Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/KIHVek0hjlzTAP1YJdJ7dG_cZSI.roa
File:                     KIHVek0hjlzTAP1YJdJ7dG_cZSI.roa (raw, json)
Hash identifier:          TaV99lsNE/VgnfJuxAaMokGLe0H8dmvPY+O2Ucwq7ak=
Subject key identifier:   28:81:D5:7A:4D:21:8E:5C:D3:00:FD:58:25:D2:7B:74:6F:DC:65:22
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019193143F56D0D1D5329663DF6A9C24FA5C
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/KIHVek0hjlzTAP1YJdJ7dG_cZSI.roa
Signing time:             Tue 27 Aug 2024 09:04:23 +0000
ROA not before:           Tue 27 Aug 2024 09:04:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215882
IP address blocks:        31.41.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:14:3f:56:d0:d1:d5:32:96:63:df:6a:9c:24:fa:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 27 09:04:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2881d57a4d218e5cd300fd5825d27b746fdc6522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5b:bf:aa:ab:cf:f1:21:d5:de:1b:fd:0b:24:
                    dd:0f:bb:d0:43:d1:ac:cf:ff:4c:d7:67:2d:c9:95:
                    04:50:1a:f2:4c:fa:6b:c5:8f:87:41:66:0c:36:91:
                    3b:94:a5:e2:9a:a1:16:dd:8b:a4:4b:c6:10:eb:08:
                    6d:bd:df:37:b9:f7:e1:11:e2:d7:76:a6:f6:f3:7d:
                    32:b2:41:1d:45:cb:40:54:2e:9b:ff:c5:b3:21:90:
                    a7:d7:e1:fe:ac:f3:44:5c:22:45:b7:ba:bf:69:28:
                    e8:ca:95:f2:28:4c:b4:c6:f9:fb:ab:3e:b5:79:75:
                    cf:58:bc:9a:6f:fb:27:d5:6d:16:8d:3a:7e:47:f2:
                    57:a7:31:2a:14:06:66:92:e9:6b:6d:3c:76:3f:96:
                    b2:d1:24:60:d9:6b:46:2c:bf:63:db:05:fe:10:f4:
                    88:48:dc:4b:29:3b:74:06:10:8d:8e:08:46:3b:c3:
                    2d:80:31:30:ba:2a:46:ed:68:ba:85:f3:d9:42:c6:
                    3c:3b:59:bb:c3:cd:47:8e:9b:99:a3:36:4b:64:b0:
                    6e:44:a8:17:be:f6:d2:04:a7:dd:ce:55:2d:53:c1:
                    ca:aa:84:6c:ca:15:c1:79:76:90:00:fa:1a:e4:5a:
                    0d:d2:25:72:34:0a:c9:0f:89:ed:04:b7:f2:cf:d2:
                    89:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:81:D5:7A:4D:21:8E:5C:D3:00:FD:58:25:D2:7B:74:6F:DC:65:22
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/KIHVek0hjlzTAP1YJdJ7dG_cZSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:df:84:90:b9:77:34:51:40:50:dd:77:59:bf:f4:7b:0d:23:
         b8:07:38:f0:3d:6d:c4:e9:a1:4f:91:18:69:cd:17:d4:e1:e3:
         59:64:bb:8e:58:2f:b4:8d:31:b8:a2:64:5d:0b:4c:cf:35:8f:
         9b:c9:45:58:f4:98:3e:a3:b4:df:79:b4:84:bc:b5:5d:61:0a:
         38:1b:01:0e:6e:31:fb:3c:10:e4:02:b3:d1:57:9c:17:10:ee:
         ac:4e:15:72:2d:5c:7f:ad:9e:88:56:7b:ae:4c:36:a9:13:ef:
         49:f9:5e:e6:e2:d4:8f:fa:86:2b:8c:07:12:93:47:45:4e:e5:
         9e:5c:ca:37:fb:8c:5f:95:a8:0c:5d:93:81:0d:07:58:92:22:
         54:2f:e1:54:a6:46:55:06:06:49:4e:1a:b8:d2:66:7b:56:df:
         b1:0f:26:e7:8f:90:6a:81:fb:9e:77:f9:32:93:fb:67:15:b3:
         34:ea:66:04:8a:c8:51:ca:89:84:87:c7:27:8f:02:bc:8c:7d:
         29:90:92:0c:47:1c:3c:98:ce:96:4f:1e:d5:b1:bd:19:8e:a0:
         07:75:dd:d0:57:a7:c1:46:b6:e8:02:81:c0:de:5c:54:ae:c5:
         27:d0:34:e3:69:55:ac:12:35:05:5b:c5:ef:e5:f5:4d:e4:91:
         a6:09:3c:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGTFD9W0NHVMpZj32qcJPpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODI3MDkwNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODgxZDU3YTRkMjE4ZTVjZDMwMGZkNTgyNWQyN2I3NDZmZGM2NTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1u/qqvP8SHV3hv9CyTdD7vQQ9Gs
z/9M12ctyZUEUBryTPprxY+HQWYMNpE7lKXimqEW3YukS8YQ6whtvd83uffhEeLX
dqb2830yskEdRctAVC6b/8WzIZCn1+H+rPNEXCJFt7q/aSjoypXyKEy0xvn7qz61
eXXPWLyab/sn1W0WjTp+R/JXpzEqFAZmkulrbTx2P5ay0SRg2WtGLL9j2wX+EPSI
SNxLKTt0BhCNjghGO8MtgDEwuipG7Wi6hfPZQsY8O1m7w81HjpuZozZLZLBuRKgX
vvbSBKfdzlUtU8HKqoRsyhXBeXaQAPoa5FoN0iVyNArJD4ntBLfyz9KJXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiB1XpNIY5c0wD9WCXSe3Rv3GUiMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvS0lIVmVrMGhqbHpUQVAxWUpkSjdkR19jWlNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHykgMA0G
CSqGSIb3DQEBCwUAA4IBAQCe34SQuXc0UUBQ3XdZv/R7DSO4BzjwPW3E6aFPkRhp
zRfU4eNZZLuOWC+0jTG4omRdC0zPNY+byUVY9Jg+o7TfebSEvLVdYQo4GwEObjH7
PBDkArPRV5wXEO6sThVyLVx/rZ6IVnuuTDapE+9J+V7m4tSP+oYrjAcSk0dFTuWe
XMo3+4xflagMXZOBDQdYkiJUL+FUpkZVBgZJThq40mZ7Vt+xDybnj5Bqgfued/ky
k/tnFbM06mYEishRyomEh8cnjwK8jH0pkJIMRxw8mM6WTx7Vsb0ZjqAHdd3QV6fB
RrboAoHA3lxUrsUn0DTjaVWsEjUFW8Xv5fVN5JGmCTwh
-----END CERTIFICATE-----