Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/PDR7iFzlcevvX1CYurjtsCmFS3Q.roa
File:                     PDR7iFzlcevvX1CYurjtsCmFS3Q.roa (raw, json)
Hash identifier:          pq/Wsj2UqHMOUlN0FXDQs03uYxflZiJkrRluD4xU5Ro=
Subject key identifier:   3C:34:7B:88:5C:E5:71:EB:EF:5F:50:98:BA:B8:ED:B0:29:85:4B:74
Certificate issuer:       /CN=92d9089a8e328d32d6de16d7da257b811b05239d
Certificate serial:       018E1417B2D59194F70084DA58D02F5170F6
Authority key identifier: 92:D9:08:9A:8E:32:8D:32:D6:DE:16:D7:DA:25:7B:81:1B:05:23:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/PDR7iFzlcevvX1CYurjtsCmFS3Q.roa
Signing time:             Wed 06 Mar 2024 14:08:01 +0000
ROA not before:           Wed 06 Mar 2024 14:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        31.14.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 20:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:17:b2:d5:91:94:f7:00:84:da:58:d0:2f:51:70:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d9089a8e328d32d6de16d7da257b811b05239d
        Validity
            Not Before: Mar  6 14:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c347b885ce571ebef5f5098bab8edb029854b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:c2:20:c1:39:36:49:4f:00:82:8f:43:5c:
                    1b:60:87:a5:94:e6:af:c0:ce:86:59:1b:cd:4b:25:
                    96:f1:8c:35:35:bc:bd:65:b8:7c:e3:31:fc:08:a4:
                    7c:c2:8a:fb:62:7c:bf:fa:c9:72:d2:c7:79:6c:c6:
                    4d:11:cc:6d:b8:86:c8:c3:61:13:a5:5f:ef:66:e9:
                    6a:89:0c:e3:fd:7e:42:4f:36:18:63:ee:81:0e:8b:
                    30:a7:e1:6a:d8:ee:96:a1:52:e9:74:10:a3:25:4a:
                    7c:ee:a9:3d:58:89:ea:84:97:98:b7:bc:b2:6b:88:
                    96:5c:0f:c3:f3:5d:90:6e:73:65:c1:b0:2a:72:80:
                    b0:32:48:ff:2a:9c:25:41:b4:b7:e7:17:9d:5c:42:
                    57:3f:c0:4f:48:84:7f:5c:f4:55:b8:b8:29:61:05:
                    7a:b9:bf:14:40:59:34:87:26:3f:d4:b6:ed:f7:91:
                    7e:b9:0c:ac:88:05:54:de:7f:fc:44:69:20:57:d9:
                    88:49:70:c1:18:7c:50:3c:f3:a8:92:ab:51:7e:8f:
                    7c:05:8e:15:13:7e:33:2c:1b:e9:c2:fb:2a:75:96:
                    a0:d1:b6:0a:46:40:36:5e:1c:fe:39:e4:83:b5:ef:
                    ac:b1:10:8d:b2:ae:cc:4f:f3:74:07:61:f9:b0:e7:
                    e7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:34:7B:88:5C:E5:71:EB:EF:5F:50:98:BA:B8:ED:B0:29:85:4B:74
            X509v3 Authority Key Identifier:
                keyid:92:D9:08:9A:8E:32:8D:32:D6:DE:16:D7:DA:25:7B:81:1B:05:23:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktkImo4yjTLW3hbX2iV7gRsFI50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/PDR7iFzlcevvX1CYurjtsCmFS3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/431634-35cb-4545-877b-df3c07f3411e/1/ktkImo4yjTLW3hbX2iV7gRsFI50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:7f:e6:ca:38:92:6d:b5:2b:29:63:ba:72:10:13:cd:52:b2:
         cf:dd:4e:3e:1e:49:59:9a:97:95:20:77:a9:b3:d3:35:e2:b5:
         6e:d5:8c:fa:86:0d:78:75:3f:9f:23:d5:12:12:a9:9a:f6:07:
         41:ba:7e:ed:b6:84:92:4a:7e:38:bd:6e:dd:33:70:1d:1e:e6:
         48:36:13:9e:59:03:aa:50:9e:95:c6:37:66:2b:93:bb:f4:5e:
         2c:5c:8c:89:5b:af:6e:0b:6c:28:23:8f:0c:bd:8a:6d:f9:b8:
         ba:2f:90:01:19:db:a2:2e:f1:e8:aa:35:8f:28:53:94:ce:27:
         26:ce:8c:87:7e:1f:23:33:94:26:2a:f2:bc:f5:b2:39:75:53:
         3b:13:86:46:24:2e:40:c1:c7:44:f8:f7:07:d0:85:b8:88:4d:
         be:69:b8:4e:ee:d2:81:73:8d:a9:09:37:7e:28:8b:c1:f1:15:
         f6:e5:4e:34:9f:6a:14:7c:a2:63:c5:e2:13:eb:3a:22:bd:48:
         72:19:ab:4b:9d:89:9a:36:83:eb:86:2c:50:59:96:29:9b:24:
         e1:3b:82:0d:c3:cd:d1:a1:14:bc:d4:09:58:4c:15:7e:1d:f2:
         db:21:31:47:2e:5b:ed:c7:85:e6:50:24:a8:8b:20:7c:bd:63:
         fa:1c:22:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4UF7LVkZT3AITaWNAvUXD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDkwODlhOGUzMjhkMzJkNmRlMTZkN2RhMjU3YjgxMWIw
NTIzOWQwHhcNMjQwMzA2MTQwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzM0N2I4ODVjZTU3MWViZWY1ZjUwOThiYWI4ZWRiMDI5ODU0Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6XCIME5NklPAIKPQ1wbYIellOav
wM6GWRvNSyWW8Yw1Nby9Zbh84zH8CKR8wor7Yny/+sly0sd5bMZNEcxtuIbIw2ET
pV/vZulqiQzj/X5CTzYYY+6BDoswp+Fq2O6WoVLpdBCjJUp87qk9WInqhJeYt7yy
a4iWXA/D812QbnNlwbAqcoCwMkj/KpwlQbS35xedXEJXP8BPSIR/XPRVuLgpYQV6
ub8UQFk0hyY/1Lbt95F+uQysiAVU3n/8RGkgV9mISXDBGHxQPPOokqtRfo98BY4V
E34zLBvpwvsqdZag0bYKRkA2Xhz+OeSDte+ssRCNsq7MT/N0B2H5sOfn3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDw0e4hc5XHr719QmLq47bAphUt0MB8GA1UdIwQY
MBaAFJLZCJqOMo0y1t4W19ole4EbBSOdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RrSW1vNHlqVExXM2hiWDJpVjdnUnNGSTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC80MzE2MzQtMzVjYi00NTQ1LTg3N2It
ZGYzYzA3ZjM0MTFlLzEvUERSN2lGemxjZXZ2WDFDWXVyanRzQ21GUzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC80MzE2MzQtMzVjYi00NTQ1LTg3N2ItZGYzYzA3ZjM0MTFl
LzEva3RrSW1vNHlqVExXM2hiWDJpVjdnUnNGSTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHw4fMA0G
CSqGSIb3DQEBCwUAA4IBAQAlf+bKOJJttSspY7pyEBPNUrLP3U4+HklZmpeVIHep
s9M14rVu1Yz6hg14dT+fI9USEqma9gdBun7ttoSSSn44vW7dM3AdHuZINhOeWQOq
UJ6VxjdmK5O79F4sXIyJW69uC2woI48MvYpt+bi6L5ABGduiLvHoqjWPKFOUzicm
zoyHfh8jM5QmKvK89bI5dVM7E4ZGJC5AwcdE+PcH0IW4iE2+abhO7tKBc42pCTd+
KIvB8RX25U40n2oUfKJjxeIT6zoivUhyGatLnYmaNoPrhixQWZYpmyThO4INw83R
oRS81AlYTBV+HfLbITFHLlvtx4XmUCSoiyB8vWP6HCK0
-----END CERTIFICATE-----