Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/7bf689-82fc-4816-8ece-1ecd9918b3a6/1/Ii6Eihe3uHllmAF3w-e0EbIsuEY.roa
File:                     Ii6Eihe3uHllmAF3w-e0EbIsuEY.roa (raw, json)
Hash identifier:          AaLyOgaPOF0EjSeS5+fNuZIHrJ04ogADIw6xzspYUTk=
Subject key identifier:   22:2E:84:8A:17:B7:B8:79:65:98:01:77:C3:E7:B4:11:B2:2C:B8:46
Certificate issuer:       /CN=2fca6592c0fe34fabefcc43719287b844d47ca03
Certificate serial:       01941F8C2A8A27605C78867BA9FDEABF1FA6
Authority key identifier: 2F:CA:65:92:C0:FE:34:FA:BE:FC:C4:37:19:28:7B:84:4D:47:CA:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8plksD-NPq-_MQ3GSh7hE1HygM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/7bf689-82fc-4816-8ece-1ecd9918b3a6/1/Ii6Eihe3uHllmAF3w-e0EbIsuEY.roa
Signing time:             Wed 01 Jan 2025 01:47:47 +0000
ROA not before:           Wed 01 Jan 2025 01:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60415
IP address blocks:        185.31.92.0/22 maxlen: 22
                          185.31.92.0/24 maxlen: 24
                          185.31.93.0/24 maxlen: 24
                          185.31.94.0/24 maxlen: 24
                          185.31.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/7bf689-82fc-4816-8ece-1ecd9918b3a6/1/L8plksD-NPq-_MQ3GSh7hE1HygM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/7bf689-82fc-4816-8ece-1ecd9918b3a6/1/L8plksD-NPq-_MQ3GSh7hE1HygM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L8plksD-NPq-_MQ3GSh7hE1HygM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:2a:8a:27:60:5c:78:86:7b:a9:fd:ea:bf:1f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fca6592c0fe34fabefcc43719287b844d47ca03
        Validity
            Not Before: Jan  1 01:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=222e848a17b7b87965980177c3e7b411b22cb846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7a:bc:29:41:ed:5d:d3:a0:34:7d:d7:f7:a9:
                    de:e2:67:48:93:67:08:b3:ce:ca:02:c7:69:24:32:
                    68:59:4c:66:c3:eb:41:6e:82:4c:c8:24:a2:24:47:
                    50:ea:5c:18:33:e2:86:8c:0d:7f:6d:d8:68:b1:34:
                    43:79:2b:00:80:94:30:c2:19:22:bc:1d:28:f1:a3:
                    34:b3:a8:7c:0c:9c:85:96:0d:e7:6d:b5:07:70:18:
                    af:ed:b8:a0:77:97:b1:02:7d:2c:12:22:1b:7b:b6:
                    7f:6d:5a:7d:dd:77:44:ef:2c:ef:89:61:b1:de:01:
                    5e:33:5b:61:44:ee:3b:91:76:10:7f:3a:0c:e0:a1:
                    27:96:c5:3b:1f:84:f2:67:ed:e3:fb:05:3e:a4:b4:
                    b0:80:ea:b5:58:1b:9e:8c:0e:d0:9f:f2:4d:3e:4a:
                    63:5f:bf:a7:1e:f4:dc:06:d5:c1:cc:63:5b:93:e3:
                    62:14:c7:cf:cc:12:d7:50:5a:7c:7a:d7:00:05:51:
                    12:1e:ff:5d:2e:d7:47:30:46:09:a1:9c:ed:04:56:
                    48:a7:d5:c7:29:41:92:e2:a8:dd:e6:af:e2:81:88:
                    0f:99:85:46:c1:c4:08:54:c8:11:67:66:63:82:47:
                    ad:90:4b:a3:ea:ad:2d:0d:e9:10:28:b9:49:9a:09:
                    20:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:2E:84:8A:17:B7:B8:79:65:98:01:77:C3:E7:B4:11:B2:2C:B8:46
            X509v3 Authority Key Identifier:
                keyid:2F:CA:65:92:C0:FE:34:FA:BE:FC:C4:37:19:28:7B:84:4D:47:CA:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8plksD-NPq-_MQ3GSh7hE1HygM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/7bf689-82fc-4816-8ece-1ecd9918b3a6/1/Ii6Eihe3uHllmAF3w-e0EbIsuEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/7bf689-82fc-4816-8ece-1ecd9918b3a6/1/L8plksD-NPq-_MQ3GSh7hE1HygM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:db:0b:9e:6a:8c:3c:d4:8e:c4:71:80:26:90:91:c5:fd:65:
         72:40:c1:f5:dd:ca:14:42:e2:7e:24:56:8b:92:63:6e:25:93:
         29:c9:fd:48:25:05:f5:15:24:4b:98:e7:f4:35:5a:ad:08:5c:
         b8:68:bc:d1:12:55:13:e1:2f:11:c2:1a:4d:48:a6:2f:19:ad:
         3c:26:3c:45:bf:62:00:2f:1c:da:81:0c:4a:c2:d7:29:85:9e:
         02:d4:42:83:b7:b7:87:72:66:80:31:3d:75:86:77:07:95:26:
         91:25:22:9d:88:d2:74:d6:34:c0:97:db:59:85:d3:67:21:cf:
         bc:82:44:08:a7:d7:f9:8b:e9:8b:e3:83:14:c5:01:ec:80:e1:
         b5:41:af:ef:bf:b5:0f:cc:db:15:0c:c1:35:af:52:b4:61:d8:
         ce:95:8f:6c:a8:69:19:d1:6b:18:4e:a9:0a:2a:78:3e:dd:26:
         bc:37:a1:1d:cc:9d:d9:99:fe:92:6a:d4:a8:43:1c:8f:ea:0c:
         4b:4d:60:e0:a2:3a:d6:c7:3e:16:30:85:53:ad:19:a9:aa:c1:
         9c:cf:90:98:52:80:48:8c:8a:86:1f:5f:a7:b1:9a:dc:c5:83:
         64:2a:b8:73:4a:93:2e:66:31:4a:8d:3e:c9:0f:9d:49:4e:11:
         92:93:5d:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCqKJ2BceIZ7qf3qvx+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmY2E2NTkyYzBmZTM0ZmFiZWZjYzQzNzE5Mjg3Yjg0NGQ0
N2NhMDMwHhcNMjUwMTAxMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjJlODQ4YTE3YjdiODc5NjU5ODAxNzdjM2U3YjQxMWIyMmNiODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3q8KUHtXdOgNH3X96ne4mdIk2cI
s87KAsdpJDJoWUxmw+tBboJMyCSiJEdQ6lwYM+KGjA1/bdhosTRDeSsAgJQwwhki
vB0o8aM0s6h8DJyFlg3nbbUHcBiv7bigd5exAn0sEiIbe7Z/bVp93XdE7yzviWGx
3gFeM1thRO47kXYQfzoM4KEnlsU7H4TyZ+3j+wU+pLSwgOq1WBuejA7Qn/JNPkpj
X7+nHvTcBtXBzGNbk+NiFMfPzBLXUFp8etcABVESHv9dLtdHMEYJoZztBFZIp9XH
KUGS4qjd5q/igYgPmYVGwcQIVMgRZ2ZjgketkEuj6q0tDekQKLlJmgkggwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIuhIoXt7h5ZZgBd8PntBGyLLhGMB8GA1UdIwQY
MBaAFC/KZZLA/jT6vvzENxkoe4RNR8oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDhwbGtzRC1OUHEtX01RM0dTaDdoRTFIeWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi83YmY2ODktODJmYy00ODE2LThlY2Ut
MWVjZDk5MThiM2E2LzEvSWk2RWloZTN1SGxsbUFGM3ctZTBFYklzdUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi83YmY2ODktODJmYy00ODE2LThlY2UtMWVjZDk5MThiM2E2
LzEvTDhwbGtzRC1OUHEtX01RM0dTaDdoRTFIeWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCO2wueaow81I7EcYAmkJHF/WVyQMH13coUQuJ+JFaL
kmNuJZMpyf1IJQX1FSRLmOf0NVqtCFy4aLzRElUT4S8RwhpNSKYvGa08JjxFv2IA
LxzagQxKwtcphZ4C1EKDt7eHcmaAMT11hncHlSaRJSKdiNJ01jTAl9tZhdNnIc+8
gkQIp9f5i+mL44MUxQHsgOG1Qa/vv7UPzNsVDME1r1K0YdjOlY9sqGkZ0WsYTqkK
Kng+3Sa8N6EdzJ3Zmf6SatSoQxyP6gxLTWDgojrWxz4WMIVTrRmpqsGcz5CYUoBI
jIqGH1+nsZrcxYNkKrhzSpMuZjFKjT7JD51JThGSk11A
-----END CERTIFICATE-----