4a:28:ad:df:99:63:
                    6e:5d:9d:d0:29:87:ed:c2:ee:a1:d9:6e:68:18:71:
                    67:13:a0:1f:d1:48:17:26:ac:c3:1e:35:7c:1f:2d:
                    06:c9:54:ec:d8:25:df:7c:69:89:ad:01:20:30:8b:
                    6f:2d:be:05:f4:57:f0:39:a0:41:33:fd:6f:f0:fa:
                    df:58:9b:01:71:b6:b1:e0:ee:eb:4a:d9:90:42:1f:
                    e0:74:55:f7:7f:4d:46:fc:2f:a9:09:e1:73:42:bb:
                    08:64:c4:78:6e:e0:bd:4f:53:a4:dc:ab:a0:2c:9b:
                    d4:be:f1:ee:08:e0:4b:31:d9:0c:d7:41:5b:aa:45:
                    8d:f7:b7:e2:36:36:e5:6d:f3:f1:d8:54:42:12:57:
                    ce:e6:e9:55:2c:17:00:23:ac:65:d5:e9:cb:ce:94:
                    58:d3:2f:66:a1:3d:d5:fe:a9:ec:af:50:c2:c9:dd:
                    9e:f0:fc:7c:4b:50:dc:09:e0:24:11:71:94:39:3c:
                    08:79:e7:ac:7b:28:ea:af:60:81:e1:86:8c:d1:fc:
                    a5:5a:92:51:99:2b:16:bb:af:26:90:d6:09:2e:d6:
                    44:48:0d:aa:ad:29:22:3c:8c:d2:b3:cb:3e:76:03:
                    0f:b3:83:a7:5f:e1:5e:0b:8f:5b:49:22:18:84:ee:
                    5e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:96:CE:B7:3C:58:0D:63:36:A9:E9:D4:39:37:65:49:8D:DF:77:94
            X509v3 Authority Key Identifier:
                keyid:8D:C4:58:73:35:C2:90:FF:8F:2B:37:4D:F2:4A:BE:23:33:BC:ED:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/1JbOtzxYDWM2qenUOTdlSY3fd5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:fa:fb:66:13:12:a4:b1:5d:eb:c3:d8:79:67:b8:4f:67:0b:
         f2:66:68:ca:db:4d:97:59:48:21:07:54:f6:74:f3:3e:59:cd:
         9b:3d:07:d1:a3:14:89:d6:c0:4c:55:c2:f4:5c:f9:9e:18:09:
         ee:9e:28:66:55:9b:f3:3e:41:07:b7:ea:9e:5d:ac:6a:02:2c:
         8b:17:88:e7:e3:0a:ec:cf:6b:4e:78:59:e1:9c:2b:ac:85:52:
         f5:28:bb:bd:4f:c3:4f:30:a8:15:5d:cb:a9:da:1c:24:43:dd:
         a8:80:04:e6:12:40:9a:1d:6f:f4:41:75:87:e7:0f:a1:c8:5a:
         98:cb:5a:62:bf:c2:26:b5:17:3c:35:f6:d7:fd:ba:1c:6f:99:
         00:5d:26:d7:60:41:91:dd:45:83:9a:e3:5c:fe:09:8a:5f:1c:
         b2:c3:4b:9f:ab:4b:68:e9:da:92:98:a7:24:27:f4:2d:0e:83:
         6d:83:ea:4b:db:8d:01:bc:af:1d:c1:ee:95:67:f5:41:3a:3d:
         ff:d3:b7:e1:58:70:4f:71:4b:79:2c:d9:d3:2c:92:f2:56:5b:
         40:77:52:13:66:d7:42:b4:bf:42:a7:7a:01:8c:20:9a:75:b3:
         7e:45:8d:84:5d:0c:ce:10:e6:e5:33:95:40:5a:dd:26:82:28:
         d2:05:72:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lT1YOU4momGpAhEzwSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzQ1ODczMzVjMjkwZmY4ZjJiMzc0ZGYyNGFiZTIzMzNi
Y2VkNWUwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDk2Y2ViNzNjNTgwZDYzMzZhOWU5ZDQzOTM3NjU0OThkZGY3Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobHBuO6Ts3xKKK3fmWNuXZ3QKYft
wu6h2W5oGHFnE6Af0UgXJqzDHjV8Hy0GyVTs2CXffGmJrQEgMItvLb4F9FfwOaBB
M/1v8PrfWJsBcbax4O7rStmQQh/gdFX3f01G/C+pCeFzQrsIZMR4buC9T1Ok3Kug
LJvUvvHuCOBLMdkM10FbqkWN97fiNjblbfPx2FRCElfO5ulVLBcAI6xl1enLzpRY
0y9moT3V/qnsr1DCyd2e8Px8S1DcCeAkEXGUOTwIeeeseyjqr2CB4YaM0fylWpJR
mSsWu68mkNYJLtZESA2qrSkiPIzSs8s+dgMPs4OnX+FeC49bSSIYhO5eOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSWzrc8WA1jNqnp1Dk3ZUmN33eUMB8GA1UdIwQY
MBaAFI3EWHM1wpD/jys3TfJKviMzvO1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNSWWN6WENrUC1QS3pkTjhrcS1Jek84N1Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNDgwMTctNTlkNC00MDk1LWJlZWYt
ZDYwNmQ5OTI1YWI3LzEvMUpiT3R6eFlEV00ycWVuVU9UZGxTWTNmZDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNDgwMTctNTlkNC00MDk1LWJlZWYtZDYwNmQ5OTI1YWI3
LzEvamNSWWN6WENrUC1QS3pkTjhrcS1Jek84N1Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxk6MA0G
CSqGSIb3DQEBCwUAA4IBAQA1+vtmExKksV3rw9h5Z7hPZwvyZmjK202XWUghB1T2
dPM+Wc2bPQfRoxSJ1sBMVcL0XPmeGAnunihmVZvzPkEHt+qeXaxqAiyLF4jn4wrs
z2tOeFnhnCushVL1KLu9T8NPMKgVXcup2hwkQ92ogATmEkCaHW/0QXWH5w+hyFqY
y1piv8ImtRc8NfbX/bocb5kAXSbXYEGR3UWDmuNc/gmKXxyyw0ufq0to6dqSmKck
J/QtDoNtg+pL240BvK8dwe6VZ/VBOj3/07fhWHBPcUt5LNnTLJLyVltAd1ITZtdC
tL9Cp3oBjCCadbN+RY2EXQzOEOblM5VAWt0mgijSBXI4
-----END CERTIFICATE-----