Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/RotLOdOF81bQVIBY2d4Kn2UXFPM.roa
File:                     RotLOdOF81bQVIBY2d4Kn2UXFPM.roa (raw, json)
Hash identifier:          vYxgLOjcW+an3ajFmOtMKkqaaGD3l/CUsZBYbEOCgjs=
Subject key identifier:   46:8B:4B:39:D3:85:F3:56:D0:54:80:58:D9:DE:0A:9F:65:17:14:F3
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       019229F054405DFB2F3CDE9BA8BEF271C433
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/RotLOdOF81bQVIBY2d4Kn2UXFPM.roa
Signing time:             Wed 25 Sep 2024 16:07:48 +0000
ROA not before:           Wed 25 Sep 2024 16:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400963
IP address blocks:        94.31.13.0/24 maxlen: 24
                          94.31.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:f0:54:40:5d:fb:2f:3c:de:9b:a8:be:f2:71:c4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Sep 25 16:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=468b4b39d385f356d0548058d9de0a9f651714f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9d:2e:6c:ae:a8:ab:0f:66:d5:a5:19:a8:49:
                    83:40:00:c4:38:48:d4:b3:68:e2:89:b3:cf:ef:2e:
                    bb:f7:68:02:8a:43:c2:85:13:57:74:ce:0e:98:20:
                    ac:f9:11:e4:08:1a:07:a7:d2:67:3f:ad:8a:30:a3:
                    36:fc:c3:07:9b:db:3b:2d:cd:6f:43:25:db:57:e9:
                    44:78:41:b4:c4:11:da:48:29:f1:b4:49:45:cb:64:
                    49:b9:b4:d5:47:32:54:7a:ce:40:1a:d7:72:82:85:
                    51:00:09:01:c0:e2:d4:22:26:6f:4d:77:e4:19:40:
                    fb:eb:4f:fb:35:b9:a8:e0:ee:18:e0:92:cf:e0:c4:
                    4e:66:7f:1d:c4:bf:80:b4:87:e8:1c:95:98:eb:8a:
                    79:23:41:dc:f6:e7:54:c7:b3:ec:87:f2:9b:49:e4:
                    82:5f:49:e4:ca:62:d9:c2:b6:68:f2:f1:34:04:11:
                    48:5a:1f:4e:f9:e0:8f:52:29:b0:c5:40:4f:40:9b:
                    10:06:85:36:f5:fd:ba:a9:b8:23:60:90:c3:1a:38:
                    4c:85:5b:dd:88:83:57:0f:14:45:c5:3d:41:a7:60:
                    f2:6a:d1:a8:8b:6f:0f:e0:e9:55:77:61:b5:58:bf:
                    2a:42:c8:14:09:9c:4b:fb:ee:ef:07:67:1f:e4:33:
                    22:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8B:4B:39:D3:85:F3:56:D0:54:80:58:D9:DE:0A:9F:65:17:14:F3
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/RotLOdOF81bQVIBY2d4Kn2UXFPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.31.13.0/24
                  94.31.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:55:c1:e6:1b:0b:a4:b9:fa:ca:73:e3:2a:24:ca:f1:41:46:
         45:3b:bd:06:73:f4:e9:b7:36:fe:94:09:d6:1a:3b:95:91:b4:
         78:7f:f8:aa:16:84:df:88:02:6e:b5:15:72:17:c5:98:15:f7:
         74:32:24:a8:62:47:ef:15:b7:5f:16:65:45:64:b0:fb:79:5c:
         a5:bc:f7:ec:4e:ab:24:a8:94:30:c5:c9:a0:09:e3:ab:f5:f8:
         37:9f:a2:d3:5d:7c:02:63:f9:a8:a9:36:c1:21:4d:d8:47:68:
         1c:ec:e5:4a:6d:ad:42:4f:22:5a:3b:f4:ec:19:3c:19:ae:ab:
         3a:24:c5:15:1a:cd:3b:06:93:95:6d:dd:89:00:4f:63:0c:f8:
         70:2f:e2:64:02:65:e4:a6:7a:05:65:66:d5:77:96:49:c1:95:
         db:0f:c6:a4:d7:5f:a0:f2:94:91:ca:54:82:b1:50:bf:db:e5:
         e5:26:a6:10:da:18:dc:0a:f3:47:8a:54:02:88:1f:a8:6c:07:
         61:46:cc:41:d7:a8:54:19:5e:30:6d:93:00:7b:6d:b0:90:82:
         b4:3e:c3:c3:0b:d1:85:2d:6f:0e:5b:d8:09:3c:72:6b:b7:94:
         81:72:5e:fa:f5:1a:ee:6a:64:4d:99:0f:c3:4e:04:67:4c:97:
         f2:5c:82:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIp8FRAXfsvPN6bqL7yccQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwOTI1MTYwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhiNGIzOWQzODVmMzU2ZDA1NDgwNThkOWRlMGE5ZjY1MTcxNGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA150ubK6oqw9m1aUZqEmDQADEOEjU
s2jiibPP7y6792gCikPChRNXdM4OmCCs+RHkCBoHp9JnP62KMKM2/MMHm9s7Lc1v
QyXbV+lEeEG0xBHaSCnxtElFy2RJubTVRzJUes5AGtdygoVRAAkBwOLUIiZvTXfk
GUD760/7Nbmo4O4Y4JLP4MROZn8dxL+AtIfoHJWY64p5I0Hc9udUx7Psh/KbSeSC
X0nkymLZwrZo8vE0BBFIWh9O+eCPUimwxUBPQJsQBoU29f26qbgjYJDDGjhMhVvd
iINXDxRFxT1Bp2DyatGoi28P4OlVd2G1WL8qQsgUCZxL++7vB2cf5DMipQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEaLSznThfNW0FSAWNneCp9lFxTzMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvUm90TE9kT0Y4MWJRVklCWTJkNEtuMlVYRlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXh8NAwQA
Xh81MA0GCSqGSIb3DQEBCwUAA4IBAQAaVcHmGwukufrKc+MqJMrxQUZFO70Gc/Tp
tzb+lAnWGjuVkbR4f/iqFoTfiAJutRVyF8WYFfd0MiSoYkfvFbdfFmVFZLD7eVyl
vPfsTqskqJQwxcmgCeOr9fg3n6LTXXwCY/moqTbBIU3YR2gc7OVKba1CTyJaO/Ts
GTwZrqs6JMUVGs07BpOVbd2JAE9jDPhwL+JkAmXkpnoFZWbVd5ZJwZXbD8ak11+g
8pSRylSCsVC/2+XlJqYQ2hjcCvNHilQCiB+obAdhRsxB16hUGV4wbZMAe22wkIK0
PsPDC9GFLW8OW9gJPHJrt5SBcl769RruamRNmQ/DTgRnTJfyXIJ3
-----END CERTIFICATE-----