Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/ahJNP8kQoasOGfOn59FuyopzzTg.roa
File:                     ahJNP8kQoasOGfOn59FuyopzzTg.roa (raw, json)
Hash identifier:          6vRaJqB5sPcJZ3/fvcKuSD1RiGeRJgHPqC0FIBy6qGg=
Subject key identifier:   6A:12:4D:3F:C9:10:A1:AB:0E:19:F3:A7:E7:D1:6E:CA:8A:73:CD:38
Certificate issuer:       /CN=31db847d1db1e0b2c2c25502210ff5a719967a19
Certificate serial:       019424B3EFCBCA7C0238A1FB463B62FDC27F
Authority key identifier: 31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/ahJNP8kQoasOGfOn59FuyopzzTg.roa
Signing time:             Thu 02 Jan 2025 01:49:19 +0000
ROA not before:           Thu 02 Jan 2025 01:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        185.238.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ef:cb:ca:7c:02:38:a1:fb:46:3b:62:fd:c2:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31db847d1db1e0b2c2c25502210ff5a719967a19
        Validity
            Not Before: Jan  2 01:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a124d3fc910a1ab0e19f3a7e7d16eca8a73cd38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6d:e8:b6:0f:9c:73:40:e0:bb:08:94:59:8c:
                    18:e7:6f:05:22:64:75:e7:21:a9:55:7b:4f:0f:c4:
                    d0:32:8c:12:fd:34:7d:42:1c:49:d2:aa:4d:e8:15:
                    fb:ef:28:92:ac:85:a2:aa:e2:08:c5:ec:14:10:39:
                    b1:b5:e2:e1:3d:b9:7b:38:f6:cf:39:54:12:3e:24:
                    0d:05:3b:8b:1f:8d:28:44:eb:45:74:52:8d:25:4c:
                    f6:d5:47:74:37:fc:fe:79:6e:70:aa:6c:a3:11:8a:
                    fe:d8:c6:79:8b:6a:be:8b:07:6f:04:30:7c:e6:79:
                    b8:b9:19:6e:bf:b4:fb:f9:0c:5b:da:81:76:fd:ee:
                    79:c0:b2:2b:5c:8f:74:cc:4d:79:dc:33:b7:db:a8:
                    ee:ce:ce:f1:1c:6a:99:86:d1:d8:2b:9b:10:c3:0a:
                    04:7f:f2:3f:b8:02:9a:96:f1:55:36:40:97:e7:fb:
                    e9:58:54:32:cb:05:cb:3e:75:02:52:ca:fc:55:2e:
                    af:46:fb:cd:c7:11:88:96:01:57:87:ea:c3:9b:f0:
                    ec:89:5b:5a:4b:69:c2:f2:56:63:1f:cd:3c:77:f4:
                    b5:65:66:4b:21:99:ac:e7:33:a6:9d:4d:bc:e6:5d:
                    b7:8d:3e:07:03:4b:93:76:c7:3e:e1:b9:1b:9c:fe:
                    20:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:12:4D:3F:C9:10:A1:AB:0E:19:F3:A7:E7:D1:6E:CA:8A:73:CD:38
            X509v3 Authority Key Identifier:
                keyid:31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/ahJNP8kQoasOGfOn59FuyopzzTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:f8:0c:a0:6f:4e:86:5f:79:a1:1e:26:80:eb:b0:72:aa:ff:
         e3:58:f6:81:ad:9f:a8:a5:67:e1:18:0c:2a:bc:ca:f9:f7:25:
         09:d0:bb:60:ab:69:5b:c4:a7:5c:e4:4c:df:57:f8:e6:10:8d:
         ea:95:84:0b:0f:57:af:b3:fd:e0:3a:ba:f6:07:ba:61:6d:28:
         e1:f1:b7:4a:02:c5:00:7e:21:1d:a9:81:64:27:75:37:e5:4e:
         4c:ea:d3:4c:95:16:57:03:4a:c2:75:5c:35:7a:26:0e:3f:25:
         72:bd:3c:8b:ce:64:61:5d:80:47:95:c2:3a:bc:8a:7f:f4:e4:
         5d:fa:55:e0:ff:53:54:05:cf:37:be:f9:a9:f1:a1:cc:39:11:
         48:84:ff:8d:14:30:01:37:c5:c8:5d:75:86:d5:b9:a2:f9:4e:
         9e:96:c9:63:7d:29:e7:f7:7d:c3:aa:10:4d:e3:9e:34:7d:45:
         1e:f5:92:d6:78:a0:c9:b4:08:a7:36:1c:ba:79:ec:f1:b2:e0:
         61:4e:5b:51:30:d8:c2:f8:ad:37:f2:82:bb:86:3b:a4:e4:93:
         44:f0:d3:4b:67:b3:3c:f3:d4:32:b6:d7:ef:5b:2a:91:c3:30:
         8d:85:30:a7:97:47:c9:62:d2:b3:70:30:72:74:cc:85:68:93:
         79:6f:4b:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+/LynwCOKH7Rjti/cJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZGI4NDdkMWRiMWUwYjJjMmMyNTUwMjIxMGZmNWE3MTk5
NjdhMTkwHhcNMjUwMTAyMDE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTEyNGQzZmM5MTBhMWFiMGUxOWYzYTdlN2QxNmVjYThhNzNjZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuW3otg+cc0DguwiUWYwY528FImR1
5yGpVXtPD8TQMowS/TR9QhxJ0qpN6BX77yiSrIWiquIIxewUEDmxteLhPbl7OPbP
OVQSPiQNBTuLH40oROtFdFKNJUz21Ud0N/z+eW5wqmyjEYr+2MZ5i2q+iwdvBDB8
5nm4uRluv7T7+Qxb2oF2/e55wLIrXI90zE153DO326juzs7xHGqZhtHYK5sQwwoE
f/I/uAKalvFVNkCX5/vpWFQyywXLPnUCUsr8VS6vRvvNxxGIlgFXh+rDm/DsiVta
S2nC8lZjH808d/S1ZWZLIZms5zOmnU285l23jT4HA0uTdsc+4bkbnP4gNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoSTT/JEKGrDhnzp+fRbsqKc804MB8GA1UdIwQY
MBaAFDHbhH0dseCywsJVAiEP9acZlnoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEt
YmQ2ZTNiMDI2YzM3LzEvYWhKTlA4a1FvYXNPR2ZPbjU5RnV5b3B6elRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEtYmQ2ZTNiMDI2YzM3
LzEvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue7WMA0G
CSqGSIb3DQEBCwUAA4IBAQAo+Aygb06GX3mhHiaA67Byqv/jWPaBrZ+opWfhGAwq
vMr59yUJ0Ltgq2lbxKdc5EzfV/jmEI3qlYQLD1evs/3gOrr2B7phbSjh8bdKAsUA
fiEdqYFkJ3U35U5M6tNMlRZXA0rCdVw1eiYOPyVyvTyLzmRhXYBHlcI6vIp/9ORd
+lXg/1NUBc83vvmp8aHMORFIhP+NFDABN8XIXXWG1bmi+U6elsljfSnn933DqhBN
4540fUUe9ZLWeKDJtAinNhy6eezxsuBhTltRMNjC+K038oK7hjuk5JNE8NNLZ7M8
89QyttfvWyqRwzCNhTCnl0fJYtKzcDBydMyFaJN5b0sd
-----END CERTIFICATE-----