Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/9e9d9d-9091-435a-9967-d8468b72f1a0/1/PRJa7V2k-CLwAF5UkLaIdcldqlI.roa
File:                     PRJa7V2k-CLwAF5UkLaIdcldqlI.roa (raw, json)
Hash identifier:          wUIhD2jDnsxyp1Dj5kgoGNM8SGIGHri6mRFYv3+dxmE=
Subject key identifier:   3D:12:5A:ED:5D:A4:F8:22:F0:00:5E:54:90:B6:88:75:C9:5D:AA:52
Certificate issuer:       /CN=8b9289d88259c33cc7ad81482b779450ae4eac03
Certificate serial:       018CC801301C608BB2F19DB75326311B91AB
Authority key identifier: 8B:92:89:D8:82:59:C3:3C:C7:AD:81:48:2B:77:94:50:AE:4E:AC:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5KJ2IJZwzzHrYFIK3eUUK5OrAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/9e9d9d-9091-435a-9967-d8468b72f1a0/1/PRJa7V2k-CLwAF5UkLaIdcldqlI.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39507
IP address blocks:        31.130.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/9e9d9d-9091-435a-9967-d8468b72f1a0/1/i5KJ2IJZwzzHrYFIK3eUUK5OrAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/9e9d9d-9091-435a-9967-d8468b72f1a0/1/i5KJ2IJZwzzHrYFIK3eUUK5OrAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5KJ2IJZwzzHrYFIK3eUUK5OrAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:30:1c:60:8b:b2:f1:9d:b7:53:26:31:1b:91:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9289d88259c33cc7ad81482b779450ae4eac03
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d125aed5da4f822f0005e5490b68875c95daa52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5f:ce:ab:14:db:54:3e:8b:9e:38:51:78:84:
                    10:98:3a:53:58:8a:39:dc:2c:e3:b4:8e:6d:09:cd:
                    9c:f9:91:35:40:0a:41:f2:d9:7a:e4:39:2a:c7:c3:
                    83:ee:0c:ee:78:5a:30:d8:b5:07:d0:64:cb:b2:e9:
                    17:1e:13:68:02:8c:28:e7:79:d9:5e:dd:38:f4:98:
                    de:37:dd:aa:78:11:2c:0f:62:ad:10:38:b8:ef:32:
                    d0:66:aa:7b:e3:5f:85:2e:e4:31:6f:ad:a1:62:14:
                    05:80:fc:86:b2:e5:22:47:61:34:1b:83:0c:ab:1e:
                    34:d1:bc:04:9e:c8:09:44:0e:b3:76:e0:f2:74:6c:
                    2a:e4:b9:b8:51:d8:1c:40:06:a9:25:b1:4a:fd:b7:
                    51:5b:10:de:74:69:ad:5e:b1:b7:dc:1e:77:95:90:
                    71:68:41:0b:72:6f:64:99:cb:f2:1b:b5:03:a9:b9:
                    eb:07:80:b6:f8:be:1e:a7:79:6a:d6:ea:7b:47:7b:
                    cf:67:21:50:03:7a:45:84:6e:d8:73:b1:9e:cc:f5:
                    c0:6c:c4:34:0c:1c:eb:d9:d7:cd:61:f6:ca:5e:93:
                    86:cf:3f:ef:04:f1:74:22:74:90:36:52:04:d4:f6:
                    5b:c3:b4:59:9c:0e:06:f8:a8:0c:69:5f:04:d4:ff:
                    ae:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:12:5A:ED:5D:A4:F8:22:F0:00:5E:54:90:B6:88:75:C9:5D:AA:52
            X509v3 Authority Key Identifier:
                keyid:8B:92:89:D8:82:59:C3:3C:C7:AD:81:48:2B:77:94:50:AE:4E:AC:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5KJ2IJZwzzHrYFIK3eUUK5OrAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9e9d9d-9091-435a-9967-d8468b72f1a0/1/PRJa7V2k-CLwAF5UkLaIdcldqlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9e9d9d-9091-435a-9967-d8468b72f1a0/1/i5KJ2IJZwzzHrYFIK3eUUK5OrAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:09:e3:33:2c:19:40:60:c5:f2:f7:bd:af:28:d8:75:46:5d:
         c7:b0:bd:e5:ba:16:f7:53:e9:73:8c:19:ef:f7:5d:c9:d0:21:
         52:d1:cf:1c:40:e8:a8:b2:24:a7:17:0b:3e:5a:2e:dd:17:48:
         0d:1c:30:76:c0:36:e8:b4:c9:de:f9:46:03:e7:6b:4e:35:c9:
         2d:58:d6:b2:8e:48:b3:f5:cb:11:52:68:31:f2:09:e1:07:b5:
         0e:76:74:4d:58:01:bf:63:a7:29:c8:5c:fd:80:ca:f3:4f:fb:
         a6:61:60:1c:8b:4e:08:f0:40:f3:ed:ee:83:eb:f4:49:cf:f4:
         c7:15:42:92:02:69:04:4d:eb:c9:d0:a9:e7:1a:bb:12:fd:09:
         1b:1e:fa:08:05:89:22:c1:7f:b2:62:4d:d2:21:9d:fc:2b:5e:
         cb:25:af:40:eb:52:49:ea:d7:b4:ba:8a:67:b5:3d:48:70:a5:
         f3:1c:dc:e1:ed:91:cb:fb:03:98:db:57:38:d5:a5:a4:21:22:
         c7:9a:ed:3f:de:d3:5d:98:71:ed:40:be:29:f9:79:3e:1d:7d:
         27:8c:5a:46:45:06:76:27:28:b2:7c:ee:c7:74:0e:a1:63:d9:
         f2:64:80:0b:46:d5:29:9c:43:82:9d:5b:1a:9a:bb:d3:36:72:
         29:6c:53:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATAcYIuy8Z23UyYxG5GrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTI4OWQ4ODI1OWMzM2NjN2FkODE0ODJiNzc5NDUwYWU0
ZWFjMDMwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDEyNWFlZDVkYTRmODIyZjAwMDVlNTQ5MGI2ODg3NWM5NWRhYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF/OqxTbVD6LnjhReIQQmDpTWIo5
3CzjtI5tCc2c+ZE1QApB8tl65Dkqx8OD7gzueFow2LUH0GTLsukXHhNoAowo53nZ
Xt049JjeN92qeBEsD2KtEDi47zLQZqp741+FLuQxb62hYhQFgPyGsuUiR2E0G4MM
qx400bwEnsgJRA6zduDydGwq5Lm4UdgcQAapJbFK/bdRWxDedGmtXrG33B53lZBx
aEELcm9kmcvyG7UDqbnrB4C2+L4ep3lq1up7R3vPZyFQA3pFhG7Yc7GezPXAbMQ0
DBzr2dfNYfbKXpOGzz/vBPF0InSQNlIE1PZbw7RZnA4G+KgMaV8E1P+uUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0SWu1dpPgi8ABeVJC2iHXJXapSMB8GA1UdIwQY
MBaAFIuSidiCWcM8x62BSCt3lFCuTqwDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVLSjJJSlp3enpIcllGSUszZVVVSzVPckFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy85ZTlkOWQtOTA5MS00MzVhLTk5Njct
ZDg0NjhiNzJmMWEwLzEvUFJKYTdWMmstQ0x3QUY1VWtMYUlkY2xkcWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy85ZTlkOWQtOTA5MS00MzVhLTk5NjctZDg0NjhiNzJmMWEw
LzEvaTVLSjJJSlp3enpIcllGSUszZVVVSzVPckFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDH4LYMA0G
CSqGSIb3DQEBCwUAA4IBAQAfCeMzLBlAYMXy972vKNh1Rl3HsL3luhb3U+lzjBnv
913J0CFS0c8cQOiosiSnFws+Wi7dF0gNHDB2wDbotMne+UYD52tONcktWNayjkiz
9csRUmgx8gnhB7UOdnRNWAG/Y6cpyFz9gMrzT/umYWAci04I8EDz7e6D6/RJz/TH
FUKSAmkETevJ0KnnGrsS/QkbHvoIBYkiwX+yYk3SIZ38K17LJa9A61JJ6te0uopn
tT1IcKXzHNzh7ZHL+wOY21c41aWkISLHmu0/3tNdmHHtQL4p+Xk+HX0njFpGRQZ2
JyiyfO7HdA6hY9nyZIALRtUpnEOCnVsamrvTNnIpbFPn
-----END CERTIFICATE-----