Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/pig7A4L15KDw1Y5Flwx0wJ2lMg8.roa
File:                     pig7A4L15KDw1Y5Flwx0wJ2lMg8.roa (raw, json)
Hash identifier:          kyf8gurBWzgdLmOikR7OkMbymiRf2p/NhMo7aav6+nc=
Subject key identifier:   A6:28:3B:03:82:F5:E4:A0:F0:D5:8E:45:97:0C:74:C0:9D:A5:32:0F
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       018CC4254A84BF1238511271F23C4180D956
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/pig7A4L15KDw1Y5Flwx0wJ2lMg8.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204385
IP address blocks:        31.202.15.0/24 maxlen: 24
                          2a00:1210:fffe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4a:84:bf:12:38:51:12:71:f2:3c:41:80:d9:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6283b0382f5e4a0f0d58e45970c74c09da5320f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fd:54:c0:eb:0e:48:b8:7f:8f:51:4f:48:28:
                    cd:cb:c1:18:16:6b:2b:18:51:c9:ec:2e:64:6a:7b:
                    d4:e8:1f:31:70:0a:b0:26:97:4e:05:6e:08:29:50:
                    1d:b6:af:97:b1:51:4f:47:53:86:6c:9d:06:0f:ec:
                    b0:ac:b4:ee:bd:5c:2f:43:dc:61:bd:cc:56:76:79:
                    41:59:d9:97:16:b4:15:f4:ca:13:00:6f:9d:24:71:
                    ec:04:e2:85:19:f3:b9:82:85:a6:dd:10:63:e2:83:
                    1b:c6:d5:bd:96:66:80:e8:2c:60:46:47:2c:c0:f5:
                    cc:28:02:63:ed:5e:04:49:b4:d4:db:1a:52:57:5f:
                    78:ca:29:dc:c9:28:8a:1d:57:06:c9:05:b9:33:6f:
                    8e:c9:67:26:54:ec:7d:38:da:fe:7e:71:c8:62:d7:
                    0e:3b:57:b6:2a:98:68:29:f2:32:f2:22:fb:08:90:
                    d7:5c:00:6f:67:de:f4:a7:43:3a:2d:53:ee:a7:d8:
                    d1:2e:07:b3:51:38:df:63:ed:13:32:81:e1:5d:89:
                    f1:b4:d8:63:5f:ff:99:77:17:75:e1:82:e2:7d:0d:
                    50:80:9a:fc:4e:29:27:3e:0b:b0:5e:5f:f1:c3:54:
                    14:9f:21:98:33:79:2f:ca:6f:47:48:05:66:29:92:
                    91:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:28:3B:03:82:F5:E4:A0:F0:D5:8E:45:97:0C:74:C0:9D:A5:32:0F
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/pig7A4L15KDw1Y5Flwx0wJ2lMg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.202.15.0/24
                IPv6:
                  2a00:1210:fffe::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:26:db:cd:76:8e:b9:39:df:61:3b:13:e5:70:a2:93:37:3d:
         dc:9f:ad:2b:87:3f:cc:2e:c5:53:7c:e4:b9:6d:a5:a8:e2:96:
         11:7a:2c:99:1c:5f:25:64:33:25:ba:a8:3f:28:c9:db:33:9a:
         9a:b9:56:3f:b1:9e:83:d4:ee:a8:b9:78:ed:b1:e3:83:ef:d9:
         bb:f9:e1:32:5f:45:71:14:19:e2:55:e4:48:2e:d3:46:60:17:
         a4:39:b8:8b:41:15:0c:33:ab:af:fa:a9:c8:5b:e9:cc:f1:18:
         65:3d:01:ce:c8:9a:b4:b1:d1:08:63:97:35:c8:a6:a6:55:69:
         ac:ab:07:a1:09:fe:f5:1f:06:c3:3c:c9:e0:9b:c1:89:13:fb:
         b7:2a:5f:30:12:ee:93:22:fb:c8:58:54:1d:b4:8a:b8:b6:66:
         81:c0:06:97:ca:13:7e:e7:3f:7f:c1:d2:87:f4:b8:6b:66:58:
         c3:0a:27:3b:8b:99:e3:81:ce:32:9d:e1:c1:a0:e1:87:b3:3c:
         fc:79:c6:26:77:d8:92:3d:15:24:6a:03:e7:1d:fd:8f:61:fa:
         b8:4d:9c:9c:9c:a8:a8:58:b7:64:4a:36:d8:b4:80:69:eb:3b:
         e1:02:11:02:67:21:09:87:ba:25:b4:45:a2:6b:23:64:0f:e3:
         ea:0b:77:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJUqEvxI4URJx8jxBgNlWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjI4M2IwMzgyZjVlNGEwZjBkNThlNDU5NzBjNzRjMDlkYTUzMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjP1UwOsOSLh/j1FPSCjNy8EYFmsr
GFHJ7C5kanvU6B8xcAqwJpdOBW4IKVAdtq+XsVFPR1OGbJ0GD+ywrLTuvVwvQ9xh
vcxWdnlBWdmXFrQV9MoTAG+dJHHsBOKFGfO5goWm3RBj4oMbxtW9lmaA6CxgRkcs
wPXMKAJj7V4ESbTU2xpSV194yincySiKHVcGyQW5M2+OyWcmVOx9ONr+fnHIYtcO
O1e2KphoKfIy8iL7CJDXXABvZ970p0M6LVPup9jRLgezUTjfY+0TMoHhXYnxtNhj
X/+Zdxd14YLifQ1QgJr8TiknPguwXl/xw1QUnyGYM3kvym9HSAVmKZKR3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKYoOwOC9eSg8NWORZcMdMCdpTIPMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvcGlnN0E0TDE1S0R3MVk1Rmx3eDB3SjJsTWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH8oPMA8E
AgACMAkDBwAqABIQ//4wDQYJKoZIhvcNAQELBQADggEBABcm2812jrk532E7E+Vw
opM3PdyfrSuHP8wuxVN85LltpajilhF6LJkcXyVkMyW6qD8oydszmpq5Vj+xnoPU
7qi5eO2x44Pv2bv54TJfRXEUGeJV5Egu00ZgF6Q5uItBFQwzq6/6qchb6czxGGU9
Ac7ImrSx0QhjlzXIpqZVaayrB6EJ/vUfBsM8yeCbwYkT+7cqXzAS7pMi+8hYVB20
iri2ZoHABpfKE37nP3/B0of0uGtmWMMKJzuLmeOBzjKd4cGg4YezPPx5xiZ32JI9
FSRqA+cd/Y9h+rhNnJycqKhYt2RKNti0gGnrO+ECEQJnIQmHuiW0RaJrI2QP4+oL
dzk=
-----END CERTIFICATE-----