Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/AIyD-hdM7gTtqmeO0ocLhHsmjpU.roa
File:                     AIyD-hdM7gTtqmeO0ocLhHsmjpU.roa (raw, json)
Hash identifier:          O5kUZcGz462UoAEUHDGI/EQORo6X9ME0/zIC2cyDRXk=
Subject key identifier:   00:8C:83:FA:17:4C:EE:04:ED:AA:67:8E:D2:87:0B:84:7B:26:8E:95
Certificate issuer:       /CN=6998500402c8215cf571073a495cdc80c742f2cc
Certificate serial:       018CC2DADEFCF1E1FA10B4FE52B5E45C6EC5
Authority key identifier: 69:98:50:04:02:C8:21:5C:F5:71:07:3A:49:5C:DC:80:C7:42:F2:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZhQBALIIVz1cQc6SVzcgMdC8sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/AIyD-hdM7gTtqmeO0ocLhHsmjpU.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197784
IP address blocks:        31.13.8.0/21 maxlen: 21
                          185.152.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/aZhQBALIIVz1cQc6SVzcgMdC8sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/aZhQBALIIVz1cQc6SVzcgMdC8sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZhQBALIIVz1cQc6SVzcgMdC8sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:de:fc:f1:e1:fa:10:b4:fe:52:b5:e4:5c:6e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6998500402c8215cf571073a495cdc80c742f2cc
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=008c83fa174cee04edaa678ed2870b847b268e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:d3:2e:53:6d:7e:8e:b5:96:bc:f9:c4:0f:
                    a7:6d:c6:32:7f:50:85:4f:d1:74:63:c7:4f:7a:7e:
                    1e:51:6d:3f:a5:49:8e:93:e1:68:6f:16:70:cf:20:
                    0b:32:e0:e4:9f:37:20:82:ef:7b:a2:7d:63:c9:42:
                    ee:63:e6:68:b1:f9:a2:d6:fb:ce:4e:97:66:12:60:
                    d5:1e:36:c6:58:8a:70:cf:b6:cf:ff:80:f8:2e:a4:
                    25:f2:39:e7:50:98:c9:2a:d0:ec:71:a2:13:f8:9f:
                    29:67:87:a0:eb:f2:9a:37:3d:a7:69:c7:cc:43:05:
                    78:59:6f:6e:9e:0f:35:d2:95:a8:c1:46:cc:b8:0a:
                    f6:3a:e2:f0:17:78:b5:e6:2f:11:26:94:12:25:f4:
                    ee:f2:8c:a8:8a:e7:47:34:8d:39:e1:e9:56:fc:2c:
                    0e:69:a0:ea:d5:83:01:60:5d:1f:3b:74:dc:ff:ba:
                    93:77:4d:1a:dc:a9:1f:1b:6a:eb:a1:8b:2d:3e:2c:
                    d3:2d:7d:89:c5:8f:e2:5a:00:11:05:e7:98:2e:43:
                    ed:4a:51:68:12:61:b9:e0:66:9e:12:59:51:c0:54:
                    ee:93:a2:02:48:92:da:86:48:7c:b2:2f:c2:f0:ac:
                    f4:1d:1e:3d:cb:dd:d4:35:c9:85:87:2f:03:54:60:
                    a6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:8C:83:FA:17:4C:EE:04:ED:AA:67:8E:D2:87:0B:84:7B:26:8E:95
            X509v3 Authority Key Identifier:
                keyid:69:98:50:04:02:C8:21:5C:F5:71:07:3A:49:5C:DC:80:C7:42:F2:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZhQBALIIVz1cQc6SVzcgMdC8sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/AIyD-hdM7gTtqmeO0ocLhHsmjpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/057ae8-0cb7-4e14-8a5b-189028f3396c/1/aZhQBALIIVz1cQc6SVzcgMdC8sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.8.0/21
                  185.152.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:67:8a:93:b8:af:87:d2:3c:8a:1a:0b:76:02:6d:35:07:37:
         c7:4b:4c:20:85:9c:19:2f:cd:fb:53:6d:50:cc:1d:c6:05:b1:
         a6:3e:0a:00:d3:bc:66:ef:85:f2:fc:8b:19:04:4b:aa:ea:af:
         70:e1:8d:f1:a1:6f:63:f3:82:26:39:cd:22:80:fd:21:5b:30:
         75:56:6e:cc:7b:e5:dd:33:84:c1:6f:94:38:80:1a:96:44:74:
         d8:f8:9e:b4:07:0f:51:59:f1:39:5b:b8:74:f2:97:68:72:99:
         41:1a:7a:c4:fd:e8:b2:c5:61:f1:e7:0c:0e:dc:99:b7:c0:89:
         5b:8f:44:6a:fb:70:5a:88:01:39:43:0f:7e:02:15:e9:d5:56:
         ac:34:64:30:f9:2b:a2:85:55:5b:27:de:1c:86:34:72:17:72:
         4b:e1:e3:66:04:0a:6e:d4:93:7b:78:d6:d2:c9:b5:b0:18:39:
         f4:6c:6b:d5:4f:95:26:18:27:08:eb:f6:42:c9:71:de:28:d1:
         06:33:86:e4:d3:ee:aa:31:9c:c8:d9:6b:6e:71:df:10:55:5f:
         c4:f1:3b:0b:cc:06:1a:bd:8c:0d:94:89:d2:8b:67:f5:b3:c1:
         d9:5b:40:85:41:d6:32:dc:33:2b:07:68:29:81:e5:8d:a4:e2:
         32:0d:ab:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2t788eH6ELT+UrXkXG7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTg1MDA0MDJjODIxNWNmNTcxMDczYTQ5NWNkYzgwYzc0
MmYyY2MwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDhjODNmYTE3NGNlZTA0ZWRhYTY3OGVkMjg3MGI4NDdiMjY4ZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbrTLlNtfo61lrz5xA+nbcYyf1CF
T9F0Y8dPen4eUW0/pUmOk+FobxZwzyALMuDknzcggu97on1jyULuY+Zosfmi1vvO
TpdmEmDVHjbGWIpwz7bP/4D4LqQl8jnnUJjJKtDscaIT+J8pZ4eg6/KaNz2nacfM
QwV4WW9ung810pWowUbMuAr2OuLwF3i15i8RJpQSJfTu8oyoiudHNI054elW/CwO
aaDq1YMBYF0fO3Tc/7qTd00a3KkfG2rroYstPizTLX2JxY/iWgARBeeYLkPtSlFo
EmG54GaeEllRwFTuk6ICSJLahkh8si/C8Kz0HR49y93UNcmFhy8DVGCmswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFACMg/oXTO4E7apnjtKHC4R7Jo6VMB8GA1UdIwQY
MBaAFGmYUAQCyCFc9XEHOklc3IDHQvLMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpoUUJBTElJVnoxY1FjNlNWemNnTWRDOHN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8wNTdhZTgtMGNiNy00ZTE0LThhNWIt
MTg5MDI4ZjMzOTZjLzEvQUl5RC1oZE03Z1R0cW1lTzBvY0xoSHNtanBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8wNTdhZTgtMGNiNy00ZTE0LThhNWItMTg5MDI4ZjMzOTZj
LzEvYVpoUUJBTElJVnoxY1FjNlNWemNnTWRDOHN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDHw0IAwQC
uZjkMA0GCSqGSIb3DQEBCwUAA4IBAQBHZ4qTuK+H0jyKGgt2Am01BzfHS0wghZwZ
L837U21QzB3GBbGmPgoA07xm74Xy/IsZBEuq6q9w4Y3xoW9j84ImOc0igP0hWzB1
Vm7Me+XdM4TBb5Q4gBqWRHTY+J60Bw9RWfE5W7h08pdocplBGnrE/eiyxWHx5wwO
3Jm3wIlbj0Rq+3BaiAE5Qw9+AhXp1VasNGQw+SuihVVbJ94chjRyF3JL4eNmBApu
1JN7eNbSybWwGDn0bGvVT5UmGCcI6/ZCyXHeKNEGM4bk0+6qMZzI2Wtucd8QVV/E
8TsLzAYavYwNlInSi2f1s8HZW0CFQdYy3DMrB2gpgeWNpOIyDav4
-----END CERTIFICATE-----