Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/8CAZO9jPCJdSmbTUZKX93zjmJwM.roa
File:                     8CAZO9jPCJdSmbTUZKX93zjmJwM.roa (raw, json)
Hash identifier:          dtIxOmv8W8LPrxg1Sj4dy8flEd0lpEJ2hnidkDp+YHA=
Subject key identifier:   F0:20:19:3B:D8:CF:08:97:52:99:B4:D4:64:A5:FD:DF:38:E6:27:03
Certificate issuer:       /CN=659375cfe748a9e413894f2e4f85fbd64fd1c776
Certificate serial:       019348DB93A95F641AD0CB9624C7CE1C6166
Authority key identifier: 65:93:75:CF:E7:48:A9:E4:13:89:4F:2E:4F:85:FB:D6:4F:D1:C7:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/8CAZO9jPCJdSmbTUZKX93zjmJwM.roa
Signing time:             Wed 20 Nov 2024 09:16:09 +0000
ROA not before:           Wed 20 Nov 2024 09:16:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        31.22.108.0/24 maxlen: 24
                          31.22.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:48:db:93:a9:5f:64:1a:d0:cb:96:24:c7:ce:1c:61:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=659375cfe748a9e413894f2e4f85fbd64fd1c776
        Validity
            Not Before: Nov 20 09:16:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f020193bd8cf08975299b4d464a5fddf38e62703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:79:fc:c0:cb:89:a1:0b:8f:8f:9c:8b:18:2b:
                    37:4b:f6:88:83:b6:76:27:a5:c2:7b:52:35:e9:47:
                    e5:cb:48:10:ec:a4:3c:6a:b0:c8:1a:d7:68:e1:ae:
                    49:31:92:10:5a:24:77:63:1f:10:03:ca:59:e0:9d:
                    39:d5:39:a5:77:b1:fd:fd:17:d6:ca:02:38:26:5e:
                    21:6a:c6:0a:a4:59:80:91:37:65:f6:b6:e1:83:57:
                    c9:f5:3b:e3:4c:32:55:0c:93:b8:15:8b:3c:00:95:
                    54:49:e2:b1:04:9b:74:c7:46:35:59:f8:26:43:b9:
                    0f:33:65:bd:2b:18:1e:d9:d2:59:bf:9a:5f:ac:fd:
                    48:e1:6c:a3:f7:cf:f2:a7:57:4c:fc:a4:d3:6f:55:
                    fd:cb:c0:07:1d:69:2a:df:d0:3f:f6:a7:58:d6:b5:
                    41:05:f8:32:83:22:3e:ab:88:d5:86:cd:c5:b7:fe:
                    8e:a0:eb:57:32:94:48:6a:a1:48:96:62:95:41:e1:
                    5a:b4:c8:0e:e6:b9:c7:5f:d5:37:c8:b6:6f:fe:37:
                    f1:8f:f3:13:8d:a4:27:ef:cc:6a:da:f5:be:15:b8:
                    fc:fe:0e:35:20:67:ce:d7:53:fc:4b:1d:ea:47:b3:
                    ee:d7:e6:df:69:18:3d:9a:8c:4e:cb:73:1a:30:73:
                    86:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:20:19:3B:D8:CF:08:97:52:99:B4:D4:64:A5:FD:DF:38:E6:27:03
            X509v3 Authority Key Identifier:
                keyid:65:93:75:CF:E7:48:A9:E4:13:89:4F:2E:4F:85:FB:D6:4F:D1:C7:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/8CAZO9jPCJdSmbTUZKX93zjmJwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b57800-39e1-41d0-bd41-fe9ef8ff0cc1/1/ZZN1z-dIqeQTiU8uT4X71k_Rx3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:84:b0:44:ac:cc:d8:d1:e4:5e:23:29:4e:43:fc:2a:04:76:
         08:1c:e4:a8:9b:e3:90:87:0d:7f:26:73:76:6a:6c:6d:31:e0:
         58:c2:81:71:34:ed:0e:49:65:c2:d5:eb:1f:f8:22:91:47:72:
         97:d4:80:98:bd:6c:6b:93:7c:a9:c7:1e:95:f7:74:fc:96:15:
         bd:c3:51:4a:d4:3e:b3:5f:6d:4e:0f:6b:7c:e8:dc:1c:e0:a4:
         a1:0a:f2:0d:8b:ac:8e:5a:b7:e2:bd:28:6f:be:e0:2e:d2:87:
         aa:bb:c4:26:30:3f:a6:28:78:3d:85:8b:32:80:58:fe:af:46:
         fa:9f:38:79:9a:1e:37:15:4c:27:ba:18:76:d2:6a:fc:31:83:
         6c:fd:e5:1e:29:3d:b2:42:76:93:b3:91:06:cd:94:a2:5f:f6:
         f2:34:0c:7a:91:7b:e3:f2:cf:6a:41:62:2f:70:37:4e:a8:94:
         a5:69:03:12:23:fa:57:05:6b:62:a4:68:ab:e4:28:06:78:2d:
         0f:b7:ae:7f:19:a1:3b:38:06:66:a2:aa:ff:c4:e0:58:cf:df:
         99:e0:24:91:10:a2:09:09:25:83:99:18:01:fa:b0:87:f5:f6:
         76:81:f7:dc:83:32:33:49:9e:6e:46:52:60:a6:95:db:f0:d4:
         7e:43:9a:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNI25OpX2Qa0MuWJMfOHGFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OTM3NWNmZTc0OGE5ZTQxMzg5NGYyZTRmODVmYmQ2NGZk
MWM3NzYwHhcNMjQxMTIwMDkxNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDIwMTkzYmQ4Y2YwODk3NTI5OWI0ZDQ2NGE1ZmRkZjM4ZTYyNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXn8wMuJoQuPj5yLGCs3S/aIg7Z2
J6XCe1I16Ufly0gQ7KQ8arDIGtdo4a5JMZIQWiR3Yx8QA8pZ4J051Tmld7H9/RfW
ygI4Jl4hasYKpFmAkTdl9rbhg1fJ9TvjTDJVDJO4FYs8AJVUSeKxBJt0x0Y1Wfgm
Q7kPM2W9Kxge2dJZv5pfrP1I4Wyj98/yp1dM/KTTb1X9y8AHHWkq39A/9qdY1rVB
BfgygyI+q4jVhs3Ft/6OoOtXMpRIaqFIlmKVQeFatMgO5rnHX9U3yLZv/jfxj/MT
jaQn78xq2vW+Fbj8/g41IGfO11P8Sx3qR7Pu1+bfaRg9moxOy3MaMHOGYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAgGTvYzwiXUpm01GSl/d845icDMB8GA1UdIwQY
MBaAFGWTdc/nSKnkE4lPLk+F+9ZP0cd2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlpOMXotZElxZVFUaVU4dVQ0WDcxa19SeDNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iNTc4MDAtMzllMS00MWQwLWJkNDEt
ZmU5ZWY4ZmYwY2MxLzEvOENBWk85alBDSmRTbWJUVVpLWDkzemptSndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iNTc4MDAtMzllMS00MWQwLWJkNDEtZmU5ZWY4ZmYwY2Mx
LzEvWlpOMXotZElxZVFUaVU4dVQ0WDcxa19SeDNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHxZsMA0G
CSqGSIb3DQEBCwUAA4IBAQCZhLBErMzY0eReIylOQ/wqBHYIHOSom+OQhw1/JnN2
amxtMeBYwoFxNO0OSWXC1esf+CKRR3KX1ICYvWxrk3ypxx6V93T8lhW9w1FK1D6z
X21OD2t86Nwc4KShCvINi6yOWrfivShvvuAu0oequ8QmMD+mKHg9hYsygFj+r0b6
nzh5mh43FUwnuhh20mr8MYNs/eUeKT2yQnaTs5EGzZSiX/byNAx6kXvj8s9qQWIv
cDdOqJSlaQMSI/pXBWtipGir5CgGeC0Pt65/GaE7OAZmoqr/xOBYz9+Z4CSREKIJ
CSWDmRgB+rCH9fZ2gffcgzIzSZ5uRlJgppXb8NR+Q5oX
-----END CERTIFICATE-----