Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/JdavXfgS1C88UGPje2KGgh-CbRs.roa
File:                     JdavXfgS1C88UGPje2KGgh-CbRs.roa (raw, json)
Hash identifier:          fsvo1+m2SxrjapW7ugn4l/vkPt8HqDS/T913gxJRh4I=
Subject key identifier:   25:D6:AF:5D:F8:12:D4:2F:3C:50:63:E3:7B:62:86:82:1F:82:6D:1B
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       019424B38F738D1D5C706CCA1B0C9BE75CFB
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/JdavXfgS1C88UGPje2KGgh-CbRs.roa
Signing time:             Thu 02 Jan 2025 01:48:54 +0000
ROA not before:           Thu 02 Jan 2025 01:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201494
IP address blocks:        31.177.60.64/27 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8f:73:8d:1d:5c:70:6c:ca:1b:0c:9b:e7:5c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  2 01:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25d6af5df812d42f3c5063e37b6286821f826d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:49:e3:42:de:92:85:1e:d9:2b:3a:d9:45:5c:
                    0a:ca:aa:a6:d6:f1:99:f0:00:5a:9b:a3:62:a1:d0:
                    4d:8c:eb:30:fe:99:e0:0d:70:63:ab:bf:11:1b:aa:
                    9a:c7:67:29:19:91:8a:bf:95:2e:46:66:9b:cc:7a:
                    90:d0:35:74:b0:f6:00:76:65:8e:0c:a4:ed:97:40:
                    61:31:1f:d7:14:bc:b2:46:75:19:fd:d7:28:3c:e3:
                    a7:8f:81:e0:64:b7:06:4f:cf:36:48:4a:c9:4c:42:
                    46:ec:ac:21:fa:11:01:02:5d:8a:e4:dc:92:d0:0b:
                    15:7c:2a:1f:87:2a:f8:cb:48:5d:f3:04:6c:a3:7d:
                    57:37:8f:a3:5f:98:69:bb:00:54:38:7c:9c:b7:ac:
                    ee:38:e4:76:86:8f:49:0e:fe:be:47:09:82:bb:70:
                    43:ca:ed:67:08:e5:13:df:07:c4:14:fc:b8:51:6f:
                    92:6f:5e:be:10:38:9f:83:88:09:c4:b6:65:4d:e7:
                    d6:7c:66:e7:b2:8f:92:4d:9e:44:11:67:66:38:27:
                    7e:ed:f1:f2:a6:30:bd:88:70:e7:1f:1c:4a:17:8b:
                    14:dd:fb:90:88:96:84:1e:2c:4c:df:f5:23:cd:d3:
                    8d:bf:bf:19:6c:86:b4:e1:3b:ef:44:a2:7f:a4:18:
                    a1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:D6:AF:5D:F8:12:D4:2F:3C:50:63:E3:7B:62:86:82:1F:82:6D:1B
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/JdavXfgS1C88UGPje2KGgh-CbRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.177.60.64/27

    Signature Algorithm: sha256WithRSAEncryption
         3d:78:c6:06:2d:5d:9a:91:61:0b:c0:ca:0d:e1:ee:01:0f:4b:
         5b:7a:08:d1:d9:52:49:17:ac:4f:25:f8:74:fc:13:cc:d7:52:
         0d:e0:80:02:e7:6f:c8:82:c7:db:38:f5:0f:d6:fa:72:7e:4d:
         5d:9b:26:25:6b:51:e5:78:3c:bb:d4:76:95:19:93:88:a0:c7:
         2c:df:4b:ef:7b:17:21:3b:b9:5f:36:fa:34:48:a9:17:a0:ef:
         1b:6d:a8:b1:7d:93:7d:21:a9:3e:f3:7e:8e:56:1d:82:36:05:
         3e:90:3c:e9:6b:ea:e2:f9:7c:43:2c:16:69:58:02:30:27:5e:
         3e:87:c7:9a:fd:e2:d1:70:2b:62:03:5e:13:de:64:3d:18:49:
         b3:58:15:38:dd:77:d6:4d:99:59:97:32:47:f2:3d:91:58:f4:
         1b:19:7b:92:b9:c5:a0:0e:a7:5b:cb:f9:59:c4:49:73:8c:c4:
         cb:7c:60:cd:10:6c:ee:74:8d:28:c2:9f:23:f7:39:c8:dc:e0:
         7c:4a:d1:03:3b:56:84:7d:02:04:54:a6:30:bc:7c:e9:4f:bd:
         02:fd:d2:f1:03:b4:f7:56:2d:a0:7d:90:8f:92:f5:e1:75:07:
         1e:45:d6:e9:2b:68:09:9b:84:00:03:ff:ad:e7:a2:92:81:72:
         7a:d3:0a:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQks49zjR1ccGzKGwyb51z7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjUwMTAyMDE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWQ2YWY1ZGY4MTJkNDJmM2M1MDYzZTM3YjYyODY4MjFmODI2ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUnjQt6ShR7ZKzrZRVwKyqqm1vGZ
8ABam6NiodBNjOsw/pngDXBjq78RG6qax2cpGZGKv5UuRmabzHqQ0DV0sPYAdmWO
DKTtl0BhMR/XFLyyRnUZ/dcoPOOnj4HgZLcGT882SErJTEJG7Kwh+hEBAl2K5NyS
0AsVfCofhyr4y0hd8wRso31XN4+jX5hpuwBUOHyct6zuOOR2ho9JDv6+RwmCu3BD
yu1nCOUT3wfEFPy4UW+Sb16+EDifg4gJxLZlTefWfGbnso+STZ5EEWdmOCd+7fHy
pjC9iHDnHxxKF4sU3fuQiJaEHixM3/UjzdONv78ZbIa04TvvRKJ/pBihswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCXWr134EtQvPFBj43tihoIfgm0bMB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvSmRhdlhmZ1MxQzg4VUdQamUyS0dnaC1DYlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUFH7E8QDAN
BgkqhkiG9w0BAQsFAAOCAQEAPXjGBi1dmpFhC8DKDeHuAQ9LW3oI0dlSSResTyX4
dPwTzNdSDeCAAudvyILH2zj1D9b6cn5NXZsmJWtR5Xg8u9R2lRmTiKDHLN9L73sX
ITu5Xzb6NEipF6DvG22osX2TfSGpPvN+jlYdgjYFPpA86Wvq4vl8QywWaVgCMCde
PofHmv3i0XArYgNeE95kPRhJs1gVON131k2ZWZcyR/I9kVj0Gxl7krnFoA6nW8v5
WcRJc4zEy3xgzRBs7nSNKMKfI/c5yNzgfErRAztWhH0CBFSmMLx86U+9Av3S8QO0
91YtoH2Qj5L14XUHHkXW6StoCZuEAAP/reeikoFyetMKJQ==
-----END CERTIFICATE-----