Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f406c3-2789-43a5-b1d6-ddddef241216/1/sQ4vtJK12QYfYaaEN-vkOmgxM68.roa
File:                     sQ4vtJK12QYfYaaEN-vkOmgxM68.roa (raw, json)
Hash identifier:          kciJrLej8bMnkwLdFtFO5KGJC4n7+ku7qjlHeZ8rpns=
Subject key identifier:   B1:0E:2F:B4:92:B5:D9:06:1F:61:A6:84:37:EB:E4:3A:68:31:33:AF
Certificate issuer:       /CN=dfec5c945d03535d9673095110546b1c98e61860
Certificate serial:       018CC3495AAAA5DDD80C13AA8AB1BED86593
Authority key identifier: DF:EC:5C:94:5D:03:53:5D:96:73:09:51:10:54:6B:1C:98:E6:18:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-xclF0DU12WcwlREFRrHJjmGGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f406c3-2789-43a5-b1d6-ddddef241216/1/sQ4vtJK12QYfYaaEN-vkOmgxM68.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197799
IP address blocks:        31.193.200.0/21 maxlen: 21
                          2a03:1e40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f406c3-2789-43a5-b1d6-ddddef241216/1/3-xclF0DU12WcwlREFRrHJjmGGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f406c3-2789-43a5-b1d6-ddddef241216/1/3-xclF0DU12WcwlREFRrHJjmGGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-xclF0DU12WcwlREFRrHJjmGGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5a:aa:a5:dd:d8:0c:13:aa:8a:b1:be:d8:65:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfec5c945d03535d9673095110546b1c98e61860
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b10e2fb492b5d9061f61a68437ebe43a683133af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e4:f2:8c:b2:58:36:28:a6:5b:fc:7b:f2:ed:
                    d1:a6:5d:6b:d0:c1:9c:d8:f5:ff:74:6b:34:f7:38:
                    35:44:61:a7:86:17:76:24:ad:85:f8:0b:e0:a4:6e:
                    7c:c8:94:7f:98:0f:34:fe:54:f4:08:f8:31:44:5a:
                    fc:56:e2:6d:3f:92:44:9a:fb:b7:2b:b7:bb:64:8c:
                    50:a3:cc:ed:5d:d1:ed:6b:da:13:27:14:c9:75:e8:
                    5f:d6:63:8c:19:80:d9:bb:6d:e9:cf:b1:d0:ec:a6:
                    97:23:9d:29:52:2d:9e:5d:96:97:86:83:a9:bc:78:
                    51:9e:46:6c:cc:34:5b:61:68:69:30:ee:98:43:0a:
                    52:11:eb:79:b8:97:8c:89:5b:f9:29:c8:64:08:a4:
                    3f:d1:32:9f:ee:40:3f:a9:00:1f:d6:43:b9:33:0c:
                    86:96:83:2a:f5:a1:0b:9a:f5:a7:eb:25:fe:09:1c:
                    c4:19:2f:7f:b5:7d:da:9d:b5:50:24:93:f3:aa:ec:
                    0e:7a:3a:6d:a1:90:ee:76:2c:e8:db:ce:e6:ee:82:
                    58:82:41:11:e6:62:03:eb:c1:35:e7:3c:43:8e:8e:
                    91:11:4d:17:3c:23:cc:42:89:4f:55:32:9d:61:90:
                    b3:ce:84:eb:f1:d5:2b:d6:0e:f4:98:6f:e7:3a:d8:
                    ee:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:0E:2F:B4:92:B5:D9:06:1F:61:A6:84:37:EB:E4:3A:68:31:33:AF
            X509v3 Authority Key Identifier:
                keyid:DF:EC:5C:94:5D:03:53:5D:96:73:09:51:10:54:6B:1C:98:E6:18:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-xclF0DU12WcwlREFRrHJjmGGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f406c3-2789-43a5-b1d6-ddddef241216/1/sQ4vtJK12QYfYaaEN-vkOmgxM68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f406c3-2789-43a5-b1d6-ddddef241216/1/3-xclF0DU12WcwlREFRrHJjmGGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.193.200.0/21
                IPv6:
                  2a03:1e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:be:b6:9c:2f:72:e6:2f:3c:7c:e5:c7:7f:b5:62:d0:df:09:
         1f:29:c8:6f:9b:5d:a3:ba:c6:cb:39:f2:bf:64:5a:ba:b0:22:
         8d:c7:48:d3:d3:4f:26:67:18:84:6e:43:60:22:2f:17:10:ea:
         81:80:6f:50:91:77:39:1b:5e:23:ae:e5:9c:09:7c:c3:eb:1f:
         30:60:64:54:f7:4a:66:44:0f:ba:4f:97:31:1c:a4:b4:55:ad:
         64:81:de:cf:e4:70:b6:ed:eb:a1:45:30:f9:00:2e:c5:e4:ff:
         11:9d:74:10:65:14:c6:ea:46:07:19:9b:b7:d1:90:52:e9:67:
         a1:6b:0a:d4:f6:07:b1:aa:70:6a:20:2d:b7:6b:8e:a2:5b:b6:
         8e:79:6a:46:7f:33:0c:7b:06:07:1e:7b:92:2f:f6:29:fc:d0:
         36:e5:33:c1:8b:1e:f0:e6:4c:7b:c2:10:f6:d7:6e:14:57:07:
         dd:6f:62:1e:44:63:b6:a8:a8:1b:7f:c3:38:1a:94:be:2e:52:
         09:bd:74:8d:8d:46:32:3c:25:2b:f8:8e:6c:e0:ef:61:43:55:
         f0:64:ee:c9:ba:40:d7:44:86:cf:11:36:92:1c:0a:13:55:3d:
         59:88:7c:94:38:c8:bb:88:80:bf:88:eb:b2:44:7c:c9:1b:59:
         b2:ee:5e:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSVqqpd3YDBOqirG+2GWTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWM1Yzk0NWQwMzUzNWQ5NjczMDk1MTEwNTQ2YjFjOThl
NjE4NjAwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTBlMmZiNDkyYjVkOTA2MWY2MWE2ODQzN2ViZTQzYTY4MzEzM2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOTyjLJYNiimW/x78u3Rpl1r0MGc
2PX/dGs09zg1RGGnhhd2JK2F+AvgpG58yJR/mA80/lT0CPgxRFr8VuJtP5JEmvu3
K7e7ZIxQo8ztXdHta9oTJxTJdehf1mOMGYDZu23pz7HQ7KaXI50pUi2eXZaXhoOp
vHhRnkZszDRbYWhpMO6YQwpSEet5uJeMiVv5KchkCKQ/0TKf7kA/qQAf1kO5MwyG
loMq9aELmvWn6yX+CRzEGS9/tX3anbVQJJPzquwOejptoZDudizo287m7oJYgkER
5mID68E15zxDjo6REU0XPCPMQolPVTKdYZCzzoTr8dUr1g70mG/nOtjuHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLEOL7SStdkGH2GmhDfr5DpoMTOvMB8GA1UdIwQY
MBaAFN/sXJRdA1NdlnMJURBUaxyY5hhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy14Y2xGMERVMTJXY3dsUkVGUnJISmptR0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mNDA2YzMtMjc4OS00M2E1LWIxZDYt
ZGRkZGVmMjQxMjE2LzEvc1E0dnRKSzEyUVlmWWFhRU4tdmtPbWd4TTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mNDA2YzMtMjc4OS00M2E1LWIxZDYtZGRkZGVmMjQxMjE2
LzEvMy14Y2xGMERVMTJXY3dsUkVGUnJISmptR0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDH8HIMA0E
AgACMAcDBQAqAx5AMA0GCSqGSIb3DQEBCwUAA4IBAQAMvracL3LmLzx85cd/tWLQ
3wkfKchvm12jusbLOfK/ZFq6sCKNx0jT008mZxiEbkNgIi8XEOqBgG9QkXc5G14j
ruWcCXzD6x8wYGRU90pmRA+6T5cxHKS0Va1kgd7P5HC27euhRTD5AC7F5P8RnXQQ
ZRTG6kYHGZu30ZBS6WehawrU9gexqnBqIC23a46iW7aOeWpGfzMMewYHHnuSL/Yp
/NA25TPBix7w5kx7whD2124UVwfdb2IeRGO2qKgbf8M4GpS+LlIJvXSNjUYyPCUr
+I5s4O9hQ1XwZO7JukDXRIbPETaSHAoTVT1ZiHyUOMi7iIC/iOuyRHzJG1my7l5d
-----END CERTIFICATE-----