Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/DrqyeVCj-xPN6nWxTevPXcLPtzc.roa
File:                     DrqyeVCj-xPN6nWxTevPXcLPtzc.roa (raw, json)
Hash identifier:          NPvdd5HvzQ/Ba8fTo6zKcpeJ/PHDKVRZxV3umC5/uBg=
Subject key identifier:   0E:BA:B2:79:50:A3:FB:13:CD:EA:75:B1:4D:EB:CF:5D:C2:CF:B7:37
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0191A208FC076D48713F6ECEE7404968CD0C
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/DrqyeVCj-xPN6nWxTevPXcLPtzc.roa
Signing time:             Fri 30 Aug 2024 06:46:23 +0000
ROA not before:           Fri 30 Aug 2024 06:46:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        31.24.251.0/24 maxlen: 24
                          45.90.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:08:fc:07:6d:48:71:3f:6e:ce:e7:40:49:68:cd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 30 06:46:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ebab27950a3fb13cdea75b14debcf5dc2cfb737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6e:48:af:7f:39:52:ad:15:d8:20:60:50:f4:
                    d7:e7:e9:1b:7e:ba:43:57:b4:c8:28:1a:1c:f7:75:
                    35:42:5d:c5:ee:f1:e1:bb:4b:ba:42:52:6a:bd:06:
                    13:f3:77:4d:af:cc:76:b4:79:fe:d9:fb:88:1c:ec:
                    1c:e5:c2:a9:1f:78:9b:51:74:0c:c6:75:06:d3:1f:
                    b6:fa:27:a2:ea:9b:3b:df:ef:77:70:60:fa:1f:18:
                    f4:f1:e3:92:af:ca:2a:be:7b:1f:48:04:19:25:35:
                    89:eb:7a:9b:aa:83:d8:11:a5:4b:15:c8:db:8c:35:
                    ce:27:04:6c:e1:2d:ca:62:ee:d4:a8:17:cd:26:12:
                    42:13:7e:56:35:1c:97:4c:e4:c4:91:4c:89:6e:b1:
                    79:98:1a:c7:58:7b:34:72:da:af:45:46:5b:83:9c:
                    c2:14:2f:6b:19:89:ca:56:11:36:ff:1c:a2:2e:20:
                    4f:dd:f0:f8:f9:2d:95:f5:05:0f:9a:97:6c:32:07:
                    cc:ed:c4:a2:7b:8b:15:fe:21:cd:f3:63:f3:40:c4:
                    ad:4a:68:d5:40:77:e5:b2:7d:ae:8c:34:55:4a:02:
                    7f:8d:a0:90:81:12:14:c6:db:b6:37:ce:0c:04:ed:
                    d1:a0:b9:da:c5:a9:c8:7d:cd:1a:fe:33:51:de:16:
                    1d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BA:B2:79:50:A3:FB:13:CD:EA:75:B1:4D:EB:CF:5D:C2:CF:B7:37
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/DrqyeVCj-xPN6nWxTevPXcLPtzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.251.0/24
                  45.90.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:43:89:76:b9:4b:26:f8:88:ac:61:20:53:08:77:9e:78:9e:
         94:e3:ef:14:52:81:9c:0b:36:4a:5d:04:67:8b:5a:1d:f6:76:
         68:0d:50:b6:ee:fb:b0:37:a1:c9:a5:b3:1c:9c:c9:7d:aa:d1:
         66:81:ad:72:e3:2d:92:bd:71:1a:01:78:c2:b8:9d:c6:df:f0:
         a0:2f:82:f5:a4:7b:5b:3b:36:65:8d:3a:d5:ae:97:9b:f5:16:
         49:f9:99:e9:d1:78:e2:24:67:60:a6:81:d0:68:c0:b3:e6:43:
         81:5b:79:86:06:77:28:f1:a5:e5:75:4d:f7:75:af:a0:36:8d:
         86:3c:27:c3:21:5a:ac:bf:ac:0c:de:7b:6a:a0:72:34:a8:d2:
         9d:5e:08:20:cc:3a:d0:00:02:0d:00:5d:6b:0f:23:2c:cc:22:
         e8:b7:a4:d1:98:8d:55:b9:1e:29:bf:88:dc:6a:82:b2:3e:56:
         a6:5f:6c:ad:ed:86:d3:b3:ca:4a:6f:cd:ca:54:a7:a9:1c:52:
         30:48:76:d8:40:f9:d8:78:f0:96:28:05:90:6f:00:e4:f6:30:
         b5:2a:27:4b:3b:31:ab:27:3a:6e:d3:a2:d0:ca:ef:33:8e:c0:
         80:65:6d:50:dd:25:ba:93:1c:4b:54:d0:f4:c8:74:75:26:0a:
         ac:62:44:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGiCPwHbUhxP27O50BJaM0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODMwMDY0NjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJhYjI3OTUwYTNmYjEzY2RlYTc1YjE0ZGViY2Y1ZGMyY2ZiNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuG5Ir385Uq0V2CBgUPTX5+kbfrpD
V7TIKBoc93U1Ql3F7vHhu0u6QlJqvQYT83dNr8x2tHn+2fuIHOwc5cKpH3ibUXQM
xnUG0x+2+iei6ps73+93cGD6Hxj08eOSr8oqvnsfSAQZJTWJ63qbqoPYEaVLFcjb
jDXOJwRs4S3KYu7UqBfNJhJCE35WNRyXTOTEkUyJbrF5mBrHWHs0ctqvRUZbg5zC
FC9rGYnKVhE2/xyiLiBP3fD4+S2V9QUPmpdsMgfM7cSie4sV/iHN82PzQMStSmjV
QHflsn2ujDRVSgJ/jaCQgRIUxtu2N84MBO3RoLnaxanIfc0a/jNR3hYdEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA66snlQo/sTzep1sU3rz13Cz7c3MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvRHJxeWVWQ2oteFBONm5XeFRldlBYY0xQdHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHxj7AwQA
LVouMA0GCSqGSIb3DQEBCwUAA4IBAQCVQ4l2uUsm+IisYSBTCHeeeJ6U4+8UUoGc
CzZKXQRni1od9nZoDVC27vuwN6HJpbMcnMl9qtFmga1y4y2SvXEaAXjCuJ3G3/Cg
L4L1pHtbOzZljTrVrpeb9RZJ+Znp0XjiJGdgpoHQaMCz5kOBW3mGBnco8aXldU33
da+gNo2GPCfDIVqsv6wM3ntqoHI0qNKdXgggzDrQAAINAF1rDyMszCLot6TRmI1V
uR4pv4jcaoKyPlamX2yt7YbTs8pKb83KVKepHFIwSHbYQPnYePCWKAWQbwDk9jC1
KidLOzGrJzpu06LQyu8zjsCAZW1Q3SW6kxxLVND0yHR1JgqsYkTO
-----END CERTIFICATE-----