Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/5314cd-1d64-498a-8187-21dd62b91ea3/1/oYXgundrAO0Q2b5rG68_0833RN8.roa
File:                     oYXgundrAO0Q2b5rG68_0833RN8.roa (raw, json)
Hash identifier:          /JHMdaSb5qI53jhZftTbpu9fAZ4kIfufYKYUXrQeJjw=
Subject key identifier:   A1:85:E0:BA:77:6B:00:ED:10:D9:BE:6B:1B:AF:3F:D3:CD:F7:44:DF
Certificate issuer:       /CN=8fad478776df320a8667e75e69e09efb73938b64
Certificate serial:       018CC9BC7723D92019C4B5B0C5EBF378745E
Authority key identifier: 8F:AD:47:87:76:DF:32:0A:86:67:E7:5E:69:E0:9E:FB:73:93:8B:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j61Hh3bfMgqGZ-deaeCe-3OTi2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/5314cd-1d64-498a-8187-21dd62b91ea3/1/oYXgundrAO0Q2b5rG68_0833RN8.roa
Signing time:             Tue 02 Jan 2024 10:33:40 +0000
ROA not before:           Tue 02 Jan 2024 10:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48551
IP address blocks:        31.193.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/5314cd-1d64-498a-8187-21dd62b91ea3/1/j61Hh3bfMgqGZ-deaeCe-3OTi2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/5314cd-1d64-498a-8187-21dd62b91ea3/1/j61Hh3bfMgqGZ-deaeCe-3OTi2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j61Hh3bfMgqGZ-deaeCe-3OTi2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:77:23:d9:20:19:c4:b5:b0:c5:eb:f3:78:74:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fad478776df320a8667e75e69e09efb73938b64
        Validity
            Not Before: Jan  2 10:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a185e0ba776b00ed10d9be6b1baf3fd3cdf744df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:62:ae:28:bc:55:a3:31:ab:34:15:d8:5f:64:
                    f2:6e:01:e3:f2:dd:2f:38:a8:7f:95:59:9f:81:2a:
                    5e:b1:ec:70:1c:9e:6b:e3:73:f2:cc:9f:5a:6f:cc:
                    c4:5d:1e:10:ff:2b:f9:62:e4:bd:97:fe:3e:23:39:
                    ac:9a:58:f7:35:a3:ae:9d:1a:b0:01:57:a9:df:06:
                    07:b3:7f:7a:36:e5:33:8f:c0:99:d2:be:f0:f0:03:
                    66:20:ea:8b:cb:c2:0f:ee:11:5e:63:ba:57:fa:62:
                    fe:cf:c7:26:91:df:aa:c7:9d:53:1a:8e:6c:2a:e0:
                    0d:71:75:12:a5:72:8a:39:9c:ab:c1:f7:99:8b:43:
                    f6:ce:4f:31:ca:40:2b:aa:ff:8c:cc:d2:36:93:58:
                    75:00:aa:80:40:ed:c3:a5:45:ef:f0:29:2b:84:27:
                    2d:be:2b:bd:71:b8:93:88:1d:3b:ca:c4:51:1b:79:
                    9d:35:4d:7b:dd:ec:04:fc:02:5b:8b:f3:3a:6d:bb:
                    8d:44:b0:4d:82:3f:90:8b:0e:14:8e:a9:a6:40:09:
                    dc:b0:bf:d0:30:62:42:1e:56:c1:d6:9c:8d:aa:60:
                    e6:4b:10:72:3d:27:d1:d7:ec:20:9d:1d:9c:fd:c9:
                    bd:a1:b2:3c:08:cd:44:0f:fa:9f:31:dd:14:82:4a:
                    5d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:85:E0:BA:77:6B:00:ED:10:D9:BE:6B:1B:AF:3F:D3:CD:F7:44:DF
            X509v3 Authority Key Identifier:
                keyid:8F:AD:47:87:76:DF:32:0A:86:67:E7:5E:69:E0:9E:FB:73:93:8B:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j61Hh3bfMgqGZ-deaeCe-3OTi2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/5314cd-1d64-498a-8187-21dd62b91ea3/1/oYXgundrAO0Q2b5rG68_0833RN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/5314cd-1d64-498a-8187-21dd62b91ea3/1/j61Hh3bfMgqGZ-deaeCe-3OTi2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e6:d5:47:01:bb:83:f9:5c:6a:69:da:42:39:00:2e:08:f7:
         33:ed:54:37:de:09:a1:88:0b:0f:8a:cd:b1:e5:72:ae:74:c8:
         e8:c7:5d:6c:2a:b1:97:95:20:1b:cb:10:c6:79:f8:1a:f2:13:
         6c:71:7b:f2:fc:31:88:c2:94:56:58:24:86:c2:eb:b2:3d:f2:
         b7:5d:cc:32:d9:dd:67:b4:32:05:a3:d2:b0:1b:ea:5a:28:fd:
         ad:88:98:0e:8e:77:37:3c:36:cb:2c:34:4c:97:fd:ad:74:c3:
         a6:53:05:57:d0:09:aa:50:88:0e:5f:9d:1e:be:e9:99:db:d2:
         da:79:dd:7d:76:0f:ac:d1:03:51:f9:f6:5d:ef:ed:5c:6e:75:
         29:a2:97:f7:f1:c3:3e:21:53:92:75:c4:1d:f6:b6:be:21:74:
         b9:e9:cb:0b:30:bd:a3:76:3f:a6:47:82:18:3a:7d:24:b8:74:
         f6:43:8f:b8:53:e8:63:cf:3e:87:86:00:4a:14:28:7a:0a:d6:
         c9:b4:ab:01:51:15:f2:7f:fd:cf:ba:87:90:5d:8a:fd:03:27:
         57:92:43:ff:cc:9c:94:d5:07:74:26:42:f8:a3:3f:35:2b:a9:
         97:2d:87:44:e2:bf:10:1e:9d:f3:c2:e2:30:ab:9b:fb:9c:d6:
         a1:4b:88:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHcj2SAZxLWwxevzeHReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYWQ0Nzg3NzZkZjMyMGE4NjY3ZTc1ZTY5ZTA5ZWZiNzM5
MzhiNjQwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTg1ZTBiYTc3NmIwMGVkMTBkOWJlNmIxYmFmM2ZkM2NkZjc0NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGKuKLxVozGrNBXYX2TybgHj8t0v
OKh/lVmfgSpesexwHJ5r43PyzJ9ab8zEXR4Q/yv5YuS9l/4+Izmsmlj3NaOunRqw
AVep3wYHs396NuUzj8CZ0r7w8ANmIOqLy8IP7hFeY7pX+mL+z8cmkd+qx51TGo5s
KuANcXUSpXKKOZyrwfeZi0P2zk8xykArqv+MzNI2k1h1AKqAQO3DpUXv8CkrhCct
viu9cbiTiB07ysRRG3mdNU173ewE/AJbi/M6bbuNRLBNgj+Qiw4UjqmmQAncsL/Q
MGJCHlbB1pyNqmDmSxByPSfR1+wgnR2c/cm9obI8CM1ED/qfMd0Ugkpd6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGF4Lp3awDtENm+axuvP9PN90TfMB8GA1UdIwQY
MBaAFI+tR4d23zIKhmfnXmngnvtzk4tkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajYxSGgzYmZNZ3FHWi1kZWFlQ2UtM09UaTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS81MzE0Y2QtMWQ2NC00OThhLTgxODct
MjFkZDYyYjkxZWEzLzEvb1lYZ3VuZHJBTzBRMmI1ckc2OF8wODMzUk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS81MzE0Y2QtMWQ2NC00OThhLTgxODctMjFkZDYyYjkxZWEz
LzEvajYxSGgzYmZNZ3FHWi1kZWFlQ2UtM09UaTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8G6MA0G
CSqGSIb3DQEBCwUAA4IBAQAV5tVHAbuD+VxqadpCOQAuCPcz7VQ33gmhiAsPis2x
5XKudMjox11sKrGXlSAbyxDGefga8hNscXvy/DGIwpRWWCSGwuuyPfK3Xcwy2d1n
tDIFo9KwG+paKP2tiJgOjnc3PDbLLDRMl/2tdMOmUwVX0AmqUIgOX50evumZ29La
ed19dg+s0QNR+fZd7+1cbnUpopf38cM+IVOSdcQd9ra+IXS56csLML2jdj+mR4IY
On0kuHT2Q4+4U+hjzz6HhgBKFCh6CtbJtKsBURXyf/3PuoeQXYr9AydXkkP/zJyU
1Qd0JkL4oz81K6mXLYdE4r8QHp3zwuIwq5v7nNahS4h4
-----END CERTIFICATE-----