Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/31a7d4-49a4-4d6f-8c8d-d8152b5157d8/1/MUr6gTjA6-BQivcCyJsFve_QPM0.roa
File:                     MUr6gTjA6-BQivcCyJsFve_QPM0.roa (raw, json)
Hash identifier:          njpCU5cvBrzF0OEFHFrLLIxfaIGCBlemkpM5Yd/dabY=
Subject key identifier:   31:4A:FA:81:38:C0:EB:E0:50:8A:F7:02:C8:9B:05:BD:EF:D0:3C:CD
Certificate issuer:       /CN=d921145820feceef3cf55270326c5e1243f24355
Certificate serial:       018F392944118095A8F18163B46AA3118CD2
Authority key identifier: D9:21:14:58:20:FE:CE:EF:3C:F5:52:70:32:6C:5E:12:43:F2:43:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SEUWCD-zu889VJwMmxeEkPyQ1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/31a7d4-49a4-4d6f-8c8d-d8152b5157d8/1/MUr6gTjA6-BQivcCyJsFve_QPM0.roa
Signing time:             Thu 02 May 2024 11:55:56 +0000
ROA not before:           Thu 02 May 2024 11:55:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59829
IP address blocks:        94.176.97.0/24 maxlen: 24
                          212.6.50.0/24 maxlen: 24
                          2a0c:2f40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/31a7d4-49a4-4d6f-8c8d-d8152b5157d8/1/2SEUWCD-zu889VJwMmxeEkPyQ1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/31a7d4-49a4-4d6f-8c8d-d8152b5157d8/1/2SEUWCD-zu889VJwMmxeEkPyQ1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SEUWCD-zu889VJwMmxeEkPyQ1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:39:29:44:11:80:95:a8:f1:81:63:b4:6a:a3:11:8c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d921145820feceef3cf55270326c5e1243f24355
        Validity
            Not Before: May  2 11:55:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=314afa8138c0ebe0508af702c89b05bdefd03ccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:40:7f:b0:b0:29:ad:ec:54:4c:b0:8b:bd:98:
                    88:f0:02:13:91:2c:eb:5c:63:86:33:bb:f1:02:10:
                    54:31:32:77:58:23:31:70:bf:bb:d3:4f:d6:1d:6b:
                    3c:ec:0d:01:59:fe:27:00:26:d0:9a:ae:1e:a9:7a:
                    77:3b:2f:a3:b8:57:97:5b:90:fa:e4:2c:a5:02:4a:
                    08:8b:ab:49:6e:b2:51:dd:08:f2:d0:de:cb:df:b3:
                    7e:2c:f0:5c:a8:0e:e3:30:fa:b5:1a:42:e9:3d:4f:
                    9a:a8:48:b4:ba:38:ae:28:95:20:dc:c5:56:fc:8f:
                    7b:9b:a2:97:50:e4:ff:81:1a:10:e6:f8:b5:26:ed:
                    a1:72:e7:5f:9d:3f:29:50:67:f0:65:32:2d:75:7e:
                    a3:5e:60:c7:79:d4:89:66:21:56:41:d2:f5:b6:5d:
                    f5:b8:c4:30:0f:e5:62:b5:d6:4e:d2:87:ec:8c:f0:
                    5b:8c:8a:9b:8b:62:2e:94:df:2d:a5:9f:8a:b8:c3:
                    d6:db:76:a8:08:aa:72:4a:2d:17:15:37:9b:09:fb:
                    b7:d8:78:90:2c:f5:93:f1:4c:38:3b:14:7f:18:68:
                    cd:27:ac:34:e3:24:ce:e2:01:bd:28:ed:3b:78:9b:
                    44:56:ec:48:85:c7:3b:39:50:ce:89:c1:10:ec:5a:
                    cb:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4A:FA:81:38:C0:EB:E0:50:8A:F7:02:C8:9B:05:BD:EF:D0:3C:CD
            X509v3 Authority Key Identifier:
                keyid:D9:21:14:58:20:FE:CE:EF:3C:F5:52:70:32:6C:5E:12:43:F2:43:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SEUWCD-zu889VJwMmxeEkPyQ1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/31a7d4-49a4-4d6f-8c8d-d8152b5157d8/1/MUr6gTjA6-BQivcCyJsFve_QPM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/31a7d4-49a4-4d6f-8c8d-d8152b5157d8/1/2SEUWCD-zu889VJwMmxeEkPyQ1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.97.0/24
                  212.6.50.0/24
                IPv6:
                  2a0c:2f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:f6:88:0f:ee:c9:81:f5:ce:23:4d:af:3e:b3:a3:e8:d4:ed:
         3e:5f:9a:64:20:92:a7:d1:97:5b:66:32:56:20:9f:e2:14:5e:
         f5:00:d3:00:b7:0c:a0:2b:04:1e:3d:82:1f:d8:ea:20:24:b1:
         bd:88:93:2d:58:3d:10:ad:f7:d0:eb:af:e6:7f:e4:0a:cd:96:
         6c:bb:cd:82:77:9d:97:9c:60:da:15:c9:fd:a0:d3:55:b2:4c:
         f9:8f:1d:75:58:fa:c9:a2:5c:d0:c8:a0:b2:78:09:b6:1b:aa:
         63:ab:07:dd:64:75:c0:2b:8e:9a:27:ef:bc:b4:f0:be:bc:77:
         ff:df:95:d0:d8:f5:61:e8:e6:a4:92:be:fa:67:d4:46:ae:2e:
         e2:ed:1c:3b:5c:d4:dd:68:a7:c1:c7:12:81:6f:b7:9f:5b:9a:
         dd:1f:0c:5a:47:b3:96:95:f4:ec:57:87:36:51:15:db:02:40:
         10:7c:0e:f5:7b:80:51:95:fd:74:0f:da:10:ef:fc:ba:a7:0c:
         2b:11:c6:eb:7f:8c:e6:0f:6e:66:f2:9b:dd:cf:9f:bc:48:77:
         6b:8b:a3:d2:b8:ab:d3:65:88:3c:d7:48:a0:10:12:0d:a8:b5:
         ce:ec:66:7a:b5:b8:17:a2:92:f0:53:67:aa:38:3d:19:13:00:
         2d:b1:70:d4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY85KUQRgJWo8YFjtGqjEYzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MjExNDU4MjBmZWNlZWYzY2Y1NTI3MDMyNmM1ZTEyNDNm
MjQzNTUwHhcNMjQwNTAyMTE1NTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRhZmE4MTM4YzBlYmUwNTA4YWY3MDJjODliMDViZGVmZDAzY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEB/sLAprexUTLCLvZiI8AITkSzr
XGOGM7vxAhBUMTJ3WCMxcL+700/WHWs87A0BWf4nACbQmq4eqXp3Oy+juFeXW5D6
5CylAkoIi6tJbrJR3Qjy0N7L37N+LPBcqA7jMPq1GkLpPU+aqEi0ujiuKJUg3MVW
/I97m6KXUOT/gRoQ5vi1Ju2hcudfnT8pUGfwZTItdX6jXmDHedSJZiFWQdL1tl31
uMQwD+VitdZO0ofsjPBbjIqbi2IulN8tpZ+KuMPW23aoCKpySi0XFTebCfu32HiQ
LPWT8Uw4OxR/GGjNJ6w04yTO4gG9KO07eJtEVuxIhcc7OVDOicEQ7FrLhQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDFK+oE4wOvgUIr3AsibBb3v0DzNMB8GA1UdIwQY
MBaAFNkhFFgg/s7vPPVScDJsXhJD8kNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlNFVVdDRC16dTg4OVZKd01teGVFa1B5UTFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zMWE3ZDQtNDlhNC00ZDZmLThjOGQt
ZDgxNTJiNTE1N2Q4LzEvTVVyNmdUakE2LUJRaXZjQ3lKc0Z2ZV9RUE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zMWE3ZDQtNDlhNC00ZDZmLThjOGQtZDgxNTJiNTE1N2Q4
LzEvMlNFVVdDRC16dTg4OVZKd01teGVFa1B5UTFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXrBhAwQA
1AYyMA0EAgACMAcDBQMqDC9AMA0GCSqGSIb3DQEBCwUAA4IBAQBA9ogP7smB9c4j
Ta8+s6Po1O0+X5pkIJKn0ZdbZjJWIJ/iFF71ANMAtwygKwQePYIf2OogJLG9iJMt
WD0QrffQ66/mf+QKzZZsu82Cd52XnGDaFcn9oNNVskz5jx11WPrJolzQyKCyeAm2
G6pjqwfdZHXAK46aJ++8tPC+vHf/35XQ2PVh6Oakkr76Z9RGri7i7Rw7XNTdaKfB
xxKBb7efW5rdHwxaR7OWlfTsV4c2URXbAkAQfA71e4BRlf10D9oQ7/y6pwwrEcbr
f4zmD25m8pvdz5+8SHdri6PSuKvTZYg810igEBINqLXO7GZ6tbgXopLwU2eqOD0Z
EwAtsXDU
-----END CERTIFICATE-----