Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/MVj7HeSBvInIalrqufIBH8fKRoI.roa
File:                     MVj7HeSBvInIalrqufIBH8fKRoI.roa (raw, json)
Hash identifier:          DxnNzMl8A0PYv0GRWFqxaL90B+shZhnUh2ZmOg4PM8E=
Subject key identifier:   31:58:FB:1D:E4:81:BC:89:C8:6A:5A:EA:B9:F2:01:1F:C7:CA:46:82
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       0194258F822151B6AD8F9800E2B35EFA90A0
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/MVj7HeSBvInIalrqufIBH8fKRoI.roa
Signing time:             Thu 02 Jan 2025 05:49:09 +0000
ROA not before:           Thu 02 Jan 2025 05:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35470
IP address blocks:        217.170.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:82:21:51:b6:ad:8f:98:00:e2:b3:5e:fa:90:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  2 05:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3158fb1de481bc89c86a5aeab9f2011fc7ca4682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:49:34:0e:21:bd:dc:a2:1d:b0:d3:3b:f0:dd:
                    a2:c3:d0:84:cf:58:47:9d:40:c2:3a:3f:10:d5:4f:
                    2a:f6:65:05:4c:b5:7b:65:4c:5f:9f:ca:90:6f:13:
                    5f:da:1a:8b:52:ed:54:84:69:88:73:61:f5:09:9b:
                    c0:61:9a:d6:0a:58:ce:91:3e:85:1f:46:03:a9:15:
                    90:77:ec:e3:6d:89:8f:85:3b:98:7c:d4:c3:41:fd:
                    9f:1a:76:53:f7:45:38:75:6d:e8:e0:74:6a:86:65:
                    8f:25:45:b3:e3:8f:73:45:1b:f7:24:38:cd:95:c3:
                    7a:db:30:0e:87:1d:f5:6b:0d:9f:dd:8b:e1:02:45:
                    5b:1f:38:c6:55:35:5c:d1:36:4c:30:27:a0:47:60:
                    b6:15:2d:c4:91:64:a7:71:c3:11:ea:9b:70:da:5a:
                    14:0d:e6:33:58:77:60:a4:eb:56:6b:89:22:f8:50:
                    ee:5e:c7:a9:65:6c:40:ce:5c:b8:82:e3:c0:7e:eb:
                    af:21:16:3e:5e:f4:df:54:21:dc:4a:ff:a0:56:d0:
                    bf:3f:41:3e:cf:f1:9b:5b:88:70:ed:53:8c:da:28:
                    8b:02:86:a3:01:89:fa:ca:13:07:eb:b7:aa:ac:0c:
                    78:b6:7b:4b:f6:b6:95:2c:4e:51:dc:9e:9d:82:f7:
                    b7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:58:FB:1D:E4:81:BC:89:C8:6A:5A:EA:B9:F2:01:1F:C7:CA:46:82
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/MVj7HeSBvInIalrqufIBH8fKRoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:45:e4:5b:15:ee:b7:73:a5:b5:08:b6:93:79:a9:f7:a0:9a:
         a6:90:c7:b0:bb:4a:6a:f1:ed:ee:64:ab:37:8c:31:2b:5a:c3:
         8c:00:b5:8a:20:49:9a:bb:1d:49:d0:b9:50:be:19:94:89:eb:
         f1:f2:ca:6c:af:d4:a2:78:a3:2d:bd:e9:f4:11:0c:6a:ed:37:
         e2:c3:e3:86:14:2f:a0:ac:01:2d:3f:6f:a7:b9:3a:ef:3a:58:
         ba:df:cc:9d:d0:3e:13:3d:2c:12:ae:f0:11:6d:de:b1:f7:93:
         f6:58:85:33:12:e9:87:79:6a:19:32:0a:75:c5:67:1f:40:ee:
         77:79:77:b7:27:18:e4:a3:4f:b1:05:e6:cb:9b:3e:94:b5:8d:
         e5:1e:e1:58:9f:f4:da:9f:a0:5a:2c:79:66:39:12:4d:80:c8:
         4f:d9:20:13:ac:74:7c:df:a2:7e:3e:00:92:40:55:42:a4:73:
         9f:f2:d4:c2:d0:45:cc:e6:1f:e4:f7:b7:2f:45:94:f3:c8:31:
         c2:cc:a2:4f:3e:5e:8d:01:37:6c:0e:7f:a9:02:aa:aa:27:9f:
         ef:24:36:68:7b:2d:ad:5f:62:f5:dd:a3:6e:ac:ea:0f:6c:9c:
         a6:1d:ef:32:82:52:f4:d1:19:d6:a9:70:66:60:f5:d5:51:7d:
         3a:72:11:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4IhUbatj5gA4rNe+pCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjUwMTAyMDU0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTU4ZmIxZGU0ODFiYzg5Yzg2YTVhZWFiOWYyMDExZmM3Y2E0NjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kk0DiG93KIdsNM78N2iw9CEz1hH
nUDCOj8Q1U8q9mUFTLV7ZUxfn8qQbxNf2hqLUu1UhGmIc2H1CZvAYZrWCljOkT6F
H0YDqRWQd+zjbYmPhTuYfNTDQf2fGnZT90U4dW3o4HRqhmWPJUWz449zRRv3JDjN
lcN62zAOhx31aw2f3YvhAkVbHzjGVTVc0TZMMCegR2C2FS3EkWSnccMR6ptw2loU
DeYzWHdgpOtWa4ki+FDuXsepZWxAzly4guPAfuuvIRY+XvTfVCHcSv+gVtC/P0E+
z/GbW4hw7VOM2iiLAoajAYn6yhMH67eqrAx4tntL9raVLE5R3J6dgve3FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFY+x3kgbyJyGpa6rnyAR/HykaCMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvTVZqN0hlU0J2SW5JYWxycXVmSUJIOGZLUm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aoVMA0G
CSqGSIb3DQEBCwUAA4IBAQBxReRbFe63c6W1CLaTean3oJqmkMewu0pq8e3uZKs3
jDErWsOMALWKIEmaux1J0LlQvhmUievx8spsr9SieKMtven0EQxq7Tfiw+OGFC+g
rAEtP2+nuTrvOli638yd0D4TPSwSrvARbd6x95P2WIUzEumHeWoZMgp1xWcfQO53
eXe3Jxjko0+xBebLmz6UtY3lHuFYn/Tan6BaLHlmORJNgMhP2SATrHR836J+PgCS
QFVCpHOf8tTC0EXM5h/k97cvRZTzyDHCzKJPPl6NATdsDn+pAqqqJ5/vJDZoey2t
X2L13aNurOoPbJymHe8yglL00RnWqXBmYPXVUX06chE2
-----END CERTIFICATE-----