Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/6dc121-0a6f-45ad-8af9-e1a4293520be/1/onRSN487Z3F6FKkX0v711AYiJMk.roa
File:                     onRSN487Z3F6FKkX0v711AYiJMk.roa (raw, json)
Hash identifier:          RsEWfE6I4p5GpwQB8eX07jCz2vkomr/rb35BWNwr+zQ=
Subject key identifier:   A2:74:52:37:8F:3B:67:71:7A:14:A9:17:D2:FE:F5:D4:06:22:24:C9
Certificate issuer:       /CN=b391ec497b64d611249fde597a5ee87e9337d5ee
Certificate serial:       018D6C4C7D954A9AB163011BF71FC949212B
Authority key identifier: B3:91:EC:49:7B:64:D6:11:24:9F:DE:59:7A:5E:E8:7E:93:37:D5:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5HsSXtk1hEkn95Zel7ofpM31e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/6dc121-0a6f-45ad-8af9-e1a4293520be/1/onRSN487Z3F6FKkX0v711AYiJMk.roa
Signing time:             Sat 03 Feb 2024 00:09:28 +0000
ROA not before:           Sat 03 Feb 2024 00:09:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210893
IP address blocks:        31.41.250.0/24 maxlen: 24
                          2a11:2c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/6dc121-0a6f-45ad-8af9-e1a4293520be/1/s5HsSXtk1hEkn95Zel7ofpM31e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/6dc121-0a6f-45ad-8af9-e1a4293520be/1/s5HsSXtk1hEkn95Zel7ofpM31e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5HsSXtk1hEkn95Zel7ofpM31e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6c:4c:7d:95:4a:9a:b1:63:01:1b:f7:1f:c9:49:21:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b391ec497b64d611249fde597a5ee87e9337d5ee
        Validity
            Not Before: Feb  3 00:09:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a27452378f3b67717a14a917d2fef5d4062224c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d8:2c:24:72:41:ec:95:52:12:2c:f3:06:9d:
                    0e:72:a9:7d:56:c2:1e:e5:31:0f:63:11:cb:c1:58:
                    7b:c6:aa:93:e4:91:6d:43:8a:a5:07:a0:45:91:1f:
                    30:5a:57:10:32:72:9f:7a:21:00:5e:9f:05:71:4e:
                    80:67:4e:85:10:5b:b6:ce:8c:cb:1e:16:b4:57:df:
                    e6:a8:fa:10:79:1f:f1:27:be:5a:dd:13:0d:1a:5c:
                    6b:97:62:03:3b:57:cb:f3:b3:12:30:a7:c2:19:fa:
                    59:57:6c:e0:31:08:bd:03:9a:9a:32:1b:04:76:b4:
                    0b:c9:5c:94:6e:8e:e8:13:c2:b7:43:9a:78:94:a6:
                    06:1c:0c:3e:b0:23:e2:d4:5f:93:28:e2:90:28:e5:
                    54:09:97:78:cb:01:8d:df:bb:35:3a:3c:11:52:31:
                    66:b3:01:40:71:07:ed:76:7f:07:66:0c:0b:9d:0c:
                    29:4d:98:1a:c6:c0:00:59:ff:8d:1f:fc:6a:45:25:
                    ac:f3:9c:c1:e4:f0:11:ee:78:8d:f6:f0:60:87:8a:
                    a1:ee:98:ec:9a:60:b5:36:28:3d:f5:97:39:2e:d2:
                    fd:fb:fe:7c:6f:c5:00:06:64:c7:b8:89:bc:89:0b:
                    72:14:e1:3f:cd:2b:31:fb:88:ac:8e:53:df:5b:67:
                    4f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:74:52:37:8F:3B:67:71:7A:14:A9:17:D2:FE:F5:D4:06:22:24:C9
            X509v3 Authority Key Identifier:
                keyid:B3:91:EC:49:7B:64:D6:11:24:9F:DE:59:7A:5E:E8:7E:93:37:D5:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5HsSXtk1hEkn95Zel7ofpM31e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/6dc121-0a6f-45ad-8af9-e1a4293520be/1/onRSN487Z3F6FKkX0v711AYiJMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/6dc121-0a6f-45ad-8af9-e1a4293520be/1/s5HsSXtk1hEkn95Zel7ofpM31e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.250.0/24
                IPv6:
                  2a11:2c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:3a:5f:3c:58:f4:e9:d2:86:8f:4d:b2:42:81:06:20:be:25:
         2e:ed:07:a5:e6:d4:cf:86:da:95:84:a7:d7:d1:63:6d:92:a3:
         cc:95:70:e1:11:89:9c:29:4e:3d:8f:78:e7:22:72:53:a8:bc:
         ad:2c:7f:a2:a1:ae:d5:05:31:52:eb:c1:ba:0d:19:f6:0f:b1:
         fa:42:c4:dd:1c:fc:ca:d2:b8:19:c8:82:2e:05:8c:4c:ac:38:
         e2:d8:b3:a8:3d:f5:a5:ac:74:0a:43:22:86:f6:00:88:ec:f7:
         3c:86:ba:3e:fc:6d:33:4c:f6:6e:47:9d:d7:82:8e:9f:e1:ea:
         7c:4d:20:aa:38:58:64:81:42:13:bf:e6:cb:e4:32:53:96:61:
         0e:5e:c4:be:30:5e:0e:bd:48:42:89:44:11:84:56:dd:2e:cf:
         ce:8f:0c:fd:6e:94:73:c6:5e:14:d2:1d:9c:8d:cf:e7:27:a7:
         a1:7b:3a:d4:e4:46:55:51:3c:43:12:19:75:ec:66:33:ed:9f:
         9e:f9:5f:a0:fe:f7:38:be:ff:65:76:46:bc:32:86:d2:4d:0a:
         10:ad:ff:15:01:98:ce:65:c7:9f:03:b6:a1:52:36:67:75:2c:
         9d:e8:6c:81:ac:a7:3f:78:fb:9d:b8:97:76:d3:f0:4e:1e:2b:
         e6:dd:3b:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1sTH2VSpqxYwEb9x/JSSErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTFlYzQ5N2I2NGQ2MTEyNDlmZGU1OTdhNWVlODdlOTMz
N2Q1ZWUwHhcNMjQwMjAzMDAwOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjc0NTIzNzhmM2I2NzcxN2ExNGE5MTdkMmZlZjVkNDA2MjIyNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdgsJHJB7JVSEizzBp0Ocql9VsIe
5TEPYxHLwVh7xqqT5JFtQ4qlB6BFkR8wWlcQMnKfeiEAXp8FcU6AZ06FEFu2zozL
Hha0V9/mqPoQeR/xJ75a3RMNGlxrl2IDO1fL87MSMKfCGfpZV2zgMQi9A5qaMhsE
drQLyVyUbo7oE8K3Q5p4lKYGHAw+sCPi1F+TKOKQKOVUCZd4ywGN37s1OjwRUjFm
swFAcQftdn8HZgwLnQwpTZgaxsAAWf+NH/xqRSWs85zB5PAR7niN9vBgh4qh7pjs
mmC1Nig99Zc5LtL9+/58b8UABmTHuIm8iQtyFOE/zSsx+4isjlPfW2dPaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKJ0UjePO2dxehSpF9L+9dQGIiTJMB8GA1UdIwQY
MBaAFLOR7El7ZNYRJJ/eWXpe6H6TN9XuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVIc1NYdGsxaEVrbjk1WmVsN29mcE0zMWU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi82ZGMxMjEtMGE2Zi00NWFkLThhZjkt
ZTFhNDI5MzUyMGJlLzEvb25SU040ODdaM0Y2RktrWDB2NzExQVlpSk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi82ZGMxMjEtMGE2Zi00NWFkLThhZjktZTFhNDI5MzUyMGJl
LzEvczVIc1NYdGsxaEVrbjk1WmVsN29mcE0zMWU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAHyn6MA0E
AgACMAcDBQMqESyAMA0GCSqGSIb3DQEBCwUAA4IBAQCOOl88WPTp0oaPTbJCgQYg
viUu7Qel5tTPhtqVhKfX0WNtkqPMlXDhEYmcKU49j3jnInJTqLytLH+ioa7VBTFS
68G6DRn2D7H6QsTdHPzK0rgZyIIuBYxMrDji2LOoPfWlrHQKQyKG9gCI7Pc8hro+
/G0zTPZuR53Xgo6f4ep8TSCqOFhkgUITv+bL5DJTlmEOXsS+MF4OvUhCiUQRhFbd
Ls/Ojwz9bpRzxl4U0h2cjc/nJ6ehezrU5EZVUTxDEhl17GYz7Z+e+V+g/vc4vv9l
dka8MobSTQoQrf8VAZjOZcefA7ahUjZndSyd6GyBrKc/ePuduJd20/BOHivm3TvV
-----END CERTIFICATE-----