Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a481e7-a777-4002-b882-65a294a1fbae/1/H_0l7nZQSgFuvebWYRzzLXwsx3c.roa
File:                     H_0l7nZQSgFuvebWYRzzLXwsx3c.roa (raw, json)
Hash identifier:          CHRBDIFN/9WxPGjKuAcSU7xch5Ev10JC2Rds4G2quhU=
Subject key identifier:   1F:FD:25:EE:76:50:4A:01:6E:BD:E6:D6:61:1C:F3:2D:7C:2C:C7:77
Certificate issuer:       /CN=f0ec6ce24301db2e51dd536d5c0c15cf970c722a
Certificate serial:       01918D36C57AFF1A697558B8FD8B28942B2A
Authority key identifier: F0:EC:6C:E2:43:01:DB:2E:51:DD:53:6D:5C:0C:15:CF:97:0C:72:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Oxs4kMB2y5R3VNtXAwVz5cMcio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a481e7-a777-4002-b882-65a294a1fbae/1/H_0l7nZQSgFuvebWYRzzLXwsx3c.roa
Signing time:             Mon 26 Aug 2024 05:44:22 +0000
ROA not before:           Mon 26 Aug 2024 05:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56517
IP address blocks:        31.24.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a481e7-a777-4002-b882-65a294a1fbae/1/8Oxs4kMB2y5R3VNtXAwVz5cMcio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a481e7-a777-4002-b882-65a294a1fbae/1/8Oxs4kMB2y5R3VNtXAwVz5cMcio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Oxs4kMB2y5R3VNtXAwVz5cMcio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8d:36:c5:7a:ff:1a:69:75:58:b8:fd:8b:28:94:2b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ec6ce24301db2e51dd536d5c0c15cf970c722a
        Validity
            Not Before: Aug 26 05:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ffd25ee76504a016ebde6d6611cf32d7c2cc777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a4:48:8c:11:f2:bc:5b:db:d7:78:5e:65:a2:
                    43:15:f6:21:76:85:1f:01:e8:50:f0:2c:65:48:ba:
                    f8:d9:74:da:1b:4e:c2:c5:bd:5c:15:f6:85:22:f4:
                    15:b7:e6:55:af:be:41:c8:59:cb:6f:ff:6f:4b:bb:
                    1d:9a:34:59:6d:76:d7:72:85:4b:6e:8b:d3:67:54:
                    47:6c:b3:8f:74:23:8f:f7:37:ad:69:8f:23:5b:7c:
                    ae:c6:a2:59:cc:e3:86:92:e4:ca:fc:47:74:68:43:
                    62:0a:41:2c:ed:cc:3f:ce:a4:dc:63:88:25:64:c5:
                    6f:38:43:b8:98:0b:15:6c:54:11:39:11:92:b0:6e:
                    33:b9:d9:72:99:dd:93:b1:4f:6d:96:a1:c9:7c:ea:
                    3b:f2:88:28:7a:55:ab:e4:66:0c:60:82:59:eb:85:
                    37:20:70:6d:2c:39:5e:74:f9:0c:10:aa:17:53:c9:
                    49:13:69:01:a9:fb:64:d4:0d:ad:7c:2b:9b:9f:c1:
                    8e:72:43:32:40:68:88:46:da:28:62:83:26:ed:02:
                    48:51:80:0d:1b:0d:4f:34:69:94:8f:1a:98:dc:f0:
                    00:3e:78:7f:54:23:eb:48:d1:67:71:2d:5c:b4:56:
                    e7:b8:70:36:8e:4e:ba:eb:84:81:cc:29:56:6e:10:
                    a5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FD:25:EE:76:50:4A:01:6E:BD:E6:D6:61:1C:F3:2D:7C:2C:C7:77
            X509v3 Authority Key Identifier:
                keyid:F0:EC:6C:E2:43:01:DB:2E:51:DD:53:6D:5C:0C:15:CF:97:0C:72:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Oxs4kMB2y5R3VNtXAwVz5cMcio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a481e7-a777-4002-b882-65a294a1fbae/1/H_0l7nZQSgFuvebWYRzzLXwsx3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a481e7-a777-4002-b882-65a294a1fbae/1/8Oxs4kMB2y5R3VNtXAwVz5cMcio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:30:5c:a4:87:37:d8:01:9f:77:47:76:cc:62:82:08:10:e3:
         29:67:74:41:d0:0f:c8:1c:d5:37:ef:eb:67:43:4d:c4:91:ec:
         48:06:a0:79:10:20:64:c5:dd:19:20:d2:83:bc:bd:7c:33:cf:
         b9:cd:8f:18:3d:97:4f:31:87:88:ef:d8:bd:da:2f:3e:83:c6:
         f6:3e:9e:67:6d:c9:b0:66:0d:fc:7c:97:e3:e2:a8:91:c7:fc:
         e4:6d:e4:60:41:99:05:48:98:45:1a:4c:f3:de:95:57:bd:f1:
         76:f0:3b:d3:b7:ae:f7:28:81:25:ac:d9:ca:6c:a7:6b:46:66:
         68:85:aa:6b:91:d6:7e:16:81:63:94:6e:e2:a9:a6:a1:c8:8a:
         87:68:e3:6d:a1:fb:ac:c2:83:3b:76:31:11:4f:da:c9:df:7b:
         49:ad:f6:9b:73:ce:3e:fc:8d:91:a5:a4:b7:2c:4e:6e:4f:98:
         85:36:9e:a3:77:84:94:d6:c1:8e:fa:08:17:18:56:aa:76:ed:
         8b:e3:87:96:00:f8:a4:d0:90:6a:07:47:00:40:fd:18:9b:e4:
         9a:4c:c4:bc:7c:2e:9f:4d:25:68:4e:c7:9d:09:1e:7f:13:24:
         13:24:c9:18:1f:fc:a6:d6:3b:4c:4f:6f:2e:d7:64:7f:de:ee:
         19:7f:a4:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGNNsV6/xppdVi4/YsolCsqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZWM2Y2UyNDMwMWRiMmU1MWRkNTM2ZDVjMGMxNWNmOTcw
YzcyMmEwHhcNMjQwODI2MDU0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmZkMjVlZTc2NTA0YTAxNmViZGU2ZDY2MTFjZjMyZDdjMmNjNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqRIjBHyvFvb13heZaJDFfYhdoUf
AehQ8CxlSLr42XTaG07Cxb1cFfaFIvQVt+ZVr75ByFnLb/9vS7sdmjRZbXbXcoVL
bovTZ1RHbLOPdCOP9zetaY8jW3yuxqJZzOOGkuTK/Ed0aENiCkEs7cw/zqTcY4gl
ZMVvOEO4mAsVbFQRORGSsG4zudlymd2TsU9tlqHJfOo78ogoelWr5GYMYIJZ64U3
IHBtLDledPkMEKoXU8lJE2kBqftk1A2tfCubn8GOckMyQGiIRtooYoMm7QJIUYAN
Gw1PNGmUjxqY3PAAPnh/VCPrSNFncS1ctFbnuHA2jk6664SBzClWbhClqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/9Je52UEoBbr3m1mEc8y18LMd3MB8GA1UdIwQY
MBaAFPDsbOJDAdsuUd1TbVwMFc+XDHIqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE94czRrTUIyeTVSM1ZOdFhBd1Z6NWNNY2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hNDgxZTctYTc3Ny00MDAyLWI4ODIt
NjVhMjk0YTFmYmFlLzEvSF8wbDduWlFTZ0Z1dmViV1lSenpMWHdzeDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hNDgxZTctYTc3Ny00MDAyLWI4ODItNjVhMjk0YTFmYmFl
LzEvOE94czRrTUIyeTVSM1ZOdFhBd1Z6NWNNY2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHxgwMA0G
CSqGSIb3DQEBCwUAA4IBAQAKMFykhzfYAZ93R3bMYoIIEOMpZ3RB0A/IHNU37+tn
Q03EkexIBqB5ECBkxd0ZINKDvL18M8+5zY8YPZdPMYeI79i92i8+g8b2Pp5nbcmw
Zg38fJfj4qiRx/zkbeRgQZkFSJhFGkzz3pVXvfF28DvTt673KIElrNnKbKdrRmZo
haprkdZ+FoFjlG7iqaahyIqHaONtofuswoM7djERT9rJ33tJrfabc84+/I2RpaS3
LE5uT5iFNp6jd4SU1sGO+ggXGFaqdu2L44eWAPik0JBqB0cAQP0Ym+SaTMS8fC6f
TSVoTsedCR5/EyQTJMkYH/ym1jtMT28u12R/3u4Zf6Rw
-----END CERTIFICATE-----