Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/Q3hqBeIN1rhp60gtQOO0RbKWsuw.roa
File:                     Q3hqBeIN1rhp60gtQOO0RbKWsuw.roa (raw, json)
Hash identifier:          jws/ida3eSmeeYOb4mRWHLrjdxcJe5GTXwBm0gh6N40=
Subject key identifier:   43:78:6A:05:E2:0D:D6:B8:69:EB:48:2D:40:E3:B4:45:B2:96:B2:EC
Certificate issuer:       /CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
Certificate serial:       018CC500A4DA3C8754B08153BEEDC452D43C
Authority key identifier: 74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/Q3hqBeIN1rhp60gtQOO0RbKWsuw.roa
Signing time:             Mon 01 Jan 2024 12:30:02 +0000
ROA not before:           Mon 01 Jan 2024 12:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207574
IP address blocks:        31.24.249.0/24 maxlen: 32
                          2a12:4946:3000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a4:da:3c:87:54:b0:81:53:be:ed:c4:52:d4:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746395c12672ad958921b62b9dc9b2bcd8a68a9f
        Validity
            Not Before: Jan  1 12:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43786a05e20dd6b869eb482d40e3b445b296b2ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:94:a0:db:69:14:3e:08:72:7c:7b:6e:d8:90:
                    59:46:2e:40:f8:40:21:6a:e4:f3:36:d6:0f:20:5c:
                    ec:23:f1:ae:19:19:1b:72:b3:cd:e5:83:e7:72:05:
                    bd:4e:b3:58:87:56:3e:55:28:fa:54:3e:b3:0a:b9:
                    5a:fb:d2:0d:9b:37:63:c6:ed:c7:a4:6b:51:17:2b:
                    f6:da:f0:74:ea:c9:36:71:cd:0c:df:fc:ec:fc:1e:
                    ec:fe:7f:d2:0e:6b:dc:2b:0f:35:e9:50:dd:2a:19:
                    a0:32:f3:89:23:f2:0b:1f:2b:0a:82:22:8b:13:ff:
                    00:e8:56:27:2b:ce:a4:97:1a:90:74:de:b3:60:92:
                    cd:dc:08:ac:ce:08:14:f7:28:ac:81:81:0a:93:ab:
                    0f:63:bb:63:b5:9c:d2:95:99:6c:cb:a8:14:f7:c3:
                    67:36:f6:a7:40:bd:82:47:86:77:04:d5:25:5f:b4:
                    cb:0b:e8:91:3c:f2:f4:de:ad:d2:0f:67:49:05:50:
                    04:00:8e:00:d6:97:ba:0a:62:cc:35:ca:0b:66:9d:
                    b8:e3:76:0b:f0:71:4f:b9:4c:8f:86:21:59:b7:92:
                    a8:b8:fa:48:15:2d:29:bc:de:dc:60:77:c2:36:3f:
                    78:ad:9d:2a:4d:65:e6:84:27:f4:62:f4:9b:fe:ae:
                    1c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:78:6A:05:E2:0D:D6:B8:69:EB:48:2D:40:E3:B4:45:B2:96:B2:EC
            X509v3 Authority Key Identifier:
                keyid:74:63:95:C1:26:72:AD:95:89:21:B6:2B:9D:C9:B2:BC:D8:A6:8A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGOVwSZyrZWJIbYrncmyvNimip8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/Q3hqBeIN1rhp60gtQOO0RbKWsuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9e2351-8dd0-4b70-a5fc-fb774abdfac2/1/dGOVwSZyrZWJIbYrncmyvNimip8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.249.0/24
                IPv6:
                  2a12:4946:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:db:7b:05:54:d6:28:b0:d3:91:fb:53:9b:c1:eb:e5:b6:50:
         68:21:6c:d7:27:1e:35:c8:50:ee:39:a2:69:a8:53:c9:1c:50:
         bb:fd:48:1c:e1:de:46:99:d5:ec:9a:db:21:57:7f:6d:2d:24:
         92:fc:c7:6d:1e:9a:39:11:5c:8f:a5:53:3f:bb:ad:58:63:8d:
         9b:9b:73:55:ec:f6:9f:d0:cf:a6:f2:19:8f:95:03:a2:bf:45:
         b8:69:14:ac:8f:92:2e:aa:7f:e3:47:75:d5:4a:74:b1:e0:17:
         d5:d0:5c:56:71:01:c5:f2:81:29:cb:16:24:ad:42:b8:16:9a:
         07:31:12:59:f9:a4:7b:47:6e:eb:99:1d:8e:51:54:41:e4:16:
         33:d7:b4:cd:f2:19:db:f6:dd:71:fa:ae:01:24:71:50:91:f7:
         c8:ce:e3:f1:c2:72:68:93:61:72:03:0c:48:35:97:59:d8:c2:
         74:e2:73:f6:a4:29:7d:15:2f:f6:32:15:65:e3:95:d8:6e:d9:
         ac:b0:92:5a:51:cd:87:dc:88:ba:54:56:50:95:ce:ea:d6:0f:
         1f:5f:dd:d3:4b:0b:62:40:26:14:f5:6d:f4:13:38:fe:53:ee:
         7c:70:91:57:88:54:87:f1:3f:ed:43:56:67:84:4f:63:1a:e8:
         a0:a9:2d:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFAKTaPIdUsIFTvu3EUtQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM5NWMxMjY3MmFkOTU4OTIxYjYyYjlkYzliMmJjZDhh
NjhhOWYwHhcNMjQwMTAxMTIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzc4NmEwNWUyMGRkNmI4NjllYjQ4MmQ0MGUzYjQ0NWIyOTZiMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5Sg22kUPghyfHtu2JBZRi5A+EAh
auTzNtYPIFzsI/GuGRkbcrPN5YPncgW9TrNYh1Y+VSj6VD6zCrla+9INmzdjxu3H
pGtRFyv22vB06sk2cc0M3/zs/B7s/n/SDmvcKw816VDdKhmgMvOJI/ILHysKgiKL
E/8A6FYnK86klxqQdN6zYJLN3AiszggU9yisgYEKk6sPY7tjtZzSlZlsy6gU98Nn
NvanQL2CR4Z3BNUlX7TLC+iRPPL03q3SD2dJBVAEAI4A1pe6CmLMNcoLZp2443YL
8HFPuUyPhiFZt5KouPpIFS0pvN7cYHfCNj94rZ0qTWXmhCf0YvSb/q4cBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEN4agXiDda4aetILUDjtEWylrLsMB8GA1UdIwQY
MBaAFHRjlcEmcq2ViSG2K53JsrzYpoqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMt
ZmI3NzRhYmRmYWMyLzEvUTNocUJlSU4xcmhwNjBndFFPTzBSYktXc3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85ZTIzNTEtOGRkMC00YjcwLWE1ZmMtZmI3NzRhYmRmYWMy
LzEvZEdPVndTWnlyWldKSWJZcm5jbXl2TmltaXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAHxj5MA8E
AgACMAkDBwAqEklGMAAwDQYJKoZIhvcNAQELBQADggEBAC7bewVU1iiw05H7U5vB
6+W2UGghbNcnHjXIUO45ommoU8kcULv9SBzh3kaZ1eya2yFXf20tJJL8x20emjkR
XI+lUz+7rVhjjZubc1Xs9p/Qz6byGY+VA6K/RbhpFKyPki6qf+NHddVKdLHgF9XQ
XFZxAcXygSnLFiStQrgWmgcxEln5pHtHbuuZHY5RVEHkFjPXtM3yGdv23XH6rgEk
cVCR98jO4/HCcmiTYXIDDEg1l1nYwnTic/akKX0VL/YyFWXjldhu2aywklpRzYfc
iLpUVlCVzurWDx9f3dNLC2JAJhT1bfQTOP5T7nxwkVeIVIfxP+1DVmeET2Ma6KCp
LU4=
-----END CERTIFICATE-----