Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1ijyKHSSZUC4--ekXtq3RJpYF-M.roa
File:                     1ijyKHSSZUC4--ekXtq3RJpYF-M.roa (raw, json)
Hash identifier:          Qo7yBrxFeo4gRtsrv6E+KtsUr+DUcd7ICxyjhCVCTNM=
Subject key identifier:   D6:28:F2:28:74:92:65:40:B8:FB:E7:A4:5E:DA:B7:44:9A:58:17:E3
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FEAE1AB636E60AD2EF256D3C7E74B
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1ijyKHSSZUC4--ekXtq3RJpYF-M.roa
Signing time:             Thu 02 Jan 2025 05:49:36 +0000
ROA not before:           Thu 02 Jan 2025 05:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202198
IP address blocks:        31.148.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ea:e1:ab:63:6e:60:ad:2e:f2:56:d3:c7:e7:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d628f22874926540b8fbe7a45edab7449a5817e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a7:c5:9c:42:42:14:f9:6c:a4:39:02:aa:f1:
                    0f:53:fc:a0:1a:14:29:88:28:b7:f3:4f:cd:1c:dd:
                    20:b7:38:5d:73:bd:78:e1:77:25:50:2a:cf:13:be:
                    b1:49:48:4d:a6:63:5e:81:7a:9a:db:06:e0:12:84:
                    e0:50:01:3d:3f:fa:95:08:36:14:d7:46:37:2d:de:
                    0c:9d:64:cb:ed:92:dc:24:8b:89:fd:50:a0:d9:c5:
                    9f:36:78:a0:9f:26:c3:85:ee:6f:d2:ac:d9:cd:81:
                    2d:8f:d2:8c:55:44:ad:a0:2f:5a:d4:0e:89:ea:6b:
                    62:cd:8e:99:bc:f9:d0:e0:41:8a:dc:32:33:94:8a:
                    dd:e9:22:58:f0:d2:e4:69:12:5d:86:f7:27:91:49:
                    ed:4d:e3:84:55:74:47:48:e8:56:f7:ae:25:05:c6:
                    38:ba:f5:10:8d:d6:b6:14:ad:58:3c:e4:46:7f:5d:
                    e1:b2:67:f3:c0:88:27:f9:34:0a:69:f1:74:1b:f0:
                    16:d3:14:3f:02:e6:3a:a9:1b:21:2e:f5:9f:11:f7:
                    5f:bb:9f:5b:dd:c7:24:fe:7d:e2:bb:ef:bb:76:2a:
                    dd:73:ca:59:5a:07:d6:ac:76:c1:ce:ee:e6:1a:12:
                    5d:ea:30:ff:1e:f1:33:f9:0f:de:57:6c:c2:7b:33:
                    35:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:28:F2:28:74:92:65:40:B8:FB:E7:A4:5E:DA:B7:44:9A:58:17:E3
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1ijyKHSSZUC4--ekXtq3RJpYF-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:e5:4d:6e:03:71:76:c5:af:81:88:85:6b:f5:f9:5b:50:10:
         5f:2a:41:d6:51:aa:11:3d:fd:e8:89:85:25:bd:75:2c:9f:61:
         d4:c5:54:34:e8:3f:6f:82:c4:8b:d6:48:30:d2:37:1a:1e:f6:
         1e:55:78:97:36:59:25:c6:b8:e5:98:e6:2c:fa:20:4c:ae:11:
         d7:35:b3:e4:24:c1:c6:e3:f5:6b:a0:07:7a:bd:67:22:5c:e7:
         f0:04:19:7b:30:75:3e:f9:80:26:2d:b4:37:ac:0c:68:15:33:
         39:2e:dd:11:1d:fd:2f:39:88:08:84:67:d0:9d:a3:fc:ee:74:
         c8:72:37:35:05:d4:33:74:ec:bb:61:27:6b:05:45:66:55:6f:
         a8:b0:6d:43:c6:af:fd:da:14:dc:20:83:99:12:65:cc:99:ff:
         b3:46:67:4b:31:ae:32:c2:1f:f8:4d:3f:5c:73:81:67:60:f4:
         79:ef:c0:15:c5:41:42:8d:42:b6:74:1e:f7:ed:4c:71:b4:fe:
         83:72:c5:26:94:9c:df:fb:dc:52:35:9e:36:41:c5:ac:85:93:
         38:2a:6f:db:02:9e:8e:5c:7d:84:72:4e:ac:87:4d:e5:86:1a:
         0f:1c:22:c5:bf:fe:78:67:66:9c:cc:e1:63:78:e1:34:c6:3c:
         e6:f7:48:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj+rhq2NuYK0u8lbTx+dLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjI4ZjIyODc0OTI2NTQwYjhmYmU3YTQ1ZWRhYjc0NDlhNTgxN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKfFnEJCFPlspDkCqvEPU/ygGhQp
iCi380/NHN0gtzhdc7144XclUCrPE76xSUhNpmNegXqa2wbgEoTgUAE9P/qVCDYU
10Y3Ld4MnWTL7ZLcJIuJ/VCg2cWfNnignybDhe5v0qzZzYEtj9KMVUStoC9a1A6J
6mtizY6ZvPnQ4EGK3DIzlIrd6SJY8NLkaRJdhvcnkUntTeOEVXRHSOhW964lBcY4
uvUQjda2FK1YPORGf13hsmfzwIgn+TQKafF0G/AW0xQ/AuY6qRshLvWfEfdfu59b
3cck/n3iu++7dirdc8pZWgfWrHbBzu7mGhJd6jD/HvEz+Q/eV2zCezM1awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYo8ih0kmVAuPvnpF7at0SaWBfjMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMWlqeUtIU1NaVUM0LS1la1h0cTNSSnBZRi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5SrMA0G
CSqGSIb3DQEBCwUAA4IBAQAk5U1uA3F2xa+BiIVr9flbUBBfKkHWUaoRPf3oiYUl
vXUsn2HUxVQ06D9vgsSL1kgw0jcaHvYeVXiXNlklxrjlmOYs+iBMrhHXNbPkJMHG
4/VroAd6vWciXOfwBBl7MHU++YAmLbQ3rAxoFTM5Lt0RHf0vOYgIhGfQnaP87nTI
cjc1BdQzdOy7YSdrBUVmVW+osG1Dxq/92hTcIIOZEmXMmf+zRmdLMa4ywh/4TT9c
c4FnYPR578AVxUFCjUK2dB737UxxtP6DcsUmlJzf+9xSNZ42QcWshZM4Km/bAp6O
XH2Eck6sh03lhhoPHCLFv/54Z2aczOFjeOE0xjzm90jG
-----END CERTIFICATE-----