Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/giC_SNoQ789b8qQg47muxMxKeTU.roa
File:                     giC_SNoQ789b8qQg47muxMxKeTU.roa (raw, json)
Hash identifier:          NwcxZB6wPvwXoUeqMUplmFCX1Vj1Kgw6D2UzZyDXpbY=
Subject key identifier:   82:20:BF:48:DA:10:EF:CF:5B:F2:A4:20:E3:B9:AE:C4:CC:4A:79:35
Certificate issuer:       /CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
Certificate serial:       018CC6B923FED0EB64C819AFD8B2DB5A80BF
Authority key identifier: C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/giC_SNoQ789b8qQg47muxMxKeTU.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21110
IP address blocks:        31.222.56.0/24 maxlen: 24
                          31.222.55.0/24 maxlen: 24
                          31.222.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:23:fe:d0:eb:64:c8:19:af:d8:b2:db:5a:80:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8220bf48da10efcf5bf2a420e3b9aec4cc4a7935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:24:ee:3b:11:08:2e:f2:c1:75:2f:53:41:9c:
                    5d:02:ca:7f:cc:15:7f:93:66:c0:50:bb:c5:99:0f:
                    94:91:74:32:e5:45:9d:2f:9b:69:43:3d:e1:a0:bb:
                    af:be:2b:bc:36:2c:05:42:2d:e2:a7:dc:16:06:81:
                    47:c1:fc:0a:ae:fd:5b:67:cc:ca:f8:e6:26:3d:b9:
                    ca:35:51:e0:98:7c:7b:d1:09:e0:a9:66:d9:fe:5f:
                    b0:dd:ec:e3:cb:bf:5c:37:d7:82:e4:d9:a0:f3:c3:
                    3a:46:08:47:22:32:07:fb:f9:02:58:ab:f9:08:a2:
                    50:4b:f7:26:f6:c0:44:5b:d4:77:51:37:05:a3:b9:
                    21:27:85:46:c6:3f:9c:4e:4e:e2:e8:ef:75:70:60:
                    92:6d:c8:e5:12:27:4c:69:0d:74:55:cc:1a:69:80:
                    05:e6:e9:8c:b8:50:b6:74:f0:22:7b:5c:78:bc:70:
                    34:a2:67:f4:d9:c5:de:d2:8e:8f:8f:a0:f5:46:43:
                    01:83:13:47:04:33:53:e6:52:f9:95:be:34:1a:6f:
                    60:f7:88:43:12:de:66:5e:8d:9a:65:5c:a5:3c:28:
                    4e:d5:11:54:12:93:ae:64:27:a1:64:c0:51:15:f8:
                    7c:ad:a7:9c:1b:f8:80:16:83:bb:0e:b5:fe:3f:8e:
                    ca:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:20:BF:48:DA:10:EF:CF:5B:F2:A4:20:E3:B9:AE:C4:CC:4A:79:35
            X509v3 Authority Key Identifier:
                keyid:C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/giC_SNoQ789b8qQg47muxMxKeTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.55.0-31.222.57.255

    Signature Algorithm: sha256WithRSAEncryption
         76:b5:9a:45:99:b6:b1:79:51:8c:e3:a8:b1:31:6c:75:33:ba:
         f5:01:09:fc:8a:5a:cd:75:09:fc:0e:ca:c2:3a:42:a2:48:fb:
         61:1a:6a:3e:3a:87:07:ec:e7:5a:5f:f6:04:e1:1a:a7:75:e8:
         36:11:88:2a:16:e9:e6:91:95:97:6c:ae:e2:d8:4a:b9:c4:e7:
         70:62:be:d5:44:34:e9:26:c4:82:2a:68:2a:31:97:f3:de:99:
         e6:cb:b0:ae:ea:c4:8a:78:d4:de:e3:9e:20:68:81:d1:c8:a5:
         87:c1:e4:b4:95:e4:45:c7:bc:35:6a:a5:e0:c6:c7:aa:d3:86:
         2a:51:83:e9:3e:22:31:fb:84:aa:3b:74:5b:e7:db:f8:27:3e:
         9e:d1:ca:54:66:c9:9d:a7:33:77:af:f0:86:60:ec:67:22:28:
         a2:4c:04:2e:3a:c8:98:92:10:64:a7:91:c1:58:c8:ab:f0:ee:
         31:ba:fd:22:a3:c5:63:cf:37:c7:2a:4d:51:b1:65:76:60:b7:
         ef:b1:ef:74:f2:75:76:05:25:3f:85:18:47:8f:33:b6:78:4c:
         30:f6:be:60:ea:5f:db:c1:3e:d4:4b:a9:27:b8:75:f4:60:1e:
         c5:3b:a6:c2:b0:f0:49:75:8c:59:e3:bc:63:86:bc:ce:a1:12:
         4e:20:a7:e6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGuSP+0OtkyBmv2LLbWoC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZmYyM2IxYzM3MTM1MmYzOWI3M2QzOWE0ZTA3ZjhjYTk4
Y2NkNjcwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjIwYmY0OGRhMTBlZmNmNWJmMmE0MjBlM2I5YWVjNGNjNGE3OTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCTuOxEILvLBdS9TQZxdAsp/zBV/
k2bAULvFmQ+UkXQy5UWdL5tpQz3hoLuvviu8NiwFQi3ip9wWBoFHwfwKrv1bZ8zK
+OYmPbnKNVHgmHx70QngqWbZ/l+w3ezjy79cN9eC5Nmg88M6RghHIjIH+/kCWKv5
CKJQS/cm9sBEW9R3UTcFo7khJ4VGxj+cTk7i6O91cGCSbcjlEidMaQ10VcwaaYAF
5umMuFC2dPAie1x4vHA0omf02cXe0o6Pj6D1RkMBgxNHBDNT5lL5lb40Gm9g94hD
Et5mXo2aZVylPChO1RFUEpOuZCehZMBRFfh8raecG/iAFoO7DrX+P47KMwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIIgv0jaEO/PW/KkIOO5rsTMSnk1MB8GA1UdIwQY
MBaAFMT/I7HDcTUvObc9OaTgf4ypjM1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzIt
MTA5NTlhYWE4YjNlLzEvZ2lDX1NOb1E3ODliOHFRZzQ3bXV4TXhLZVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzItMTA5NTlhYWE4YjNl
LzEveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAf3jcD
BAEf3jgwDQYJKoZIhvcNAQELBQADggEBAHa1mkWZtrF5UYzjqLExbHUzuvUBCfyK
Ws11CfwOysI6QqJI+2Eaaj46hwfs51pf9gThGqd16DYRiCoW6eaRlZdsruLYSrnE
53BivtVENOkmxIIqaCoxl/PemebLsK7qxIp41N7jniBogdHIpYfB5LSV5EXHvDVq
peDGx6rThipRg+k+IjH7hKo7dFvn2/gnPp7RylRmyZ2nM3ev8IZg7GciKKJMBC46
yJiSEGSnkcFYyKvw7jG6/SKjxWPPN8cqTVGxZXZgt++x73TydXYFJT+FGEePM7Z4
TDD2vmDqX9vBPtRLqSe4dfRgHsU7psKw8El1jFnjvGOGvM6hEk4gp+Y=
-----END CERTIFICATE-----