Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/AjMUHsvBLALNJub5akBqAQSq0HA.roa
File:                     AjMUHsvBLALNJub5akBqAQSq0HA.roa (raw, json)
Hash identifier:          JZL/vPp6KW6BAmRxxSj9YkEeKRKLV1/040aYgGKqD1o=
Subject key identifier:   02:33:14:1E:CB:C1:2C:02:CD:26:E6:F9:6A:40:6A:01:04:AA:D0:70
Certificate issuer:       /CN=26c672da72a34cc282adc40f282676de75117654
Certificate serial:       0194252160D5183390CE9D50033448AF85C6
Authority key identifier: 26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/AjMUHsvBLALNJub5akBqAQSq0HA.roa
Signing time:             Thu 02 Jan 2025 03:48:51 +0000
ROA not before:           Thu 02 Jan 2025 03:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        31.88.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jan 2025 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:60:d5:18:33:90:ce:9d:50:03:34:48:af:85:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26c672da72a34cc282adc40f282676de75117654
        Validity
            Not Before: Jan  2 03:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0233141ecbc12c02cd26e6f96a406a0104aad070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:17:32:ea:5c:6c:ee:32:a1:d6:4f:cb:af:ea:
                    48:cd:c2:5a:bb:81:de:f2:23:a9:30:41:b9:b6:bf:
                    b7:5e:36:23:48:c8:81:dc:78:e4:ff:4a:05:f5:15:
                    42:70:b8:5d:81:0a:93:9d:8b:61:42:44:fa:a6:2e:
                    36:25:c4:78:f8:60:25:96:fe:37:03:f8:e2:d9:40:
                    c2:71:fd:13:70:31:51:b2:c5:36:59:a8:d7:a0:6a:
                    20:87:9c:30:aa:c9:09:a1:af:04:57:49:52:4c:6b:
                    b1:e7:58:c6:65:75:00:61:13:6b:4f:89:8f:d2:ad:
                    8f:7a:8e:bd:1d:37:0d:e8:bf:88:50:b8:f9:4a:62:
                    ad:92:81:7b:a0:34:b1:ac:94:4d:ef:48:41:99:c7:
                    06:77:f0:e1:03:d9:0b:57:de:a1:44:bd:1b:25:a0:
                    d7:8c:b7:ce:a5:56:5b:1b:29:c4:d2:dd:ba:a3:44:
                    e9:a5:22:b4:80:c2:ab:53:63:ff:ea:a9:57:97:ca:
                    69:c4:a8:ba:95:64:bd:26:df:54:64:f9:36:31:45:
                    61:e5:53:7b:cc:b0:df:88:f2:78:40:88:b0:a3:7c:
                    44:66:a8:2b:13:56:cf:49:8d:d8:89:a3:61:c8:0f:
                    95:e5:81:17:ef:67:a8:09:bc:4e:1a:fb:8a:fe:86:
                    4c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:33:14:1E:CB:C1:2C:02:CD:26:E6:F9:6A:40:6A:01:04:AA:D0:70
            X509v3 Authority Key Identifier:
                keyid:26:C6:72:DA:72:A3:4C:C2:82:AD:C4:0F:28:26:76:DE:75:11:76:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JsZy2nKjTMKCrcQPKCZ23nURdlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/AjMUHsvBLALNJub5akBqAQSq0HA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7fe015-5cd5-4429-8b7d-22d027197712/1/JsZy2nKjTMKCrcQPKCZ23nURdlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.88.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b2:6e:22:ee:76:57:f4:e0:ad:71:19:f3:ca:10:4b:f7:fd:1c:
         55:71:db:59:32:e7:61:c9:01:22:2d:ae:63:8c:1b:82:85:d5:
         33:1b:12:1a:90:e0:78:3f:30:f8:de:56:12:db:ba:4d:6d:96:
         d6:fa:d3:52:c5:f2:28:e8:0e:be:cb:11:b2:44:b6:ab:55:d4:
         08:ac:fd:31:f4:5d:5d:63:b9:f7:a0:b0:d7:5c:2d:71:ef:dd:
         72:68:9a:33:66:7e:98:58:96:cf:53:5b:b1:87:63:16:37:b7:
         26:ce:49:6e:e6:92:19:4d:0f:fa:ec:c0:49:1a:2e:01:ad:f9:
         e9:01:d6:4e:7f:fd:8a:8a:22:0c:b2:8b:08:66:5e:a6:9f:c1:
         17:bf:db:c5:b4:cb:19:19:6c:86:fc:74:50:89:47:06:9b:ab:
         8a:fa:45:44:8f:4b:a6:e5:22:19:e3:4f:3a:21:1f:c8:cb:b9:
         6a:1c:a2:8d:01:4b:17:31:ae:66:a0:5f:d3:ab:37:16:c0:65:
         71:58:a1:23:11:b9:e5:f8:6f:18:7e:9b:51:d1:b8:3e:26:f8:
         80:6f:06:ab:0d:53:6c:eb:ae:02:20:d8:3f:66:4f:c3:29:03:
         d2:b4:23:ee:de:49:d8:de:92:c3:b1:b7:47:c5:fa:51:06:1f:
         d8:ca:13:53
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQlIWDVGDOQzp1QAzRIr4XGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YzY3MmRhNzJhMzRjYzI4MmFkYzQwZjI4MjY3NmRlNzUx
MTc2NTQwHhcNMjUwMTAyMDM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjMzMTQxZWNiYzEyYzAyY2QyNmU2Zjk2YTQwNmEwMTA0YWFkMDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Rcy6lxs7jKh1k/Lr+pIzcJau4He
8iOpMEG5tr+3XjYjSMiB3Hjk/0oF9RVCcLhdgQqTnYthQkT6pi42JcR4+GAllv43
A/ji2UDCcf0TcDFRssU2WajXoGogh5wwqskJoa8EV0lSTGux51jGZXUAYRNrT4mP
0q2Peo69HTcN6L+IULj5SmKtkoF7oDSxrJRN70hBmccGd/DhA9kLV96hRL0bJaDX
jLfOpVZbGynE0t26o0TppSK0gMKrU2P/6qlXl8ppxKi6lWS9Jt9UZPk2MUVh5VN7
zLDfiPJ4QIiwo3xEZqgrE1bPSY3YiaNhyA+V5YEX72eoCbxOGvuK/oZMSQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAIzFB7LwSwCzSbm+WpAagEEqtBwMB8GA1UdIwQY
MBaAFCbGctpyo0zCgq3EDygmdt51EXZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2Qt
MjJkMDI3MTk3NzEyLzEvQWpNVUhzdkJMQUxOSnViNWFrQnFBUVNxMEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83ZmUwMTUtNWNkNS00NDI5LThiN2QtMjJkMDI3MTk3NzEy
LzEvSnNaeTJuS2pUTUtDcmNRUEtDWjIzblVSZGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBH1gwDQYJ
KoZIhvcNAQELBQADggEBALJuIu52V/TgrXEZ88oQS/f9HFVx21ky52HJASItrmOM
G4KF1TMbEhqQ4Hg/MPjeVhLbuk1tltb601LF8ijoDr7LEbJEtqtV1Ais/TH0XV1j
ufegsNdcLXHv3XJomjNmfphYls9TW7GHYxY3tybOSW7mkhlND/rswEkaLgGt+ekB
1k5//YqKIgyyiwhmXqafwRe/28W0yxkZbIb8dFCJRwabq4r6RUSPS6blIhnjTzoh
H8jLuWocoo0BSxcxrmagX9OrNxbAZXFYoSMRueX4bxh+m1HRuD4m+IBvBqsNU2zr
rgIg2D9mT8MpA9K0I+7eSdjeksOxt0fF+lEGH9jKE1M=
-----END CERTIFICATE-----