Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/prm1qcLxEj8IUMRu09iPaoSnYdU.roa
File:                     prm1qcLxEj8IUMRu09iPaoSnYdU.roa (raw, json)
Hash identifier:          y3vrxJh+4Vinokejxdf+O8lEIMMBO2XUs2Esa2IWQn0=
Subject key identifier:   A6:B9:B5:A9:C2:F1:12:3F:08:50:C4:6E:D3:D8:8F:6A:84:A7:61:D5
Certificate issuer:       /CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
Certificate serial:       01942747942BDC48DD3C508ADCABB178B973
Authority key identifier: B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/prm1qcLxEj8IUMRu09iPaoSnYdU.roa
Signing time:             Thu 02 Jan 2025 13:49:49 +0000
ROA not before:           Thu 02 Jan 2025 13:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203016
IP address blocks:        31.128.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:94:2b:dc:48:dd:3c:50:8a:dc:ab:b1:78:b9:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
        Validity
            Not Before: Jan  2 13:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6b9b5a9c2f1123f0850c46ed3d88f6a84a761d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7e:e7:e7:75:b4:73:19:0e:0d:ac:c9:39:3a:
                    12:38:79:91:98:6d:93:d4:b3:90:3a:67:03:a3:cf:
                    47:57:2e:49:71:d8:73:29:11:ba:f1:19:29:63:06:
                    4d:48:98:ee:9e:6c:b4:5a:c2:84:32:8f:8c:cc:ff:
                    64:0b:96:cc:01:1f:03:c1:68:47:fe:20:b1:0f:e4:
                    4f:1a:16:ea:b1:4f:c1:81:4e:6f:f5:36:1a:e0:4f:
                    f8:19:5d:19:16:9a:e0:76:20:45:c7:51:68:e7:97:
                    90:93:22:c7:f5:f9:0f:31:61:2f:2f:66:c4:ac:b9:
                    55:78:29:45:34:57:cc:72:24:f4:a8:5d:9f:29:5d:
                    06:a2:7b:c4:82:80:3e:da:ac:31:12:1b:d4:e7:ca:
                    f5:6b:31:4d:09:fa:de:2c:d7:95:fe:f1:87:c7:e4:
                    5b:c2:fc:77:06:d1:81:82:6b:51:1b:7b:28:29:95:
                    ff:a7:1d:38:23:60:49:b2:fb:5e:a7:44:09:71:31:
                    fc:ca:60:ff:f1:4c:f4:45:e8:25:de:1b:75:73:7e:
                    5a:a2:ad:fd:25:b8:59:44:6e:00:fa:89:aa:7b:3d:
                    6c:8c:88:39:a6:09:48:2a:88:cf:83:b3:26:0a:89:
                    0c:54:45:49:14:38:b0:f0:0b:77:86:78:1c:ff:cb:
                    29:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B9:B5:A9:C2:F1:12:3F:08:50:C4:6E:D3:D8:8F:6A:84:A7:61:D5
            X509v3 Authority Key Identifier:
                keyid:B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/prm1qcLxEj8IUMRu09iPaoSnYdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:80:9a:a4:26:36:dd:c8:03:f7:6f:70:3b:e9:74:ad:3a:8b:
         b6:ab:6c:f2:8f:7c:7e:31:ea:d6:4d:6f:45:99:34:21:4b:55:
         66:00:fb:3d:24:6d:22:66:7a:e3:d2:f2:e5:d2:a1:85:8c:9d:
         e0:68:2b:b6:3d:e7:8f:65:2a:0b:fb:9f:14:84:14:a2:fa:e4:
         cf:96:d9:3f:09:4d:b3:59:c4:8f:6f:35:d7:f7:2d:6e:3b:7c:
         75:1c:35:06:e1:1c:5e:9a:9a:84:e0:6f:36:9d:cb:93:50:3b:
         ea:b9:1c:97:ab:19:27:2f:d2:a3:21:60:3f:aa:78:5a:2d:4e:
         06:2f:a0:47:08:45:a9:48:5c:e7:02:0c:33:e1:84:1e:ff:73:
         64:3a:f2:b5:ef:96:97:e3:18:ec:07:bb:9f:2b:75:5f:c3:74:
         4a:20:c0:1c:df:68:d5:7e:78:37:73:71:ee:05:c2:db:e8:9f:
         82:e0:26:98:0d:5d:fc:de:55:f4:39:44:28:fe:1c:69:44:14:
         4c:d1:5f:80:b2:3c:d8:f4:2d:db:f8:be:98:7b:33:fd:57:57:
         c0:e7:37:2a:61:10:2b:70:dc:62:28:ac:d9:d4:ca:65:e1:79:
         3d:fe:6b:cf:78:4b:53:6a:31:83:e5:b9:60:ba:b9:81:16:5b:
         36:dc:f1:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5Qr3EjdPFCK3KuxeLlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWVhZGMyZWM3MGIzMGZhNDIyNWVkN2ZjZDU3MzBmMGM3
YmM2MTYwHhcNMjUwMTAyMTM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI5YjVhOWMyZjExMjNmMDg1MGM0NmVkM2Q4OGY2YTg0YTc2MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz37n53W0cxkODazJOToSOHmRmG2T
1LOQOmcDo89HVy5JcdhzKRG68RkpYwZNSJjunmy0WsKEMo+MzP9kC5bMAR8DwWhH
/iCxD+RPGhbqsU/BgU5v9TYa4E/4GV0ZFprgdiBFx1Fo55eQkyLH9fkPMWEvL2bE
rLlVeClFNFfMciT0qF2fKV0GonvEgoA+2qwxEhvU58r1azFNCfreLNeV/vGHx+Rb
wvx3BtGBgmtRG3soKZX/px04I2BJsvtep0QJcTH8ymD/8Uz0Regl3ht1c35aoq39
JbhZRG4A+omqez1sjIg5pglIKojPg7MmCokMVEVJFDiw8At3hngc/8spOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKa5tanC8RI/CFDEbtPYj2qEp2HVMB8GA1UdIwQY
MBaAFLhercLscLMPpCJe1/zVcw8Me8YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmIt
YmM3YTIwOGE1ZTJlLzEvcHJtMXFjTHhFajhJVU1SdTA5aVBhb1NuWWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmItYmM3YTIwOGE1ZTJl
LzEvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4D8MA0G
CSqGSIb3DQEBCwUAA4IBAQBYgJqkJjbdyAP3b3A76XStOou2q2zyj3x+MerWTW9F
mTQhS1VmAPs9JG0iZnrj0vLl0qGFjJ3gaCu2PeePZSoL+58UhBSi+uTPltk/CU2z
WcSPbzXX9y1uO3x1HDUG4RxempqE4G82ncuTUDvquRyXqxknL9KjIWA/qnhaLU4G
L6BHCEWpSFznAgwz4YQe/3NkOvK175aX4xjsB7ufK3Vfw3RKIMAc32jVfng3c3Hu
BcLb6J+C4CaYDV383lX0OUQo/hxpRBRM0V+AsjzY9C3b+L6YezP9V1fA5zcqYRAr
cNxiKKzZ1Mpl4Xk9/mvPeEtTajGD5blgurmBFls23PEB
-----END CERTIFICATE-----