Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/yoQLLNcGORm8QDKS4KADV9FcyUs.roa
File:                     yoQLLNcGORm8QDKS4KADV9FcyUs.roa (raw, json)
Hash identifier:          I1o4zyhq7PxGPVTs3k7i/nxyRzOmXILFVF84ZiywA5Y=
Subject key identifier:   CA:84:0B:2C:D7:06:39:19:BC:40:32:92:E0:A0:03:57:D1:5C:C9:4B
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01912243A7F71186620B43EF2AC16B8E8684
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/yoQLLNcGORm8QDKS4KADV9FcyUs.roa
Signing time:             Mon 05 Aug 2024 11:19:04 +0000
ROA not before:           Mon 05 Aug 2024 11:19:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39153
IP address blocks:        31.24.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:43:a7:f7:11:86:62:0b:43:ef:2a:c1:6b:8e:86:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug  5 11:19:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca840b2cd7063919bc403292e0a00357d15cc94b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:81:5b:e6:6e:f6:b1:11:f6:b1:82:36:7e:99:
                    5a:72:58:ea:d0:d7:02:d9:ec:79:03:b7:7d:c9:70:
                    33:ec:e2:8d:dc:ed:65:5c:2e:b2:98:d6:8b:ab:a4:
                    7a:a0:1d:0d:e8:8f:25:e0:af:ca:db:f1:32:fc:d0:
                    de:b1:f4:b1:c6:0b:cd:3e:04:95:8e:12:eb:82:63:
                    95:7a:67:0f:9d:04:f3:a2:16:29:f5:8e:81:b9:97:
                    21:0b:50:b4:00:4f:94:94:70:af:b6:95:77:50:13:
                    37:4b:9f:a3:77:29:8e:fc:d0:29:76:81:53:10:df:
                    12:cc:0a:c8:59:a2:d2:ee:c9:aa:18:7b:8a:74:1b:
                    23:5e:fc:bf:e1:9d:7d:a5:a0:0a:84:c5:9c:f0:ec:
                    82:8a:49:84:bf:ec:1e:a8:33:0a:24:15:cb:ac:7a:
                    9c:2f:d9:2f:28:57:67:82:04:56:28:51:16:66:14:
                    8c:8c:c7:66:30:ad:3c:f2:d2:91:74:a0:e9:03:78:
                    37:f7:81:2e:b2:16:de:86:f7:a6:5c:7c:f0:e2:e2:
                    07:05:16:43:d6:6f:fe:78:0d:7b:f6:7a:fe:6c:76:
                    92:b9:ca:0d:46:2c:6e:3d:11:1b:02:da:1b:9f:d3:
                    94:d3:8c:ee:99:54:1d:c1:0b:2c:e2:2c:63:da:d0:
                    61:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:84:0B:2C:D7:06:39:19:BC:40:32:92:E0:A0:03:57:D1:5C:C9:4B
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/yoQLLNcGORm8QDKS4KADV9FcyUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f8:11:75:ea:5d:09:3e:46:c7:da:92:a9:ea:97:ce:67:8b:
         25:ea:dc:5c:8d:db:f6:d4:95:4b:7e:d6:f1:5e:e5:0d:15:8a:
         e4:48:32:07:02:cb:28:18:c8:38:a3:df:6b:19:ec:d5:cf:b2:
         e0:51:20:31:ed:5f:98:e4:bf:22:bb:d1:7b:f9:af:1a:9a:6a:
         a1:9c:50:a4:2b:c1:cd:92:9b:36:a5:7e:9a:7b:18:8e:74:bf:
         67:84:6c:b0:54:e1:47:db:c2:0a:85:45:59:05:d5:38:d9:bd:
         9d:48:be:bc:72:b8:73:2c:c8:2a:44:18:53:f7:53:06:44:2b:
         db:55:ad:f2:25:c7:0c:9a:88:95:72:4e:df:25:9a:86:d8:51:
         27:b7:da:15:8a:a2:8f:1c:62:33:98:2e:5a:33:c3:8f:5c:0b:
         1a:e6:d9:38:b9:2c:b1:9d:c3:1e:5c:d2:f8:33:06:b1:74:87:
         f2:f1:2e:1d:02:9d:64:7b:b9:0e:66:03:47:1b:65:4f:2f:0b:
         49:07:12:44:ad:af:c4:ef:c3:3f:cc:c2:b9:6f:f7:ea:5c:6e:
         6e:c1:ff:ea:86:6c:fa:89:49:f9:9d:20:5e:f6:69:23:50:04:
         cd:69:c0:57:ae:c4:48:4e:ae:31:1a:a5:ca:40:f6:4b:81:35:
         bc:cc:07:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEiQ6f3EYZiC0PvKsFrjoaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODA1MTExOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTg0MGIyY2Q3MDYzOTE5YmM0MDMyOTJlMGEwMDM1N2QxNWNjOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4Fb5m72sRH2sYI2fplacljq0NcC
2ex5A7d9yXAz7OKN3O1lXC6ymNaLq6R6oB0N6I8l4K/K2/Ey/NDesfSxxgvNPgSV
jhLrgmOVemcPnQTzohYp9Y6BuZchC1C0AE+UlHCvtpV3UBM3S5+jdymO/NApdoFT
EN8SzArIWaLS7smqGHuKdBsjXvy/4Z19paAKhMWc8OyCikmEv+weqDMKJBXLrHqc
L9kvKFdnggRWKFEWZhSMjMdmMK088tKRdKDpA3g394EushbehvemXHzw4uIHBRZD
1m/+eA179nr+bHaSucoNRixuPREbAtobn9OU04zumVQdwQss4ixj2tBhIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqECyzXBjkZvEAykuCgA1fRXMlLMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEveW9RTExOY0dPUm04UURLUzRLQURWOUZjeVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxj/MA0G
CSqGSIb3DQEBCwUAA4IBAQCQ+BF16l0JPkbH2pKp6pfOZ4sl6txcjdv21JVLftbx
XuUNFYrkSDIHAssoGMg4o99rGezVz7LgUSAx7V+Y5L8iu9F7+a8ammqhnFCkK8HN
kps2pX6aexiOdL9nhGywVOFH28IKhUVZBdU42b2dSL68crhzLMgqRBhT91MGRCvb
Va3yJccMmoiVck7fJZqG2FEnt9oViqKPHGIzmC5aM8OPXAsa5tk4uSyxncMeXNL4
MwaxdIfy8S4dAp1ke7kOZgNHG2VPLwtJBxJEra/E78M/zMK5b/fqXG5uwf/qhmz6
iUn5nSBe9mkjUATNacBXrsRITq4xGqXKQPZLgTW8zAe0
-----END CERTIFICATE-----