Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7VPXbfLHxIuz2BoYL4HEkYODlwM.roa
File:                     7VPXbfLHxIuz2BoYL4HEkYODlwM.roa (raw, json)
Hash identifier:          CJynHkLCuwfrP44GE0gqzZPGPZ9wTHJu6iwOrM46XSw=
Subject key identifier:   ED:53:D7:6D:F2:C7:C4:8B:B3:D8:1A:18:2F:81:C4:91:83:83:97:03
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019425900E6A520518A7B172D13169562855
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7VPXbfLHxIuz2BoYL4HEkYODlwM.roa
Signing time:             Thu 02 Jan 2025 05:49:45 +0000
ROA not before:           Thu 02 Jan 2025 05:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212463
IP address blocks:        31.148.149.0/24 maxlen: 24
                          95.47.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:90:0e:6a:52:05:18:a7:b1:72:d1:31:69:56:28:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed53d76df2c7c48bb3d81a182f81c49183839703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:53:45:6d:d2:08:42:41:1b:de:97:1c:44:35:
                    64:6b:4a:5b:21:d1:46:47:cd:a5:b6:d5:fb:3f:9e:
                    a5:96:dd:e1:1a:7a:7e:a7:84:fb:43:e7:8e:ed:23:
                    de:49:58:45:4a:56:6c:23:e9:e8:bd:b4:c9:53:bc:
                    4b:da:bd:40:fb:18:0b:0a:f8:51:7d:e0:35:da:ad:
                    14:de:56:8d:b0:f5:6e:65:4d:32:c9:9f:bc:f1:78:
                    5b:83:77:d7:23:c2:ec:f8:11:e7:da:6c:5f:4f:7c:
                    8a:61:56:eb:21:39:0b:18:1b:25:05:67:2c:0c:d3:
                    33:8a:6e:bd:85:5e:ce:9e:ec:d3:c1:df:aa:00:5b:
                    6d:61:9e:b7:d9:7a:84:04:ea:a5:03:8f:d6:a7:40:
                    16:4c:2c:8a:b9:da:b9:d9:ea:ce:83:55:72:fc:e4:
                    2a:10:10:2e:bc:2c:d0:4e:57:25:3e:2d:84:dd:5b:
                    13:89:11:6f:96:97:5a:b6:fc:a4:3b:37:88:ca:54:
                    a4:c9:de:94:c9:62:04:de:2c:44:cb:3f:5d:78:60:
                    45:a0:a9:a5:3c:fa:78:3c:be:3f:80:6d:ce:85:39:
                    90:27:85:c5:e1:cf:55:41:94:39:7f:f3:a9:c3:db:
                    68:3e:f3:c3:64:81:3f:22:6a:95:57:ac:32:60:fd:
                    aa:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:53:D7:6D:F2:C7:C4:8B:B3:D8:1A:18:2F:81:C4:91:83:83:97:03
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7VPXbfLHxIuz2BoYL4HEkYODlwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.149.0/24
                  95.47.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:9d:ba:da:67:d0:b7:70:13:97:4d:f7:76:f8:92:cd:ba:aa:
         a6:56:54:29:1b:aa:52:3d:52:49:61:91:7f:d3:de:16:da:de:
         56:35:96:17:13:ed:89:42:6d:40:98:98:16:ba:f0:6e:22:70:
         d9:66:bb:e9:88:ed:d0:ff:86:6a:42:a6:8d:39:07:9a:06:c4:
         7b:ce:12:6a:c8:97:d2:0c:b8:4e:6c:ae:fe:da:e9:d2:4d:f6:
         b3:57:0a:35:65:bb:3a:27:41:07:6b:fd:47:75:8b:cb:95:6f:
         74:9d:d5:8a:2b:62:ee:a4:ca:e9:b5:d9:78:e6:47:96:16:77:
         50:d1:0a:a6:72:ce:22:dc:5d:c4:6d:79:18:62:8c:91:be:71:
         cc:a9:0d:93:30:d8:47:67:67:3d:39:73:ec:e0:3a:3c:fe:4f:
         2f:88:87:3e:92:b5:13:94:f1:a5:19:5e:e4:4d:20:2d:1b:e8:
         2b:3c:e7:29:21:a0:5c:38:b6:d8:b2:fa:ab:4b:ad:4e:62:5c:
         7d:93:d1:f1:08:98:48:82:86:84:77:5d:6e:ce:12:23:7f:d0:
         87:9b:c1:e5:4e:f3:32:06:7a:40:26:93:3a:09:89:4b:73:6a:
         5f:2d:e9:b2:a3:45:23:1e:37:59:d1:10:2e:f7:6b:3a:89:57:
         fa:37:bd:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlkA5qUgUYp7Fy0TFpVihVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDUzZDc2ZGYyYzdjNDhiYjNkODFhMTgyZjgxYzQ5MTgzODM5NzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1NFbdIIQkEb3pccRDVka0pbIdFG
R82lttX7P56llt3hGnp+p4T7Q+eO7SPeSVhFSlZsI+novbTJU7xL2r1A+xgLCvhR
feA12q0U3laNsPVuZU0yyZ+88Xhbg3fXI8Ls+BHn2mxfT3yKYVbrITkLGBslBWcs
DNMzim69hV7OnuzTwd+qAFttYZ632XqEBOqlA4/Wp0AWTCyKudq52erOg1Vy/OQq
EBAuvCzQTlclPi2E3VsTiRFvlpdatvykOzeIylSkyd6UyWIE3ixEyz9deGBFoKml
PPp4PL4/gG3OhTmQJ4XF4c9VQZQ5f/Opw9toPvPDZIE/ImqVV6wyYP2qwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO1T123yx8SLs9gaGC+BxJGDg5cDMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvN1ZQWGJmTEh4SXV6MkJvWUw0SEVrWU9EbHdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH5SVAwQA
Xy87MA0GCSqGSIb3DQEBCwUAA4IBAQAUnbraZ9C3cBOXTfd2+JLNuqqmVlQpG6pS
PVJJYZF/094W2t5WNZYXE+2JQm1AmJgWuvBuInDZZrvpiO3Q/4ZqQqaNOQeaBsR7
zhJqyJfSDLhObK7+2unSTfazVwo1Zbs6J0EHa/1HdYvLlW90ndWKK2LupMrptdl4
5keWFndQ0Qqmcs4i3F3EbXkYYoyRvnHMqQ2TMNhHZ2c9OXPs4Do8/k8viIc+krUT
lPGlGV7kTSAtG+grPOcpIaBcOLbYsvqrS61OYlx9k9HxCJhIgoaEd11uzhIjf9CH
m8HlTvMyBnpAJpM6CYlLc2pfLemyo0UjHjdZ0RAu92s6iVf6N70Q
-----END CERTIFICATE-----