Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/mDquag1d7kktf9fpBMvbBaiE5ZE.roa
File:                     mDquag1d7kktf9fpBMvbBaiE5ZE.roa (raw, json)
Hash identifier:          5MlDXSN9BFKxfpmy2CC7IKSVBS4qx8yRcrHGLGp2uds=
Subject key identifier:   98:3A:AE:6A:0D:5D:EE:49:2D:7F:D7:E9:04:CB:DB:05:A8:84:E5:91
Certificate issuer:       /CN=1942817a29882d433bf1bb8ebc59b2ff256e803f
Certificate serial:       018F866432F806AEE25ACB60AB56318C0DF6
Authority key identifier: 19:42:81:7A:29:88:2D:43:3B:F1:BB:8E:BC:59:B2:FF:25:6E:80:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUKBeimILUM78buOvFmy_yVugD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/mDquag1d7kktf9fpBMvbBaiE5ZE.roa
Signing time:             Fri 17 May 2024 11:51:04 +0000
ROA not before:           Fri 17 May 2024 11:51:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214945
IP address blocks:        31.130.168.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/GUKBeimILUM78buOvFmy_yVugD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/GUKBeimILUM78buOvFmy_yVugD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUKBeimILUM78buOvFmy_yVugD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:64:32:f8:06:ae:e2:5a:cb:60:ab:56:31:8c:0d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1942817a29882d433bf1bb8ebc59b2ff256e803f
        Validity
            Not Before: May 17 11:51:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=983aae6a0d5dee492d7fd7e904cbdb05a884e591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a9:9e:38:46:21:79:d8:41:5c:c9:fe:d9:c4:
                    b6:84:d8:34:b3:ea:75:3f:d4:d2:a2:14:67:f0:93:
                    b1:bf:9a:1b:a4:7c:8b:29:13:09:47:dd:ee:6f:31:
                    6a:33:e6:d1:0e:ba:04:3d:c1:08:4b:8e:0f:a8:95:
                    8b:0c:b3:c8:d9:df:e2:47:14:42:3a:9b:cb:96:4c:
                    cb:2d:4a:ca:80:f5:81:30:77:b0:e4:6f:af:fe:c7:
                    5c:3d:f1:9b:ff:33:dc:6d:b4:99:b0:05:a8:89:bd:
                    03:38:e7:71:4b:77:b7:75:58:bc:06:b8:e6:06:a7:
                    21:1a:e7:01:1a:ae:22:f2:07:55:b4:20:84:ab:b6:
                    f5:d1:82:16:5f:3f:17:3c:6a:a9:2a:51:0d:56:84:
                    85:9f:ab:42:a6:ac:0c:a1:17:04:da:62:fa:cc:99:
                    e9:b0:52:3d:d5:bc:ff:00:4c:2a:25:67:de:6f:2b:
                    4f:49:37:e2:85:60:35:ca:ab:00:38:64:85:ab:a8:
                    5f:30:f9:c8:43:65:95:82:e1:59:df:fa:a4:52:8f:
                    87:06:0d:79:30:b2:7e:57:b0:c8:35:48:77:be:c3:
                    98:19:28:1d:fe:75:9d:66:b7:9c:41:85:d9:e9:d6:
                    f6:0c:e0:ae:cc:66:b6:f5:e9:c3:68:d1:d6:3d:3a:
                    04:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3A:AE:6A:0D:5D:EE:49:2D:7F:D7:E9:04:CB:DB:05:A8:84:E5:91
            X509v3 Authority Key Identifier:
                keyid:19:42:81:7A:29:88:2D:43:3B:F1:BB:8E:BC:59:B2:FF:25:6E:80:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUKBeimILUM78buOvFmy_yVugD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/mDquag1d7kktf9fpBMvbBaiE5ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/530064-2482-45be-bffe-fdde58ab29f9/1/GUKBeimILUM78buOvFmy_yVugD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:0f:94:8f:69:bb:e6:26:cd:dc:91:98:c4:0b:4a:11:74:1c:
         41:66:87:6f:99:2f:f3:ec:32:67:68:91:1d:cb:b3:bb:d7:bd:
         2b:e7:dc:94:cb:f7:ea:08:1b:24:18:14:a7:76:6b:6a:28:b0:
         08:9c:4a:49:3b:e4:d5:d3:8b:04:ab:d5:a8:59:83:7f:e4:71:
         d9:5a:06:37:a7:d0:06:d3:f8:d9:4a:bb:21:77:53:6d:3e:a0:
         36:67:a9:46:88:48:d2:12:70:cd:65:74:b4:c7:b8:20:da:6b:
         47:50:f9:50:9b:22:0b:8b:39:a2:63:8b:e7:42:ad:19:1f:76:
         b8:a9:0c:7c:52:38:80:46:18:5b:68:95:7d:bc:93:6d:93:16:
         67:97:9d:fa:b9:ec:29:1f:b6:4b:f0:48:18:d8:36:90:60:e3:
         32:09:3b:2a:6f:1f:4b:04:b5:74:bf:e4:98:73:8f:a7:b5:dc:
         17:98:7c:e5:4f:6f:5c:45:4d:5e:b0:43:fb:99:49:4c:c6:97:
         44:6f:b5:46:72:35:b3:97:cc:04:d1:a4:66:6b:f1:37:00:a5:
         ca:60:aa:a0:fd:8a:21:b6:17:1d:46:77:d6:43:e2:52:5e:8f:
         34:88:7b:d5:d6:85:89:50:a1:ce:f2:e6:15:c0:8d:da:9e:6c:
         ab:ae:6f:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+GZDL4Bq7iWstgq1YxjA32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI4MTdhMjk4ODJkNDMzYmYxYmI4ZWJjNTliMmZmMjU2
ZTgwM2YwHhcNMjQwNTE3MTE1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNhYWU2YTBkNWRlZTQ5MmQ3ZmQ3ZTkwNGNiZGIwNWE4ODRlNTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKmeOEYhedhBXMn+2cS2hNg0s+p1
P9TSohRn8JOxv5obpHyLKRMJR93ubzFqM+bRDroEPcEIS44PqJWLDLPI2d/iRxRC
OpvLlkzLLUrKgPWBMHew5G+v/sdcPfGb/zPcbbSZsAWoib0DOOdxS3e3dVi8Brjm
BqchGucBGq4i8gdVtCCEq7b10YIWXz8XPGqpKlENVoSFn6tCpqwMoRcE2mL6zJnp
sFI91bz/AEwqJWfebytPSTfihWA1yqsAOGSFq6hfMPnIQ2WVguFZ3/qkUo+HBg15
MLJ+V7DINUh3vsOYGSgd/nWdZrecQYXZ6db2DOCuzGa29enDaNHWPToEhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJg6rmoNXe5JLX/X6QTL2wWohOWRMB8GA1UdIwQY
MBaAFBlCgXopiC1DO/G7jrxZsv8lboA/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VLQmVpbUlMVU03OGJ1T3ZGbXlfeVZ1Z0Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS81MzAwNjQtMjQ4Mi00NWJlLWJmZmUt
ZmRkZTU4YWIyOWY5LzEvbURxdWFnMWQ3a2t0ZjlmcEJNdmJCYWlFNVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS81MzAwNjQtMjQ4Mi00NWJlLWJmZmUtZmRkZTU4YWIyOWY5
LzEvR1VLQmVpbUlMVU03OGJ1T3ZGbXlfeVZ1Z0Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4KoMA0G
CSqGSIb3DQEBCwUAA4IBAQAJD5SPabvmJs3ckZjEC0oRdBxBZodvmS/z7DJnaJEd
y7O7170r59yUy/fqCBskGBSndmtqKLAInEpJO+TV04sEq9WoWYN/5HHZWgY3p9AG
0/jZSrshd1NtPqA2Z6lGiEjSEnDNZXS0x7gg2mtHUPlQmyILizmiY4vnQq0ZH3a4
qQx8UjiARhhbaJV9vJNtkxZnl536uewpH7ZL8EgY2DaQYOMyCTsqbx9LBLV0v+SY
c4+ntdwXmHzlT29cRU1esEP7mUlMxpdEb7VGcjWzl8wE0aRma/E3AKXKYKqg/Yoh
thcdRnfWQ+JSXo80iHvV1oWJUKHO8uYVwI3anmyrrm9F
-----END CERTIFICATE-----