Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JAH3IXMvbG6Ys2dPmwodnWJGeoI.roa
File:                     JAH3IXMvbG6Ys2dPmwodnWJGeoI.roa (raw, json)
Hash identifier:          Gw60ldKvXUBK2ktt+kjbpS50udL3AC6hPM4eFLUJXXw=
Subject key identifier:   24:01:F7:21:73:2F:6C:6E:98:B3:67:4F:9B:0A:1D:9D:62:46:7A:82
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       01942745D1A34A7C86F0BD256FE5E34AE143
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JAH3IXMvbG6Ys2dPmwodnWJGeoI.roa
Signing time:             Thu 02 Jan 2025 13:47:54 +0000
ROA not before:           Thu 02 Jan 2025 13:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209127
IP address blocks:        31.192.211.0/24 maxlen: 24
                          2a03:2100:31::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:d1:a3:4a:7c:86:f0:bd:25:6f:e5:e3:4a:e1:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  2 13:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2401f721732f6c6e98b3674f9b0a1d9d62467a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:19:ee:9b:3e:8b:dd:c0:d1:f7:3d:e5:64:85:
                    55:bc:19:39:3d:aa:ae:73:68:0b:f4:33:8f:27:e5:
                    20:10:b1:e7:f8:66:bf:c5:17:54:7e:3b:cd:45:06:
                    56:2a:21:98:54:ad:c8:27:3f:05:22:51:2b:3c:14:
                    f6:32:2a:f1:0d:6e:64:9e:54:00:e2:35:61:22:ef:
                    23:cb:8b:5f:3b:6f:c1:36:e1:21:74:bf:66:1a:94:
                    55:7b:db:f0:88:45:2a:94:f7:06:8b:6f:57:70:3e:
                    ab:84:eb:55:64:93:4e:63:60:ff:0c:ac:65:6b:b2:
                    8f:cb:81:5a:c6:1a:72:2c:e9:11:37:71:88:7e:e9:
                    4e:8e:e6:1b:20:06:29:37:3d:01:24:43:b6:e8:31:
                    c9:1a:1a:1e:8b:4d:04:57:58:be:0c:28:60:bd:fe:
                    5a:f7:84:33:5d:66:81:b7:c8:71:96:72:ef:da:ee:
                    00:09:a4:d3:43:06:1d:41:91:ea:26:a9:d3:42:3b:
                    60:8e:c2:82:b1:28:60:b0:a2:0e:ec:63:f6:59:13:
                    4d:9d:c4:4b:6c:65:54:22:04:2b:e8:68:85:8c:2f:
                    78:41:4b:70:e9:17:1f:5f:d2:ed:f3:5d:1a:6f:c7:
                    19:c6:66:2c:48:8d:8a:34:3e:6f:a9:06:dc:b2:20:
                    ad:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:01:F7:21:73:2F:6C:6E:98:B3:67:4F:9B:0A:1D:9D:62:46:7A:82
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JAH3IXMvbG6Ys2dPmwodnWJGeoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.211.0/24
                IPv6:
                  2a03:2100:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:6c:d3:25:04:4d:02:6f:05:2e:95:38:97:e8:88:54:64:73:
         1a:54:6a:2d:12:ab:76:b7:aa:8c:d0:e0:3d:81:f9:bb:e1:47:
         3a:17:b3:38:d9:85:60:b2:67:be:de:79:dc:0b:5d:4d:20:6d:
         30:b5:bd:ae:97:a4:a3:73:c0:b5:32:23:89:40:72:e8:4a:fd:
         cb:7d:b4:c1:07:33:43:4d:d1:d3:d2:4a:a6:5b:d0:37:70:97:
         02:2d:6b:5d:0f:72:17:ed:5b:e3:c5:84:b0:71:57:64:1c:88:
         dd:1e:86:00:61:a0:02:83:5f:90:17:34:bf:ca:20:65:d9:29:
         79:8a:46:86:65:71:fb:ff:dc:14:9d:03:63:13:f8:10:dc:db:
         85:2c:fe:6e:24:f5:97:9f:58:bf:33:e8:0d:a4:4b:a6:6d:ff:
         34:83:e6:57:4b:5e:dd:b3:fb:76:fd:60:b6:02:73:42:26:dc:
         b0:8e:9e:c7:4c:5b:c8:78:ca:83:f3:e4:7f:c1:78:9e:bf:d4:
         a5:c5:bf:17:16:f3:49:ae:ba:a3:10:7c:15:59:b4:10:59:27:
         4a:35:91:32:e7:c8:75:b6:fa:cc:45:da:5d:28:68:88:73:bb:
         95:2f:b5:80:9c:50:0f:56:fd:17:84:88:ca:c5:ee:02:6c:5b:
         bc:e7:7d:d4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnRdGjSnyG8L0lb+XjSuFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjUwMTAyMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDAxZjcyMTczMmY2YzZlOThiMzY3NGY5YjBhMWQ5ZDYyNDY3YTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/hnumz6L3cDR9z3lZIVVvBk5Paqu
c2gL9DOPJ+UgELHn+Ga/xRdUfjvNRQZWKiGYVK3IJz8FIlErPBT2MirxDW5knlQA
4jVhIu8jy4tfO2/BNuEhdL9mGpRVe9vwiEUqlPcGi29XcD6rhOtVZJNOY2D/DKxl
a7KPy4FaxhpyLOkRN3GIfulOjuYbIAYpNz0BJEO26DHJGhoei00EV1i+DChgvf5a
94QzXWaBt8hxlnLv2u4ACaTTQwYdQZHqJqnTQjtgjsKCsShgsKIO7GP2WRNNncRL
bGVUIgQr6GiFjC94QUtw6RcfX9Lt810ab8cZxmYsSI2KND5vqQbcsiCthQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCQB9yFzL2xumLNnT5sKHZ1iRnqCMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvSkFIM0lYTXZiRzZZczJkUG13b2RuV0pHZW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH8DTMA8E
AgACMAkDBwAqAyEAADEwDQYJKoZIhvcNAQELBQADggEBAExs0yUETQJvBS6VOJfo
iFRkcxpUai0Sq3a3qozQ4D2B+bvhRzoXszjZhWCyZ77eedwLXU0gbTC1va6XpKNz
wLUyI4lAcuhK/ct9tMEHM0NN0dPSSqZb0DdwlwIta10PchftW+PFhLBxV2QciN0e
hgBhoAKDX5AXNL/KIGXZKXmKRoZlcfv/3BSdA2MT+BDc24Us/m4k9ZefWL8z6A2k
S6Zt/zSD5ldLXt2z+3b9YLYCc0Im3LCOnsdMW8h4yoPz5H/BeJ6/1KXFvxcW80mu
uqMQfBVZtBBZJ0o1kTLnyHW2+sxF2l0oaIhzu5UvtYCcUA9W/ReEiMrF7gJsW7zn
fdQ=
-----END CERTIFICATE-----