Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/Jy9c0_RzivEj7ucXjgGhx7wSgFQ.roa
File:                     Jy9c0_RzivEj7ucXjgGhx7wSgFQ.roa (raw, json)
Hash identifier:          DojeAK1HHN9h/QqhSA/hHF6THAb3RwTl2cPm6ZufAHI=
Subject key identifier:   27:2F:5C:D3:F4:73:8A:F1:23:EE:E7:17:8E:01:A1:C7:BC:12:80:54
Certificate issuer:       /CN=4081f85602b1168925d83eb3ca61609f357956a6
Certificate serial:       018CC5DBFBEC6527C9E043CA30F8E83F8F76
Authority key identifier: 40:81:F8:56:02:B1:16:89:25:D8:3E:B3:CA:61:60:9F:35:79:56:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/Jy9c0_RzivEj7ucXjgGhx7wSgFQ.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56749
IP address blocks:        31.130.183.0/24 maxlen: 24
                          31.130.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fb:ec:65:27:c9:e0:43:ca:30:f8:e8:3f:8f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4081f85602b1168925d83eb3ca61609f357956a6
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=272f5cd3f4738af123eee7178e01a1c7bc128054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:42:43:bf:21:52:81:87:44:ef:2e:81:90:7d:
                    02:e6:83:23:53:b5:a1:07:91:3c:26:53:15:8c:e9:
                    a5:e2:36:12:fe:01:84:08:ac:d5:17:87:d8:d1:d4:
                    33:42:5f:7d:8c:8f:32:d1:b0:c3:49:19:fe:d9:52:
                    a0:a0:e7:04:06:b3:15:de:d9:52:93:1d:6f:1f:84:
                    99:51:34:a8:97:16:e0:cd:41:a5:ea:14:db:9f:8a:
                    52:09:77:40:1c:5f:28:1e:00:f7:5b:0a:77:9b:91:
                    a7:01:16:86:ff:56:c3:26:a7:89:83:a2:d0:1a:0a:
                    d5:9f:fc:a7:42:97:99:d8:41:84:42:81:c2:21:69:
                    86:85:da:32:16:e6:eb:01:10:a3:d4:8a:67:25:e5:
                    a4:07:30:ca:9f:99:40:b9:bf:94:a3:0c:d5:61:43:
                    41:35:09:cf:30:91:16:83:ea:fd:38:41:19:4e:58:
                    06:e3:01:d7:ba:27:f8:b4:30:f3:da:26:83:07:cb:
                    e1:13:58:fa:10:f9:54:05:c8:c7:88:c3:f5:72:c1:
                    1e:1c:d3:4b:4d:2f:21:b7:8b:a1:a3:38:3d:47:1e:
                    fa:9f:af:55:d2:d4:da:f9:b9:a4:e1:b5:32:58:53:
                    b7:d2:fd:6f:1b:13:3e:07:0d:f1:b8:e8:4b:13:fa:
                    c5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2F:5C:D3:F4:73:8A:F1:23:EE:E7:17:8E:01:A1:C7:BC:12:80:54
            X509v3 Authority Key Identifier:
                keyid:40:81:F8:56:02:B1:16:89:25:D8:3E:B3:CA:61:60:9F:35:79:56:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/Jy9c0_RzivEj7ucXjgGhx7wSgFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:31:72:bb:57:a5:f9:7b:e3:81:52:43:c9:9b:5b:08:e3:77:
         2e:d8:97:dc:1e:e9:65:2e:eb:59:12:a4:2b:71:06:7f:83:c4:
         c0:dd:76:ae:6f:44:4d:39:5c:d2:8a:3e:56:3b:1f:75:80:99:
         a7:9a:60:b6:96:f9:7d:0d:26:dd:30:7a:58:66:e0:09:3b:16:
         dc:a2:df:55:86:7f:ac:2e:23:9d:e6:92:8f:62:b9:4a:d2:f0:
         ba:d4:8f:da:56:62:f6:5b:ff:5b:6c:27:14:e4:c5:75:7a:f1:
         4d:c8:d4:1a:76:b1:c7:31:1d:9f:45:ce:8c:ac:0b:56:ba:1d:
         26:7b:17:9a:1f:e6:38:62:cc:c5:71:59:ff:1a:49:8a:a7:7e:
         18:5d:3e:df:cc:4b:28:dd:20:bf:89:2e:0d:ec:af:bd:81:eb:
         66:04:87:ee:0e:4b:4e:6f:bf:87:30:d0:25:aa:5e:9a:c0:e9:
         23:87:89:06:5b:28:98:97:bb:c4:31:5c:5f:22:a7:fa:ed:37:
         e5:ea:09:04:df:ca:23:28:1c:11:a7:f1:cb:59:8e:30:60:77:
         ee:c5:82:7d:54:e1:b1:41:9a:b5:69:9c:68:27:ba:bc:96:8f:
         86:90:b4:18:34:39:9a:ca:84:73:b7:06:3c:9b:93:39:58:85:
         d7:a6:ab:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/vsZSfJ4EPKMPjoP492MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwODFmODU2MDJiMTE2ODkyNWQ4M2ViM2NhNjE2MDlmMzU3
OTU2YTYwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzJmNWNkM2Y0NzM4YWYxMjNlZWU3MTc4ZTAxYTFjN2JjMTI4MDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0JDvyFSgYdE7y6BkH0C5oMjU7Wh
B5E8JlMVjOml4jYS/gGECKzVF4fY0dQzQl99jI8y0bDDSRn+2VKgoOcEBrMV3tlS
kx1vH4SZUTSolxbgzUGl6hTbn4pSCXdAHF8oHgD3Wwp3m5GnARaG/1bDJqeJg6LQ
GgrVn/ynQpeZ2EGEQoHCIWmGhdoyFubrARCj1IpnJeWkBzDKn5lAub+UowzVYUNB
NQnPMJEWg+r9OEEZTlgG4wHXuif4tDDz2iaDB8vhE1j6EPlUBcjHiMP1csEeHNNL
TS8ht4uhozg9Rx76n69V0tTa+bmk4bUyWFO30v1vGxM+Bw3xuOhLE/rF3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcvXNP0c4rxI+7nF44Boce8EoBUMB8GA1UdIwQY
MBaAFECB+FYCsRaJJdg+s8phYJ81eVamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlINFZnS3hGb2tsMkQ2enltRmduelY1VnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMmM5M2MtOTAwMC00ZTczLWExYzUt
YzAzZjNmZGRkNGFjLzEvSnk5YzBfUnppdkVqN3VjWGpnR2h4N3dTZ0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMmM5M2MtOTAwMC00ZTczLWExYzUtYzAzZjNmZGRkNGFj
LzEvUUlINFZnS3hGb2tsMkQ2enltRmduelY1VnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4K2MA0G
CSqGSIb3DQEBCwUAA4IBAQBiMXK7V6X5e+OBUkPJm1sI43cu2JfcHullLutZEqQr
cQZ/g8TA3Xaub0RNOVzSij5WOx91gJmnmmC2lvl9DSbdMHpYZuAJOxbcot9Vhn+s
LiOd5pKPYrlK0vC61I/aVmL2W/9bbCcU5MV1evFNyNQadrHHMR2fRc6MrAtWuh0m
exeaH+Y4YszFcVn/GkmKp34YXT7fzEso3SC/iS4N7K+9getmBIfuDktOb7+HMNAl
ql6awOkjh4kGWyiYl7vEMVxfIqf67Tfl6gkE38ojKBwRp/HLWY4wYHfuxYJ9VOGx
QZq1aZxoJ7q8lo+GkLQYNDmayoRztwY8m5M5WIXXpqvL
-----END CERTIFICATE-----