Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/54MGqaLEOr0-26tdmD26oya61fs.roa
File:                     54MGqaLEOr0-26tdmD26oya61fs.roa (raw, json)
Hash identifier:          ou6qbWtKYJwE+0rTEOz0+xpKaKFZQBSD7JuS89gmKM8=
Subject key identifier:   E7:83:06:A9:A2:C4:3A:BD:3E:DB:AB:5D:98:3D:BA:A3:26:BA:D5:FB
Certificate issuer:       /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial:       018CC64B34B81BCA42F1DCA4E630FA15E6A1
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/54MGqaLEOr0-26tdmD26oya61fs.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35384
IP address blocks:        31.41.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:34:b8:1b:ca:42:f1:dc:a4:e6:30:fa:15:e6:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e78306a9a2c43abd3edbab5d983dbaa326bad5fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:34:54:09:4c:1c:27:64:c8:f9:57:0d:68:9f:
                    87:cc:3f:d0:5d:98:bc:e2:4a:74:1d:ec:55:3e:87:
                    2b:9e:b9:b7:4e:19:1d:bd:70:69:ef:69:16:85:e5:
                    16:86:12:a1:e2:b4:d0:10:34:91:f7:7b:da:0f:b5:
                    d4:92:2d:c9:b5:67:b1:1c:49:e4:23:c6:a0:68:ca:
                    b0:ff:87:af:f7:38:1a:e7:7b:f3:d8:71:bd:bc:6c:
                    a9:74:b1:e9:35:e1:f9:39:d3:3b:3e:c9:58:63:4a:
                    08:f8:0e:dd:ca:35:2b:c5:df:16:bb:d8:10:24:f8:
                    78:70:ba:36:25:b3:27:79:49:57:17:2a:e3:53:ec:
                    e2:7f:8b:12:1d:a6:4f:9e:ac:c0:73:60:39:d8:2a:
                    4b:75:44:3f:7a:f6:3b:28:e2:81:4b:30:d3:8e:ef:
                    68:f2:9f:1e:d5:06:a1:8c:34:33:4f:37:e7:e8:19:
                    6e:24:6f:a3:aa:f5:d1:5d:70:5e:b7:36:21:12:7a:
                    45:33:e2:4c:f4:c3:4f:d8:ed:c1:21:a3:12:ca:4a:
                    ae:6e:c6:78:41:9b:b1:9a:01:ec:9b:49:90:88:bd:
                    df:1f:34:b9:e4:dc:13:19:c5:b9:68:52:34:4d:c5:
                    04:3e:b0:ac:63:40:78:25:5b:ff:37:26:c5:8f:4a:
                    22:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:83:06:A9:A2:C4:3A:BD:3E:DB:AB:5D:98:3D:BA:A3:26:BA:D5:FB
            X509v3 Authority Key Identifier:
                keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/54MGqaLEOr0-26tdmD26oya61fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:1d:6f:60:0f:81:dd:1b:5a:40:a6:2e:32:ee:03:29:fa:e6:
         ff:aa:fb:3d:e4:0d:fe:16:e1:ad:f1:d8:17:92:c4:cd:07:18:
         f9:e2:75:5d:48:db:57:15:7f:92:6b:ab:10:83:16:6d:eb:97:
         ac:7a:3b:98:fa:19:d2:43:b5:31:77:cc:9d:b9:74:1e:31:f1:
         46:5e:a5:d7:c8:7b:a1:78:98:1b:5e:a8:51:d5:3e:80:45:da:
         45:3f:26:c3:5f:05:79:e4:ab:05:5b:ef:53:ad:26:a8:67:67:
         28:6f:63:47:79:c6:d4:5a:d7:3a:eb:ea:43:ed:5a:e8:c3:f4:
         dd:8a:b6:59:30:41:c0:48:1c:bd:46:a4:f8:84:5e:d3:b3:5a:
         e4:26:58:19:2c:b8:08:ba:da:66:7f:85:9d:be:d3:39:39:95:
         e8:f6:75:35:2f:b6:1b:7c:32:f9:0f:0a:cb:b9:05:34:d4:96:
         1c:dd:66:41:db:b8:e2:d1:f4:fe:4e:98:c5:ec:4a:e7:23:91:
         36:fe:5a:dd:8e:9b:94:be:1e:c5:0f:f5:bc:b5:30:6a:eb:98:
         16:70:fa:58:d7:14:47:37:f0:d9:f1:d7:48:d0:b6:4b:ee:76:
         a2:20:f8:7e:33:75:3f:d1:61:4e:db:f1:0e:ed:85:50:5a:7d:
         a9:28:c1:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzS4G8pC8dyk5jD6FeahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzgzMDZhOWEyYzQzYWJkM2VkYmFiNWQ5ODNkYmFhMzI2YmFkNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzRUCUwcJ2TI+VcNaJ+HzD/QXZi8
4kp0HexVPocrnrm3ThkdvXBp72kWheUWhhKh4rTQEDSR93vaD7XUki3JtWexHEnk
I8agaMqw/4ev9zga53vz2HG9vGypdLHpNeH5OdM7PslYY0oI+A7dyjUrxd8Wu9gQ
JPh4cLo2JbMneUlXFyrjU+zif4sSHaZPnqzAc2A52CpLdUQ/evY7KOKBSzDTju9o
8p8e1QahjDQzTzfn6BluJG+jqvXRXXBetzYhEnpFM+JM9MNP2O3BIaMSykqubsZ4
QZuxmgHsm0mQiL3fHzS55NwTGcW5aFI0TcUEPrCsY0B4JVv/NybFj0oi/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeDBqmixDq9PturXZg9uqMmutX7MB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvNTRNR3FhTEVPcjAtMjZ0ZG1EMjZveWE2MWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHykiMA0G
CSqGSIb3DQEBCwUAA4IBAQCYHW9gD4HdG1pApi4y7gMp+ub/qvs95A3+FuGt8dgX
ksTNBxj54nVdSNtXFX+Sa6sQgxZt65esejuY+hnSQ7Uxd8yduXQeMfFGXqXXyHuh
eJgbXqhR1T6ARdpFPybDXwV55KsFW+9TrSaoZ2cob2NHecbUWtc66+pD7Vrow/Td
irZZMEHASBy9RqT4hF7Ts1rkJlgZLLgIutpmf4WdvtM5OZXo9nU1L7YbfDL5DwrL
uQU01JYc3WZB27ji0fT+TpjF7ErnI5E2/lrdjpuUvh7FD/W8tTBq65gWcPpY1xRH
N/DZ8ddI0LZL7naiIPh+M3U/0WFO2/EO7YVQWn2pKMGb
-----END CERTIFICATE-----