Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/AsrOt557l1h00n6pkVtft6a66aI.roa
File:                     AsrOt557l1h00n6pkVtft6a66aI.roa (raw, json)
Hash identifier:          P8uIuV8VH7SkMIwGpury+3xmBvggRtyitJUCcK4sKeY=
Subject key identifier:   02:CA:CE:B7:9E:7B:97:58:74:D2:7E:A9:91:5B:5F:B7:A6:BA:E9:A2
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       019422FC35F4B8BC7CB2FBC8568EFFAAEAF0
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/AsrOt557l1h00n6pkVtft6a66aI.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        81.31.242.0/23 maxlen: 24
                          81.31.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:35:f4:b8:bc:7c:b2:fb:c8:56:8e:ff:aa:ea:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02caceb79e7b975874d27ea9915b5fb7a6bae9a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ff:3b:2f:82:61:1a:aa:5f:9b:1e:e2:7b:89:
                    fc:3e:e9:f7:db:b5:0c:fb:94:08:57:13:ac:1c:54:
                    ef:d0:49:a7:07:98:b0:ab:5d:73:50:d3:5c:d1:7f:
                    3a:1c:ed:2e:9c:4b:1a:40:fa:73:b6:e1:bf:0d:23:
                    74:23:5b:e5:70:ff:db:9d:4f:d9:ef:55:40:83:97:
                    11:e7:9b:dc:3a:80:f2:70:92:c7:c0:70:78:0f:92:
                    5c:c8:b6:db:fe:19:9b:bc:13:af:b4:af:55:4a:66:
                    0b:97:cb:d5:e4:7a:3f:59:db:bb:20:4e:2d:4c:25:
                    ad:f8:8c:75:28:14:7e:64:9a:c1:7b:61:0d:be:9c:
                    1f:c8:fd:db:cd:92:e2:0a:5b:da:44:52:7d:bc:9a:
                    16:cf:ca:5a:0b:62:cb:f6:2d:61:fa:fc:5e:93:f7:
                    84:68:e1:11:f5:33:17:d1:19:48:3e:5a:bb:be:05:
                    9e:ac:c3:6b:5c:3b:23:f2:ca:5f:61:47:f0:22:4e:
                    ee:17:73:1b:fc:8a:04:5d:25:8d:ec:99:53:b7:c1:
                    0d:ff:45:db:9b:22:00:47:ff:ae:a4:9b:5c:11:bc:
                    de:00:23:d8:e8:a8:c2:fd:53:0f:79:52:58:0f:d9:
                    10:ce:f7:b6:69:3c:e2:b9:89:68:9f:1a:13:0e:b0:
                    21:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CA:CE:B7:9E:7B:97:58:74:D2:7E:A9:91:5B:5F:B7:A6:BA:E9:A2
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/AsrOt557l1h00n6pkVtft6a66aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.242.0/23
                  81.31.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:ba:52:02:9e:fb:bd:3f:dd:00:28:89:0a:22:7d:e0:20:de:
         24:19:3e:49:1c:c2:e8:e0:f5:97:b3:91:f5:0e:21:c4:3c:e5:
         a5:61:41:94:16:df:93:38:bb:9a:c8:f3:0a:20:59:78:92:e5:
         55:4f:20:75:8f:57:05:16:24:4f:15:5d:72:37:c3:60:b1:02:
         cb:5a:cb:b1:b6:a6:de:46:d9:0b:25:90:f7:82:30:7e:79:6e:
         1b:db:60:ec:0c:14:6f:74:98:fc:9b:65:25:76:81:27:08:19:
         30:30:d4:9e:71:46:59:03:89:41:0b:89:75:26:f7:03:74:f6:
         a6:05:c6:eb:ec:d9:eb:b7:62:89:fc:b7:2b:6b:9f:80:5a:b6:
         db:43:cf:69:65:25:fd:1d:f3:21:53:01:5f:1a:01:22:12:ec:
         b9:db:db:de:19:85:94:5d:9a:23:e7:9b:1f:3a:36:bc:ac:0e:
         be:f4:9e:a4:60:41:ff:89:9c:d1:79:27:d5:b5:88:92:5d:6a:
         4e:4d:62:3f:d9:8c:8f:1c:29:6e:9c:90:d8:a1:59:4f:42:af:
         b4:6b:1e:d5:1a:a7:aa:92:9a:71:20:e0:2c:13:46:26:66:45:
         cb:d7:f3:76:96:20:76:ee:95:8a:f4:73:1f:2b:b7:e4:4e:18:
         ed:f4:0d:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/DX0uLx8svvIVo7/qurwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNhY2ViNzllN2I5NzU4NzRkMjdlYTk5MTViNWZiN2E2YmFlOWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8f87L4JhGqpfmx7ie4n8Pun327UM
+5QIVxOsHFTv0EmnB5iwq11zUNNc0X86HO0unEsaQPpztuG/DSN0I1vlcP/bnU/Z
71VAg5cR55vcOoDycJLHwHB4D5JcyLbb/hmbvBOvtK9VSmYLl8vV5Ho/Wdu7IE4t
TCWt+Ix1KBR+ZJrBe2ENvpwfyP3bzZLiClvaRFJ9vJoWz8paC2LL9i1h+vxek/eE
aOER9TMX0RlIPlq7vgWerMNrXDsj8spfYUfwIk7uF3Mb/IoEXSWN7JlTt8EN/0Xb
myIAR/+upJtcEbzeACPY6KjC/VMPeVJYD9kQzve2aTziuYlonxoTDrAhowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFALKzreee5dYdNJ+qZFbX7emuumiMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvQXNyT3Q1NTdsMWgwMG42cGtWdGZ0NmE2NmFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUR/yAwQC
UR/8MA0GCSqGSIb3DQEBCwUAA4IBAQADulICnvu9P90AKIkKIn3gIN4kGT5JHMLo
4PWXs5H1DiHEPOWlYUGUFt+TOLuayPMKIFl4kuVVTyB1j1cFFiRPFV1yN8NgsQLL
WsuxtqbeRtkLJZD3gjB+eW4b22DsDBRvdJj8m2UldoEnCBkwMNSecUZZA4lBC4l1
JvcDdPamBcbr7Nnrt2KJ/Lcra5+AWrbbQ89pZSX9HfMhUwFfGgEiEuy529veGYWU
XZoj55sfOja8rA6+9J6kYEH/iZzReSfVtYiSXWpOTWI/2YyPHClunJDYoVlPQq+0
ax7VGqeqkppxIOAsE0YmZkXL1/N2liB27pWK9HMfK7fkThjt9A0C
-----END CERTIFICATE-----