Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/x4PnlupFTtlXun3V7bBaO7KWIGM.roa
File:                     x4PnlupFTtlXun3V7bBaO7KWIGM.roa (raw, json)
Hash identifier:          pm0pdKJVpq+6BkbabE1HetYHidWqEqctUcgBNhXrjKE=
Subject key identifier:   C7:83:E7:96:EA:45:4E:D9:57:BA:7D:D5:ED:B0:5A:3B:B2:96:20:63
Certificate issuer:       /CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
Certificate serial:       018CC94C96A800E167AD449AB349885325C1
Authority key identifier: 6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/x4PnlupFTtlXun3V7bBaO7KWIGM.roa
Signing time:             Tue 02 Jan 2024 08:31:28 +0000
ROA not before:           Tue 02 Jan 2024 08:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        185.39.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:96:a8:00:e1:67:ad:44:9a:b3:49:88:53:25:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fccdffda6a4c48914b5e8cde7da5d820b9c9718
        Validity
            Not Before: Jan  2 08:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c783e796ea454ed957ba7dd5edb05a3bb2962063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:35:22:9a:4a:be:d9:c1:4e:53:f9:cf:89:3a:
                    af:5a:1a:a0:46:63:da:f4:28:45:28:95:25:36:1a:
                    99:38:0c:20:ba:7e:5b:27:b2:f0:56:dc:93:69:27:
                    da:96:dc:e5:a2:29:b7:f6:d5:4a:fb:f4:d1:1c:25:
                    3b:73:e6:29:4d:fc:89:55:ef:72:ad:94:47:44:f0:
                    e3:92:ab:07:30:7b:47:f0:0a:2d:a5:90:b8:65:8d:
                    26:dd:76:a4:4a:c0:ad:fa:61:92:95:b4:0c:e5:08:
                    9d:8a:2c:b1:41:77:74:f8:8f:e0:7b:23:b2:a3:1c:
                    86:54:ff:c5:21:f2:78:3f:e5:65:3c:1c:aa:68:9d:
                    ae:05:b3:f5:2f:25:cd:72:46:92:9c:10:77:53:d3:
                    c7:44:29:40:ff:25:de:44:de:01:7f:7e:0d:43:bf:
                    52:58:e7:76:fa:bd:26:94:ab:dc:21:f4:78:8d:9d:
                    61:6b:9f:32:cf:da:4f:19:21:bb:0c:0d:63:e2:11:
                    5f:c8:17:36:aa:42:3b:25:ce:98:36:46:d6:b5:00:
                    4b:6e:61:78:75:93:69:7a:eb:a2:01:5e:0d:72:46:
                    cb:c5:7a:2c:69:67:7f:1d:0e:6a:ad:15:d4:5f:bc:
                    a2:bc:94:7d:b2:16:f6:6a:94:ff:58:4c:ba:cc:6e:
                    58:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:83:E7:96:EA:45:4E:D9:57:BA:7D:D5:ED:B0:5A:3B:B2:96:20:63
            X509v3 Authority Key Identifier:
                keyid:6F:CC:DF:FD:A6:A4:C4:89:14:B5:E8:CD:E7:DA:5D:82:0B:9C:97:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8zf_aakxIkUtejN59pdgguclxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/x4PnlupFTtlXun3V7bBaO7KWIGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/cb0153-803a-4bb6-b19d-a774e41d264c/1/b8zf_aakxIkUtejN59pdgguclxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:be:62:3b:fe:60:a3:0f:a7:37:97:9b:6d:d3:11:95:9b:fb:
         07:84:18:67:d3:7f:43:64:47:40:54:21:b0:7c:22:4b:d4:3c:
         ad:eb:10:f3:04:d2:1f:e6:b8:81:66:2a:24:ff:19:49:ab:c0:
         2a:3f:4a:08:d3:50:ec:c7:a6:48:f3:ba:3f:12:c2:e5:79:7e:
         59:11:dc:be:a5:b9:91:bb:f4:a7:19:ff:60:3f:da:b2:1d:c3:
         1d:cb:27:d5:da:48:8c:86:ae:da:d5:08:8b:d4:c2:05:d0:b8:
         0c:25:b6:49:3d:c2:8e:60:c3:dc:38:4d:56:77:ee:26:9a:c3:
         5d:38:16:05:c6:c1:fa:eb:1a:4a:66:9f:6d:e8:8c:7a:b1:ac:
         48:e7:0f:35:d4:3f:a1:26:1d:54:cb:f2:10:d1:b8:29:70:4a:
         ae:d1:29:de:69:fe:79:74:36:a2:a8:77:67:aa:82:b8:c2:6f:
         e3:0a:55:69:9c:bb:d3:c7:42:64:29:de:0a:1f:46:03:93:d0:
         c5:7c:00:55:68:48:fe:9f:9e:41:e7:ea:0a:bf:3c:b5:42:8e:
         c0:8c:7c:91:96:8c:21:07:8d:c5:4a:cc:15:10:56:2e:f5:e0:
         47:7c:06:7e:9b:e3:cd:a0:ad:e6:31:bd:0f:e5:23:37:18:11:
         af:06:30:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTJaoAOFnrUSas0mIUyXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmY2NkZmZkYTZhNGM0ODkxNGI1ZThjZGU3ZGE1ZDgyMGI5
Yzk3MTgwHhcNMjQwMTAyMDgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzgzZTc5NmVhNDU0ZWQ5NTdiYTdkZDVlZGIwNWEzYmIyOTYyMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTUimkq+2cFOU/nPiTqvWhqgRmPa
9ChFKJUlNhqZOAwgun5bJ7LwVtyTaSfaltzloim39tVK+/TRHCU7c+YpTfyJVe9y
rZRHRPDjkqsHMHtH8AotpZC4ZY0m3XakSsCt+mGSlbQM5QidiiyxQXd0+I/geyOy
oxyGVP/FIfJ4P+VlPByqaJ2uBbP1LyXNckaSnBB3U9PHRClA/yXeRN4Bf34NQ79S
WOd2+r0mlKvcIfR4jZ1ha58yz9pPGSG7DA1j4hFfyBc2qkI7Jc6YNkbWtQBLbmF4
dZNpeuuiAV4NckbLxXosaWd/HQ5qrRXUX7yivJR9shb2apT/WEy6zG5YXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeD55bqRU7ZV7p91e2wWjuyliBjMB8GA1UdIwQY
MBaAFG/M3/2mpMSJFLXozefaXYILnJcYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQt
YTc3NGU0MWQyNjRjLzEveDRQbmx1cEZUdGxYdW4zVjdiQmFPN0tXSUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jYjAxNTMtODAzYS00YmI2LWIxOWQtYTc3NGU0MWQyNjRj
LzEvYjh6Zl9hYWt4SWtVdGVqTjU5cGRnZ3VjbHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuScfMA0G
CSqGSIb3DQEBCwUAA4IBAQC4vmI7/mCjD6c3l5tt0xGVm/sHhBhn039DZEdAVCGw
fCJL1Dyt6xDzBNIf5riBZiok/xlJq8AqP0oI01Dsx6ZI87o/EsLleX5ZEdy+pbmR
u/SnGf9gP9qyHcMdyyfV2kiMhq7a1QiL1MIF0LgMJbZJPcKOYMPcOE1Wd+4mmsNd
OBYFxsH66xpKZp9t6Ix6saxI5w811D+hJh1Uy/IQ0bgpcEqu0Sneaf55dDaiqHdn
qoK4wm/jClVpnLvTx0JkKd4KH0YDk9DFfABVaEj+n55B5+oKvzy1Qo7AjHyRlowh
B43FSswVEFYu9eBHfAZ+m+PNoK3mMb0P5SM3GBGvBjAh
-----END CERTIFICATE-----