Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/Rg2Lq-JI-C2Am1Eh4MbrxNISatk.roa
File:                     Rg2Lq-JI-C2Am1Eh4MbrxNISatk.roa (raw, json)
Hash identifier:          UpvTV8QmBM8ZkpjEDMWB4C9Sum48hWhx/l80v4sTp0o=
Subject key identifier:   46:0D:8B:AB:E2:48:F8:2D:80:9B:51:21:E0:C6:EB:C4:D2:12:6A:D9
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       018F583D325D0B4502DA9628BC08281436CC
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/Rg2Lq-JI-C2Am1Eh4MbrxNISatk.roa
Signing time:             Wed 08 May 2024 12:45:56 +0000
ROA not before:           Wed 08 May 2024 12:45:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        31.130.244.0/24 maxlen: 24
                          31.130.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:3d:32:5d:0b:45:02:da:96:28:bc:08:28:14:36:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: May  8 12:45:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=460d8babe248f82d809b5121e0c6ebc4d2126ad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:72:07:78:77:e1:97:78:ce:f5:93:ee:8e:04:
                    82:1d:20:0b:da:be:47:1b:c2:f1:d1:77:55:2e:14:
                    da:ae:14:cf:d1:1b:87:ae:d6:03:6f:01:2e:63:d0:
                    ff:b5:3b:f4:cd:61:60:18:af:26:5c:e4:d2:ab:24:
                    15:88:7d:42:79:88:db:d5:31:f8:96:d0:3a:6d:ad:
                    07:51:17:23:8e:ac:21:58:28:cd:dc:69:27:94:98:
                    c1:ec:e8:07:d5:49:4b:01:6c:a4:98:53:e4:64:32:
                    65:74:33:9b:0a:8d:87:ac:cc:83:bb:ea:71:15:45:
                    e1:05:a9:fa:4d:38:86:c1:11:12:0d:d3:7e:67:bb:
                    eb:1b:36:7f:73:99:9c:1c:87:4c:49:b7:83:af:af:
                    4d:46:08:e1:55:ee:28:85:de:fe:f3:74:9a:59:e1:
                    7e:b0:e7:85:44:dd:bc:3a:14:b9:91:c3:91:8c:db:
                    8d:8c:8a:88:74:1f:fb:ba:37:0e:30:a4:fb:2d:be:
                    33:ad:46:86:fb:60:98:64:79:af:43:b1:72:0c:9b:
                    3f:b2:ba:94:b8:52:64:aa:ee:6e:0c:56:6e:74:e0:
                    71:cb:ee:49:65:41:6b:83:88:00:53:8d:24:9f:28:
                    46:ef:a6:09:cb:7a:b2:2f:a8:92:75:08:96:9a:91:
                    8a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0D:8B:AB:E2:48:F8:2D:80:9B:51:21:E0:C6:EB:C4:D2:12:6A:D9
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/Rg2Lq-JI-C2Am1Eh4MbrxNISatk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:00:2b:0d:2e:df:91:5b:f8:f5:6d:72:41:c4:9a:4e:a4:a8:
         93:c9:8e:e4:55:a2:2b:67:81:ce:26:fa:77:4e:a3:e3:4c:5c:
         3e:32:f0:b2:49:b5:75:78:bb:40:cc:a2:91:53:12:99:ee:86:
         6a:4d:47:eb:49:81:0a:6d:c9:36:01:36:8d:8e:ff:bf:0b:1e:
         51:07:dd:b7:93:a2:e6:8a:63:81:9c:e5:f1:8c:c5:56:47:fe:
         43:52:12:6a:d4:7e:8f:6a:86:4e:85:53:de:f4:83:c7:f0:4f:
         dd:ba:8c:c0:aa:65:75:aa:df:f9:65:7b:34:e5:37:20:18:d3:
         f5:db:20:b9:95:ca:c6:47:04:78:44:58:cd:50:8e:81:51:08:
         b0:6c:ac:c0:eb:8d:d9:e5:cc:63:76:05:70:92:18:7b:27:0b:
         ba:b9:6a:a6:78:d4:50:07:f8:9c:df:9d:c2:0b:7c:dd:8e:78:
         1d:bd:a7:10:28:33:96:76:4a:25:82:f8:a2:6a:d8:3d:5e:39:
         2a:5f:08:63:e6:a5:cc:48:71:6a:90:81:42:f7:9e:cf:d2:15:
         ab:27:f2:b2:bf:d1:0f:39:20:bc:55:aa:6e:49:73:4b:a1:e0:
         34:3a:a2:dc:0f:08:bb:f5:61:fe:92:97:d6:04:21:08:27:31:
         a9:5a:44:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9YPTJdC0UC2pYovAgoFDbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjQwNTA4MTI0NTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBkOGJhYmUyNDhmODJkODA5YjUxMjFlMGM2ZWJjNGQyMTI2YWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnIHeHfhl3jO9ZPujgSCHSAL2r5H
G8Lx0XdVLhTarhTP0RuHrtYDbwEuY9D/tTv0zWFgGK8mXOTSqyQViH1CeYjb1TH4
ltA6ba0HURcjjqwhWCjN3GknlJjB7OgH1UlLAWykmFPkZDJldDObCo2HrMyDu+px
FUXhBan6TTiGwRESDdN+Z7vrGzZ/c5mcHIdMSbeDr69NRgjhVe4ohd7+83SaWeF+
sOeFRN28OhS5kcORjNuNjIqIdB/7ujcOMKT7Lb4zrUaG+2CYZHmvQ7FyDJs/srqU
uFJkqu5uDFZudOBxy+5JZUFrg4gAU40knyhG76YJy3qyL6iSdQiWmpGKawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYNi6viSPgtgJtRIeDG68TSEmrZMB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvUmcyTHEtSkktQzJBbTFFaDRNYnJ4TklTYXRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4L0MA0G
CSqGSIb3DQEBCwUAA4IBAQB5ACsNLt+RW/j1bXJBxJpOpKiTyY7kVaIrZ4HOJvp3
TqPjTFw+MvCySbV1eLtAzKKRUxKZ7oZqTUfrSYEKbck2ATaNjv+/Cx5RB923k6Lm
imOBnOXxjMVWR/5DUhJq1H6PaoZOhVPe9IPH8E/duozAqmV1qt/5ZXs05TcgGNP1
2yC5lcrGRwR4RFjNUI6BUQiwbKzA643Z5cxjdgVwkhh7Jwu6uWqmeNRQB/ic353C
C3zdjngdvacQKDOWdkolgviiatg9XjkqXwhj5qXMSHFqkIFC957P0hWrJ/Kyv9EP
OSC8VapuSXNLoeA0OqLcDwi79WH+kpfWBCEIJzGpWkS5
-----END CERTIFICATE-----