Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/31BQV3QAlmQzRsLUDQbTCf9Ts0c.roa
File:                     31BQV3QAlmQzRsLUDQbTCf9Ts0c.roa (raw, json)
Hash identifier:          f5KyFjaDpcu5Ry6iCP+PpIAQgbWGNkKpf4ok3qoVBRQ=
Subject key identifier:   DF:50:50:57:74:00:96:64:33:46:C2:D4:0D:06:D3:09:FF:53:B3:47
Certificate issuer:       /CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Certificate serial:       01941FFAB4E1C4CFE3F622FB137DEF60CB0F
Authority key identifier: 53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/31BQV3QAlmQzRsLUDQbTCf9Ts0c.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.226.0/23 maxlen: 23
                          2001:67c:29f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b4:e1:c4:cf:e3:f6:22:fb:13:7d:ef:60:cb:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df505057740096643346c2d40d06d309ff53b347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c3:c3:84:de:34:db:e4:5d:e5:a5:e1:14:13:
                    fe:b4:6d:3a:a1:f7:fd:81:1b:75:e6:bf:d3:39:4d:
                    86:c5:9e:54:33:13:c0:6f:57:f7:4a:a0:74:c8:6d:
                    a0:84:00:9f:f1:cd:26:44:4b:e2:5f:24:42:53:22:
                    55:1a:26:63:44:d6:24:d8:56:ec:71:75:c8:c4:96:
                    06:26:8c:64:27:e1:c1:d1:9d:f2:a0:fe:b9:70:7d:
                    7c:5b:99:28:d4:9f:89:24:a4:61:ed:3d:a3:13:ff:
                    9c:b8:47:43:db:8c:52:5b:69:b0:cc:1d:0e:f1:9d:
                    b0:28:a1:1b:af:8e:72:f1:1b:66:30:0a:de:4a:03:
                    0e:19:86:aa:6e:b3:81:1d:66:c7:b6:92:64:83:bd:
                    86:6a:88:01:5f:85:74:7a:33:72:19:39:2b:13:50:
                    fb:a5:1e:5c:36:d2:17:b4:7a:4c:5b:e7:57:9b:c5:
                    c0:34:75:82:7e:73:dc:04:36:3f:ca:02:2c:bd:6d:
                    55:b2:67:c9:df:52:39:c8:bc:6e:d3:4c:36:1d:c7:
                    7c:50:ed:9c:02:79:31:74:85:78:28:8b:20:00:03:
                    99:3b:89:89:71:c6:bb:07:20:a8:e7:76:e9:fb:63:
                    b3:1c:fa:b6:b2:7c:96:32:31:79:26:15:22:2f:63:
                    65:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:50:50:57:74:00:96:64:33:46:C2:D4:0D:06:D3:09:FF:53:B3:47
            X509v3 Authority Key Identifier:
                keyid:53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/31BQV3QAlmQzRsLUDQbTCf9Ts0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.226.0/23
                IPv6:
                  2001:67c:29f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:26:34:ff:83:54:cb:49:ed:0b:39:cf:06:0b:26:fe:c4:80:
         dc:de:2c:4a:9d:b7:62:9a:e8:9c:a7:62:e4:98:61:dd:36:40:
         33:65:dc:4f:42:d7:c3:77:a5:b6:ff:b1:bc:5f:90:37:8a:db:
         01:7a:32:00:f5:38:2f:25:ba:ee:98:19:70:68:9d:19:26:7c:
         10:d3:b9:4a:34:17:76:36:ac:18:8e:59:4a:06:a5:30:d8:17:
         64:18:f8:44:5c:53:4a:a0:b0:ed:c4:0c:10:a6:f2:6e:3a:71:
         86:a2:c2:1a:5c:9a:42:da:a0:96:00:5c:9c:ad:b5:c4:b1:b3:
         45:65:09:6c:d1:83:6b:99:b1:0c:d6:3b:0f:b4:b4:a2:c4:24:
         63:38:5d:12:73:90:79:42:bd:0f:d2:e5:63:a6:4f:57:00:00:
         77:78:05:f9:53:dd:3b:94:ac:cb:a2:eb:71:75:fd:dc:9f:db:
         4d:e1:93:1e:ca:22:99:86:38:12:ed:ff:68:3c:20:e4:a8:36:
         d5:3a:84:80:7d:c1:96:8f:ba:e7:62:68:76:c9:db:14:5b:5a:
         5a:2c:16:e2:2c:e7:f7:14:46:95:56:77:9b:fd:49:3b:2d:75:
         a9:fb:6a:54:1a:78:d7:06:c9:a5:97:8d:81:66:24:8b:1e:28:
         f6:54:d5:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+rThxM/j9iL7E33vYMsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzN2Y5YmY4NGI2OWEwOTA0MjQzMmRhZTgzNzdlZTBhYzhm
ZjFjNjEwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjUwNTA1Nzc0MDA5NjY0MzM0NmMyZDQwZDA2ZDMwOWZmNTNiMzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8PDhN402+Rd5aXhFBP+tG06off9
gRt15r/TOU2GxZ5UMxPAb1f3SqB0yG2ghACf8c0mREviXyRCUyJVGiZjRNYk2Fbs
cXXIxJYGJoxkJ+HB0Z3yoP65cH18W5ko1J+JJKRh7T2jE/+cuEdD24xSW2mwzB0O
8Z2wKKEbr45y8RtmMAreSgMOGYaqbrOBHWbHtpJkg72GaogBX4V0ejNyGTkrE1D7
pR5cNtIXtHpMW+dXm8XANHWCfnPcBDY/ygIsvW1VsmfJ31I5yLxu00w2Hcd8UO2c
AnkxdIV4KIsgAAOZO4mJcca7ByCo53bp+2OzHPq2snyWMjF5JhUiL2NlCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN9QUFd0AJZkM0bC1A0G0wn/U7NHMB8GA1UdIwQY
MBaAFFN/m/hLaaCQQkMtroN37grI/xxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUt
ODkyZWM2ZmY0NzcxLzEvMzFCUVYzUUFsbVF6UnNMVURRYlRDZjlUczBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUtODkyZWM2ZmY0Nzcx
LzEvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuQHiMA8E
AgACMAkDBwAgAQZ8KfAwDQYJKoZIhvcNAQELBQADggEBAAomNP+DVMtJ7Qs5zwYL
Jv7EgNzeLEqdt2Ka6JynYuSYYd02QDNl3E9C18N3pbb/sbxfkDeK2wF6MgD1OC8l
uu6YGXBonRkmfBDTuUo0F3Y2rBiOWUoGpTDYF2QY+ERcU0qgsO3EDBCm8m46cYai
whpcmkLaoJYAXJyttcSxs0VlCWzRg2uZsQzWOw+0tKLEJGM4XRJzkHlCvQ/S5WOm
T1cAAHd4BflT3TuUrMui63F1/dyf203hkx7KIpmGOBLt/2g8IOSoNtU6hIB9wZaP
uudiaHbJ2xRbWlosFuIs5/cURpVWd5v9STstdan7alQaeNcGyaWXjYFmJIseKPZU
1Q4=
-----END CERTIFICATE-----