Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/zOfa10bmz5mA01whN-vRAcpYyD0.roa
File:                     zOfa10bmz5mA01whN-vRAcpYyD0.roa (raw, json)
Hash identifier:          ZjeDW/sMSDaC9yWADq68Sh8uF/rcU0PJexnNWW9mYAk=
Subject key identifier:   CC:E7:DA:D7:46:E6:CF:99:80:D3:5C:21:37:EB:D1:01:CA:58:C8:3D
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       019423D6B28F7F9A770BB5BFFEECFFB5115D
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/zOfa10bmz5mA01whN-vRAcpYyD0.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198086
IP address blocks:        31.44.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b2:8f:7f:9a:77:0b:b5:bf:fe:ec:ff:b5:11:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cce7dad746e6cf9980d35c2137ebd101ca58c83d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:df:93:d2:65:b7:70:1a:f3:b3:6e:20:b5:04:
                    8d:5b:a9:90:60:17:3b:ba:c9:03:e8:57:5e:83:a5:
                    07:cd:a0:7e:e1:33:55:5e:2b:a7:66:63:27:58:2c:
                    b8:ec:31:55:4d:54:70:54:a5:b9:c4:85:d3:89:59:
                    21:6b:df:e0:9a:d8:d4:fc:d6:b0:ca:bd:b4:9f:15:
                    f0:9b:99:13:5a:b2:5d:2e:64:de:bb:8e:74:cf:bf:
                    43:fc:c5:e1:c1:60:31:ae:f0:93:16:98:1d:ec:9c:
                    44:8c:1b:fa:dc:e0:d5:4d:a5:cf:52:1f:e6:78:c8:
                    3a:c4:8b:4a:d6:e9:75:a9:d9:07:c1:00:c6:23:d6:
                    cc:e3:60:43:42:0a:5b:76:e0:9b:74:99:2d:1d:93:
                    b1:8e:cd:d7:a0:77:66:6c:b6:e8:f7:90:1a:b6:87:
                    8a:05:c9:0d:5d:d6:53:72:56:47:c1:6b:57:14:59:
                    62:0b:0f:b2:5b:bd:4a:f9:23:82:88:c0:84:95:57:
                    a2:f0:56:92:33:22:a4:57:22:fe:3c:59:3c:48:30:
                    96:f4:b0:ef:cd:61:34:e3:43:08:0c:b8:82:a4:1f:
                    7d:66:e4:a9:d8:f9:46:97:e8:e4:1a:ae:b0:bf:c4:
                    17:15:6e:28:e8:5a:60:ff:78:dc:9b:e7:6d:82:6e:
                    6e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E7:DA:D7:46:E6:CF:99:80:D3:5C:21:37:EB:D1:01:CA:58:C8:3D
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/zOfa10bmz5mA01whN-vRAcpYyD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ea:d1:5c:b2:65:f7:fd:09:83:bb:e7:c3:ac:66:4b:e0:67:
         30:9e:67:48:ea:d2:61:5a:d8:e1:7d:69:3c:e0:95:3d:2f:8b:
         45:a7:39:da:8e:b8:6d:dc:ab:2f:a0:7a:c8:79:38:81:72:fa:
         0c:2e:bb:61:a1:ad:33:89:d2:83:1c:f8:ae:fc:87:b8:e3:28:
         d7:29:f7:b5:4e:a0:99:28:67:ad:66:ad:45:24:7f:11:28:2d:
         7c:d9:1b:91:55:03:fb:aa:ea:37:9d:40:0d:5f:3b:d3:c2:b3:
         b1:45:86:3a:5a:45:cc:b7:30:ad:23:8f:5f:e7:c3:9a:c1:26:
         86:42:aa:36:8a:25:ed:3f:0f:f3:c5:33:2b:43:1e:20:31:08:
         bb:57:de:eb:81:a5:00:73:04:0a:fb:91:e6:2e:59:85:d7:55:
         7c:79:06:51:4b:5e:14:f7:bc:df:fc:a8:02:75:b7:09:64:e6:
         3a:e4:29:99:cb:3e:e9:15:66:31:14:01:a1:31:e6:b9:44:3e:
         44:fd:e8:eb:c4:74:14:c2:85:86:36:13:46:40:f0:54:cd:ed:
         62:74:af:82:48:8c:1f:87:3b:f6:71:d2:dd:88:7a:b5:09:3b:
         27:e7:e1:0a:ae:3d:7a:d5:4c:34:91:88:72:7a:81:87:82:f6:
         fb:66:9a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rKPf5p3C7W//uz/tRFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2U3ZGFkNzQ2ZTZjZjk5ODBkMzVjMjEzN2ViZDEwMWNhNThjODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt+T0mW3cBrzs24gtQSNW6mQYBc7
uskD6Fdeg6UHzaB+4TNVXiunZmMnWCy47DFVTVRwVKW5xIXTiVkha9/gmtjU/Naw
yr20nxXwm5kTWrJdLmTeu450z79D/MXhwWAxrvCTFpgd7JxEjBv63ODVTaXPUh/m
eMg6xItK1ul1qdkHwQDGI9bM42BDQgpbduCbdJktHZOxjs3XoHdmbLbo95AatoeK
BckNXdZTclZHwWtXFFliCw+yW71K+SOCiMCElVei8FaSMyKkVyL+PFk8SDCW9LDv
zWE040MIDLiCpB99ZuSp2PlGl+jkGq6wv8QXFW4o6Fpg/3jcm+dtgm5uSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzn2tdG5s+ZgNNcITfr0QHKWMg9MB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvek9mYTEwYm16NW1BMDF3aE4tdlJBY3BZeUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyz5MA0G
CSqGSIb3DQEBCwUAA4IBAQAf6tFcsmX3/QmDu+fDrGZL4GcwnmdI6tJhWtjhfWk8
4JU9L4tFpznajrht3KsvoHrIeTiBcvoMLrthoa0zidKDHPiu/Ie44yjXKfe1TqCZ
KGetZq1FJH8RKC182RuRVQP7quo3nUANXzvTwrOxRYY6WkXMtzCtI49f58OawSaG
Qqo2iiXtPw/zxTMrQx4gMQi7V97rgaUAcwQK+5HmLlmF11V8eQZRS14U97zf/KgC
dbcJZOY65CmZyz7pFWYxFAGhMea5RD5E/ejrxHQUwoWGNhNGQPBUze1idK+CSIwf
hzv2cdLdiHq1CTsn5+EKrj161Uw0kYhyeoGHgvb7Zprm
-----END CERTIFICATE-----