Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/92Ay_dnsKLTKA-91cFg2UELyoI4.roa
File:                     92Ay_dnsKLTKA-91cFg2UELyoI4.roa (raw, json)
Hash identifier:          vSw4H+Zb8DKEALIf3lnOUrYArwCYGwVgjECQBsWMOP0=
Subject key identifier:   F7:60:32:FD:D9:EC:28:B4:CA:03:EF:75:70:58:36:50:42:F2:A0:8E
Certificate issuer:       /CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
Certificate serial:       018EBD20956BE3169008B0C2FB65195B82C6
Authority key identifier: 95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/92Ay_dnsKLTKA-91cFg2UELyoI4.roa
Signing time:             Mon 08 Apr 2024 09:53:32 +0000
ROA not before:           Mon 08 Apr 2024 09:53:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43754
IP address blocks:        31.216.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:20:95:6b:e3:16:90:08:b0:c2:fb:65:19:5b:82:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
        Validity
            Not Before: Apr  8 09:53:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f76032fdd9ec28b4ca03ef757058365042f2a08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:aa:2e:5a:93:d2:02:a5:be:0c:d4:5e:a6:8d:
                    7e:1c:98:b2:73:1d:ce:61:ae:fd:31:8f:72:6d:c1:
                    cc:8d:f6:26:1b:0c:27:91:99:b2:12:d4:0f:64:a1:
                    34:ca:30:9d:28:38:7a:b0:63:ae:96:9f:0b:d6:af:
                    c6:cd:37:df:bf:03:5f:f8:27:cf:da:ec:10:72:e6:
                    ea:f1:dd:32:34:6e:b9:cd:44:06:7f:30:c6:2c:41:
                    46:f2:1c:b3:c5:57:f5:bd:a1:6e:ad:41:fd:3a:4c:
                    6d:b2:41:8c:6a:cd:a0:ce:35:de:54:7e:d1:76:5d:
                    d2:cb:df:2f:cd:b4:3c:fa:50:da:a4:0c:83:f7:8b:
                    b7:b2:51:21:2c:dc:b8:68:df:fb:d5:54:30:f4:2b:
                    b2:aa:ac:84:4e:b5:ab:e3:9b:fc:65:b7:51:1f:38:
                    ce:00:3e:b2:8d:ec:25:db:4d:4d:c6:a5:f0:ba:af:
                    72:98:97:40:b7:49:f8:97:7f:f4:db:6b:66:61:f6:
                    57:5b:f4:e7:ba:1d:72:0e:ee:5d:98:98:09:33:42:
                    76:00:52:a0:43:ed:13:60:70:b8:c2:38:49:73:9d:
                    44:b1:83:43:48:aa:6d:44:95:97:82:7f:e0:85:98:
                    98:03:34:7b:e9:97:97:d9:06:13:58:8e:c4:a3:7f:
                    60:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:60:32:FD:D9:EC:28:B4:CA:03:EF:75:70:58:36:50:42:F2:A0:8E
            X509v3 Authority Key Identifier:
                keyid:95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/92Ay_dnsKLTKA-91cFg2UELyoI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.216.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:8d:34:65:97:e4:98:a6:35:62:d4:43:b0:b5:fe:64:4f:27:
         62:6e:6e:21:da:c5:83:3f:55:be:ae:d3:2c:a2:c1:ca:df:a3:
         5e:21:aa:fd:98:cb:ce:c2:23:41:ee:20:6b:e6:40:bd:91:49:
         87:cc:88:04:b9:78:05:a5:f2:98:33:ec:97:59:42:12:87:56:
         ff:3a:c1:eb:58:8a:78:39:26:31:f9:a5:55:1d:25:84:43:e2:
         de:74:42:c5:9d:a4:1f:d6:0d:4f:46:eb:c1:98:e6:78:e6:ec:
         6b:a8:71:3b:c8:d1:b9:b7:67:b6:ac:8b:ee:c7:49:92:83:fa:
         3f:0d:3b:88:d1:3b:95:ed:a8:9d:32:24:ca:35:07:68:bd:88:
         13:2c:29:a8:ab:01:e9:f6:45:42:b0:35:59:c6:a5:f5:23:b9:
         ff:4f:cf:d3:a5:1d:8d:84:db:c2:6a:88:30:0c:94:31:7a:65:
         27:ee:75:ca:d8:5a:a8:20:ff:c4:2a:71:6e:47:81:37:fb:03:
         87:9d:7d:49:80:b7:58:7e:37:00:f9:f3:91:aa:8e:82:1b:b8:
         da:4a:c3:27:ce:9b:15:65:46:c1:8f:a3:01:84:b9:98:10:dc:
         5c:50:77:ba:8f:20:1f:79:7e:6c:53:fb:00:fb:ce:d9:2a:b1:
         c5:da:33:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69IJVr4xaQCLDC+2UZW4LGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NjhjNjAwNWIyODQwYWI3YmY4YTNhZDcyYTE3NTFkMGRi
MjliOWMwHhcNMjQwNDA4MDk1MzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzYwMzJmZGQ5ZWMyOGI0Y2EwM2VmNzU3MDU4MzY1MDQyZjJhMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKouWpPSAqW+DNRepo1+HJiycx3O
Ya79MY9ybcHMjfYmGwwnkZmyEtQPZKE0yjCdKDh6sGOulp8L1q/GzTffvwNf+CfP
2uwQcubq8d0yNG65zUQGfzDGLEFG8hyzxVf1vaFurUH9OkxtskGMas2gzjXeVH7R
dl3Sy98vzbQ8+lDapAyD94u3slEhLNy4aN/71VQw9CuyqqyETrWr45v8ZbdRHzjO
AD6yjewl201NxqXwuq9ymJdAt0n4l3/022tmYfZXW/Tnuh1yDu5dmJgJM0J2AFKg
Q+0TYHC4wjhJc51EsYNDSKptRJWXgn/ghZiYAzR76ZeX2QYTWI7Eo39gPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdgMv3Z7Ci0ygPvdXBYNlBC8qCOMB8GA1UdIwQY
MBaAFJVoxgBbKECre/ijrXKhdR0NspucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEt
M2E1ZTE4ZDAwZGRjLzEvOTJBeV9kbnNLTFRLQS05MWNGZzJVRUx5b0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEtM2E1ZTE4ZDAwZGRj
LzEvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH9g+MA0G
CSqGSIb3DQEBCwUAA4IBAQAYjTRll+SYpjVi1EOwtf5kTydibm4h2sWDP1W+rtMs
osHK36NeIar9mMvOwiNB7iBr5kC9kUmHzIgEuXgFpfKYM+yXWUISh1b/OsHrWIp4
OSYx+aVVHSWEQ+LedELFnaQf1g1PRuvBmOZ45uxrqHE7yNG5t2e2rIvux0mSg/o/
DTuI0TuV7aidMiTKNQdovYgTLCmoqwHp9kVCsDVZxqX1I7n/T8/TpR2NhNvCaogw
DJQxemUn7nXK2FqoIP/EKnFuR4E3+wOHnX1JgLdYfjcA+fORqo6CG7jaSsMnzpsV
ZUbBj6MBhLmYENxcUHe6jyAfeX5sU/sA+87ZKrHF2jO7
-----END CERTIFICATE-----