Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/8lytrNRAlkzl2XNEuoqT9hqGeHI.roa
File:                     8lytrNRAlkzl2XNEuoqT9hqGeHI.roa (raw, json)
Hash identifier:          bsiOs3LeZM/7MgOmaqSi5ylqvDA5KYlcRdJP7/Y5e7k=
Subject key identifier:   F2:5C:AD:AC:D4:40:96:4C:E5:D9:73:44:BA:8A:93:F6:1A:86:78:72
Certificate issuer:       /CN=27d028470604336fdb9308e51ba53e951ae2e098
Certificate serial:       01942220056D4679157F1911416591AA1C30
Authority key identifier: 27:D0:28:47:06:04:33:6F:DB:93:08:E5:1B:A5:3E:95:1A:E2:E0:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9AoRwYEM2_bkwjlG6U-lRri4Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/8lytrNRAlkzl2XNEuoqT9hqGeHI.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201455
IP address blocks:        185.170.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/J9AoRwYEM2_bkwjlG6U-lRri4Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/J9AoRwYEM2_bkwjlG6U-lRri4Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J9AoRwYEM2_bkwjlG6U-lRri4Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:05:6d:46:79:15:7f:19:11:41:65:91:aa:1c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d028470604336fdb9308e51ba53e951ae2e098
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f25cadacd440964ce5d97344ba8a93f61a867872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bf:1b:00:a6:63:9e:b8:f4:51:9e:35:cd:d3:
                    36:50:00:23:a7:ec:73:c4:00:51:84:b2:24:10:d7:
                    cc:c3:b1:da:59:a8:09:5f:34:90:5a:b6:01:29:7b:
                    f5:30:9d:6f:de:bb:59:fc:9e:f3:20:28:5d:61:f6:
                    ee:9b:34:2a:80:90:cb:72:5b:c6:fb:aa:bb:2e:e4:
                    3f:55:c7:f7:07:28:d7:70:1c:cf:95:72:96:86:4b:
                    7f:d0:ae:05:43:13:b3:12:e2:04:47:fa:f3:2c:92:
                    8b:f2:17:46:65:26:3e:27:7c:d8:37:03:8b:ef:aa:
                    b0:27:06:a3:d3:a2:c8:c4:07:35:60:60:50:e8:6f:
                    eb:82:12:ec:92:70:58:17:2c:60:8a:66:01:f7:09:
                    3e:30:9c:06:a6:5f:20:39:e0:97:15:e9:fb:7d:8c:
                    65:75:a1:24:1c:83:a6:3a:46:e7:5e:dc:d3:03:0a:
                    be:44:a8:59:64:58:b3:d7:b4:76:66:f3:27:ed:26:
                    ed:62:9f:e7:47:49:93:95:68:91:fc:ab:02:d4:6a:
                    ea:31:03:26:aa:55:f2:42:45:5a:61:ae:ff:66:48:
                    e1:b5:4f:d8:04:e9:40:c7:94:ec:d1:6e:52:00:7a:
                    25:6f:8d:20:90:79:26:e8:a7:78:96:e0:b4:45:76:
                    1a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5C:AD:AC:D4:40:96:4C:E5:D9:73:44:BA:8A:93:F6:1A:86:78:72
            X509v3 Authority Key Identifier:
                keyid:27:D0:28:47:06:04:33:6F:DB:93:08:E5:1B:A5:3E:95:1A:E2:E0:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9AoRwYEM2_bkwjlG6U-lRri4Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/8lytrNRAlkzl2XNEuoqT9hqGeHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/b3805f-be6f-4133-b5ec-a4ebbfe710c3/1/J9AoRwYEM2_bkwjlG6U-lRri4Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d7:b3:44:07:9b:99:6e:7a:7b:d6:d4:ba:c1:89:b8:df:09:
         02:e6:75:49:44:5a:03:00:14:c2:8d:45:95:8e:8f:95:20:de:
         4e:ab:26:10:78:e4:a7:67:1d:ea:07:6c:5b:57:52:eb:de:39:
         fc:c4:0e:6e:ea:ca:10:e3:c1:41:11:7c:91:5a:95:25:e0:4e:
         6c:2d:2f:05:cb:78:e6:c4:e3:e3:ac:63:08:2c:95:47:4f:8c:
         c5:21:29:48:a9:c5:6f:95:93:95:4a:98:29:e2:af:69:ec:da:
         35:a0:74:4c:51:86:e9:04:2c:0c:3e:bf:d8:f5:d8:c7:71:c9:
         64:89:a7:ad:d3:2d:5a:06:59:f5:c2:4a:c6:e7:a0:8f:b4:c1:
         98:47:7c:59:19:c3:b8:4e:18:3c:95:d8:54:c6:38:f1:a6:fc:
         3f:26:df:8f:46:33:09:25:6e:f9:a6:51:b5:85:6b:dc:a5:f4:
         92:41:78:05:74:5f:ea:4f:17:2c:08:9e:48:9a:5a:e7:9d:bc:
         14:c4:3c:05:e9:74:29:b5:52:6d:41:06:27:a4:68:b7:35:fe:
         ee:0a:f0:2c:16:ac:3e:52:c2:91:bb:20:f9:0f:68:c0:04:df:
         24:69:eb:8b:2e:c3:b5:cc:6a:7f:95:54:0d:21:33:fe:79:6b:
         e1:2d:e0:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAVtRnkVfxkRQWWRqhwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDAyODQ3MDYwNDMzNmZkYjkzMDhlNTFiYTUzZTk1MWFl
MmUwOTgwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjVjYWRhY2Q0NDA5NjRjZTVkOTczNDRiYThhOTNmNjFhODY3ODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L8bAKZjnrj0UZ41zdM2UAAjp+xz
xABRhLIkENfMw7HaWagJXzSQWrYBKXv1MJ1v3rtZ/J7zIChdYfbumzQqgJDLclvG
+6q7LuQ/Vcf3ByjXcBzPlXKWhkt/0K4FQxOzEuIER/rzLJKL8hdGZSY+J3zYNwOL
76qwJwaj06LIxAc1YGBQ6G/rghLsknBYFyxgimYB9wk+MJwGpl8gOeCXFen7fYxl
daEkHIOmOkbnXtzTAwq+RKhZZFiz17R2ZvMn7SbtYp/nR0mTlWiR/KsC1GrqMQMm
qlXyQkVaYa7/ZkjhtU/YBOlAx5Ts0W5SAHolb40gkHkm6Kd4luC0RXYarQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJcrazUQJZM5dlzRLqKk/YahnhyMB8GA1UdIwQY
MBaAFCfQKEcGBDNv25MI5RulPpUa4uCYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjlBb1J3WUVNMl9ia3dqbEc2VS1sUnJpNEpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9iMzgwNWYtYmU2Zi00MTMzLWI1ZWMt
YTRlYmJmZTcxMGMzLzEvOGx5dHJOUkFsa3psMlhORXVvcVQ5aHFHZUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9iMzgwNWYtYmU2Zi00MTMzLWI1ZWMtYTRlYmJmZTcxMGMz
LzEvSjlBb1J3WUVNMl9ia3dqbEc2VS1sUnJpNEpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaofMA0G
CSqGSIb3DQEBCwUAA4IBAQBo17NEB5uZbnp71tS6wYm43wkC5nVJRFoDABTCjUWV
jo+VIN5OqyYQeOSnZx3qB2xbV1Lr3jn8xA5u6soQ48FBEXyRWpUl4E5sLS8Fy3jm
xOPjrGMILJVHT4zFISlIqcVvlZOVSpgp4q9p7No1oHRMUYbpBCwMPr/Y9djHcclk
iaet0y1aBln1wkrG56CPtMGYR3xZGcO4Thg8ldhUxjjxpvw/Jt+PRjMJJW75plG1
hWvcpfSSQXgFdF/qTxcsCJ5ImlrnnbwUxDwF6XQptVJtQQYnpGi3Nf7uCvAsFqw+
UsKRuyD5D2jABN8kaeuLLsO1zGp/lVQNITP+eWvhLeA7
-----END CERTIFICATE-----