Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/T1KxzYg5ki8jROBXHnXsuuF1Usc.roa
File:                     T1KxzYg5ki8jROBXHnXsuuF1Usc.roa (raw, json)
Hash identifier:          pSMvp0rn5YAkLffVlSaMpmmw60CI4RpSAuDI1ZJ7Bys=
Subject key identifier:   4F:52:B1:CD:88:39:92:2F:23:44:E0:57:1E:75:EC:BA:E1:75:52:C7
Certificate issuer:       /CN=a2cbe9aba1ff7564d913ed78672e3371b7f35824
Certificate serial:       019425FD73AB05C604015ADCAA9A2FEE4886
Authority key identifier: A2:CB:E9:AB:A1:FF:75:64:D9:13:ED:78:67:2E:33:71:B7:F3:58:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/osvpq6H_dWTZE-14Zy4zcbfzWCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/T1KxzYg5ki8jROBXHnXsuuF1Usc.roa
Signing time:             Thu 02 Jan 2025 07:49:14 +0000
ROA not before:           Thu 02 Jan 2025 07:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39741
IP address blocks:        31.25.240.0/21 maxlen: 24
                          185.234.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/osvpq6H_dWTZE-14Zy4zcbfzWCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/osvpq6H_dWTZE-14Zy4zcbfzWCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/osvpq6H_dWTZE-14Zy4zcbfzWCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:73:ab:05:c6:04:01:5a:dc:aa:9a:2f:ee:48:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2cbe9aba1ff7564d913ed78672e3371b7f35824
        Validity
            Not Before: Jan  2 07:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f52b1cd8839922f2344e0571e75ecbae17552c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:69:23:59:b1:cc:dd:89:88:33:b6:5c:92:2d:
                    78:70:0f:0d:47:23:0c:3b:fd:51:25:5d:5c:0b:71:
                    21:ee:6b:22:6b:20:17:37:b0:d4:44:24:c1:08:ed:
                    43:4e:12:dc:db:44:df:41:c7:5e:fc:40:6c:d0:86:
                    ae:50:c3:90:31:63:c2:42:32:8c:81:31:30:96:e4:
                    0a:74:6d:78:08:6c:bc:95:2d:02:dc:4d:f8:fe:fe:
                    df:eb:6f:01:e9:78:04:70:fa:ed:60:7c:70:a5:cc:
                    08:8e:93:77:ca:b2:c0:80:87:2e:d9:bf:e7:71:6b:
                    af:80:7b:32:97:e2:80:1c:70:d2:15:ee:3b:47:92:
                    8a:9d:f7:f3:89:f4:b2:b8:ab:28:51:cf:89:74:4d:
                    67:c3:a8:96:b5:31:8c:ae:5f:1a:54:48:a8:5e:e4:
                    cb:b2:60:e2:b2:81:cd:94:8f:99:de:b2:b5:d3:1b:
                    c5:8c:46:bc:6c:ee:0f:09:8e:cd:9d:f6:47:2f:d6:
                    94:24:d9:f7:52:59:5b:66:4a:c4:0a:7c:43:2a:5b:
                    91:fa:e0:0c:33:8e:b3:3b:d5:34:59:a2:33:02:c6:
                    23:a6:38:0c:0d:39:33:d5:f1:cc:45:d1:c7:8e:eb:
                    10:02:39:0f:7f:80:72:cf:9f:b6:e7:38:2d:38:ec:
                    e9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:52:B1:CD:88:39:92:2F:23:44:E0:57:1E:75:EC:BA:E1:75:52:C7
            X509v3 Authority Key Identifier:
                keyid:A2:CB:E9:AB:A1:FF:75:64:D9:13:ED:78:67:2E:33:71:B7:F3:58:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/osvpq6H_dWTZE-14Zy4zcbfzWCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/T1KxzYg5ki8jROBXHnXsuuF1Usc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/osvpq6H_dWTZE-14Zy4zcbfzWCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.240.0/21
                  185.234.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:14:76:17:40:80:15:f3:65:dc:15:75:8f:f1:7a:de:0c:44:
         78:9b:c5:7d:84:96:cc:c7:e3:fb:1a:93:dd:d9:f3:95:e1:5c:
         d9:e3:ad:a3:c4:99:a4:9d:db:1a:f2:99:92:b8:97:95:47:d3:
         4d:d4:36:67:c6:6f:c1:a0:d9:56:9e:9a:b5:7f:07:7b:cb:e4:
         06:b3:a1:ed:7c:22:b7:b0:6e:5a:a3:5a:0b:fe:37:d3:8c:67:
         68:8b:08:0a:b9:10:d8:5f:b6:7b:d7:a3:03:99:11:69:dc:8b:
         29:d5:1d:95:49:28:11:47:b4:1b:aa:64:9d:24:04:b5:e9:4b:
         02:fb:01:90:96:6e:14:41:60:f7:6a:16:1b:ae:89:be:2a:4a:
         15:31:74:32:a0:91:db:6b:92:53:e6:c7:ee:2d:8e:fa:c9:05:
         7c:98:8a:51:64:b4:9d:8b:80:f5:ef:63:dd:c4:8f:42:99:09:
         60:9a:e2:d1:66:96:14:9b:40:c1:2b:6f:ab:06:ed:80:ca:3b:
         77:4e:1f:c8:14:a2:8e:6c:5a:b7:95:5e:3a:5e:a7:da:8f:91:
         6f:b7:d4:ab:1e:1b:b4:fc:a1:bb:cc:7a:62:6f:a0:fe:1c:7d:
         20:f9:49:ff:b2:e1:3f:6b:32:72:9f:ed:5b:2c:4b:51:6a:b3:
         74:f7:58:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/XOrBcYEAVrcqpov7kiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyY2JlOWFiYTFmZjc1NjRkOTEzZWQ3ODY3MmUzMzcxYjdm
MzU4MjQwHhcNMjUwMTAyMDc0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjUyYjFjZDg4Mzk5MjJmMjM0NGUwNTcxZTc1ZWNiYWUxNzU1MmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mkjWbHM3YmIM7Zcki14cA8NRyMM
O/1RJV1cC3Eh7msiayAXN7DURCTBCO1DThLc20TfQcde/EBs0IauUMOQMWPCQjKM
gTEwluQKdG14CGy8lS0C3E34/v7f628B6XgEcPrtYHxwpcwIjpN3yrLAgIcu2b/n
cWuvgHsyl+KAHHDSFe47R5KKnffzifSyuKsoUc+JdE1nw6iWtTGMrl8aVEioXuTL
smDisoHNlI+Z3rK10xvFjEa8bO4PCY7NnfZHL9aUJNn3UllbZkrECnxDKluR+uAM
M46zO9U0WaIzAsYjpjgMDTkz1fHMRdHHjusQAjkPf4Byz5+25zgtOOzpHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE9Ssc2IOZIvI0TgVx517LrhdVLHMB8GA1UdIwQY
MBaAFKLL6auh/3Vk2RPteGcuM3G381gkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3N2cHE2SF9kV1RaRS0xNFp5NHpjYmZ6V0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80MDhlODMtNTMwZC00NDYyLWIxYzkt
ZGYzMjRjNGM2ZWVkLzEvVDFLeHpZZzVraThqUk9CWEhuWHN1dUYxVXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80MDhlODMtNTMwZC00NDYyLWIxYzktZGYzMjRjNGM2ZWVk
LzEvb3N2cHE2SF9kV1RaRS0xNFp5NHpjYmZ6V0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDHxnwAwQA
uep0MA0GCSqGSIb3DQEBCwUAA4IBAQB2FHYXQIAV82XcFXWP8XreDER4m8V9hJbM
x+P7GpPd2fOV4VzZ462jxJmkndsa8pmSuJeVR9NN1DZnxm/BoNlWnpq1fwd7y+QG
s6HtfCK3sG5ao1oL/jfTjGdoiwgKuRDYX7Z716MDmRFp3Isp1R2VSSgRR7QbqmSd
JAS16UsC+wGQlm4UQWD3ahYbrom+KkoVMXQyoJHba5JT5sfuLY76yQV8mIpRZLSd
i4D172PdxI9CmQlgmuLRZpYUm0DBK2+rBu2Ayjt3Th/IFKKObFq3lV46Xqfaj5Fv
t9SrHhu0/KG7zHpib6D+HH0g+Un/suE/azJyn+1bLEtRarN091jP
-----END CERTIFICATE-----