Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/iCgmGpyhGXjIvVkyeLmT7N8_y-4.roa
File:                     iCgmGpyhGXjIvVkyeLmT7N8_y-4.roa (raw, json)
Hash identifier:          jOahkOswhpSU7ry2oaBtzcTaxYOf5EimbWn3HXDfD9I=
Subject key identifier:   88:28:26:1A:9C:A1:19:78:C8:BD:59:32:78:B9:93:EC:DF:3F:CB:EE
Certificate issuer:       /CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
Certificate serial:       01942521FE8DAAF0D9DEE87F3CE04B983C82
Authority key identifier: 92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/iCgmGpyhGXjIvVkyeLmT7N8_y-4.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43513
IP address blocks:        80.246.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fe:8d:aa:f0:d9:de:e8:7f:3c:e0:4b:98:3c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8828261a9ca11978c8bd593278b993ecdf3fcbee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:7f:48:1d:66:c9:41:c0:3d:66:2e:4c:25:
                    86:2f:bf:60:46:4a:22:eb:87:01:9f:72:3a:1e:f3:
                    d6:c5:8c:7f:1c:70:b0:84:70:d3:3f:2a:72:68:34:
                    1d:6c:1b:11:51:19:d4:1e:28:e6:9b:b0:58:78:ce:
                    9f:b2:d1:43:87:47:60:3b:98:dd:f3:4c:ae:cd:b3:
                    43:ad:46:2e:f4:17:90:1c:4e:40:4d:8d:a6:a5:de:
                    5f:39:ad:05:62:f1:99:3c:37:5d:dd:22:66:43:69:
                    4b:d7:cd:d2:e0:d1:f6:63:26:bd:25:46:42:e7:06:
                    b6:39:43:f4:e1:bb:7a:2d:9f:77:cc:0e:f2:86:9a:
                    cd:3e:ef:6e:1e:1c:4d:99:a9:6d:e5:c4:d1:54:b9:
                    61:c1:70:c6:31:2e:02:4b:9f:48:ec:5d:71:d8:df:
                    97:4f:81:22:d4:ea:84:82:38:20:ae:fa:8d:36:94:
                    0f:37:c0:b8:e7:73:59:25:34:72:ac:4a:0f:79:1b:
                    70:73:58:90:10:62:4c:67:7f:4d:72:8b:9a:42:a5:
                    16:5b:8c:a1:59:07:d6:53:60:12:97:07:1b:85:45:
                    41:6e:f9:f6:03:30:dc:bc:a8:52:22:d2:3b:ac:87:
                    29:b3:cb:af:92:ff:55:32:0b:f2:a9:55:c1:b8:34:
                    c1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:28:26:1A:9C:A1:19:78:C8:BD:59:32:78:B9:93:EC:DF:3F:CB:EE
            X509v3 Authority Key Identifier:
                keyid:92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/iCgmGpyhGXjIvVkyeLmT7N8_y-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:17:5b:bc:47:da:70:78:a9:91:68:08:9d:83:43:b3:93:75:
         18:75:b2:47:43:f3:01:81:fe:ff:50:8c:9a:7f:33:08:b2:29:
         6d:fe:5f:cf:c1:02:06:f8:f6:a6:f7:0d:5a:88:03:c9:11:fa:
         e7:43:ee:68:30:b0:0c:bb:fd:ce:31:5c:73:4c:0b:0a:5c:13:
         dd:9e:87:51:40:27:3c:34:8c:6a:d7:76:26:b0:54:d4:7d:97:
         64:b5:c6:77:05:38:a3:fb:52:34:d6:62:ed:8c:7f:04:b2:a5:
         d2:55:07:64:6f:1a:cf:e0:37:e0:1a:de:71:f2:ed:23:d8:cf:
         20:58:7d:3e:c3:1e:46:1b:39:17:ae:e2:b1:d5:af:6f:bc:a5:
         9d:c8:b8:ff:62:b8:fa:6c:e2:8f:4a:0b:3d:90:34:2a:66:1a:
         83:66:4f:54:a7:3e:b5:18:bf:57:67:a8:7d:e9:d1:12:3d:39:
         cb:a7:da:74:a4:e6:51:1c:68:ea:fb:76:45:44:90:64:3c:3e:
         22:96:14:e7:75:07:f6:f7:f2:38:6d:61:eb:6f:84:d2:92:bb:
         4f:38:f5:86:92:10:6b:cf:3c:aa:6e:b5:a1:76:39:e5:31:53:
         61:94:23:28:f3:18:87:40:e4:f7:90:79:74:9c:a6:63:db:db:
         5f:b1:d2:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIf6NqvDZ3uh/POBLmDyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjIwOGI0N2I2YTg2NGQ5ZDFmZjMzZTA2YWE4MWQxMzgx
OWE3NGUwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI4MjYxYTljYTExOTc4YzhiZDU5MzI3OGI5OTNlY2RmM2ZjYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN5/SB1myUHAPWYuTCWGL79gRkoi
64cBn3I6HvPWxYx/HHCwhHDTPypyaDQdbBsRURnUHijmm7BYeM6fstFDh0dgO5jd
80yuzbNDrUYu9BeQHE5ATY2mpd5fOa0FYvGZPDdd3SJmQ2lL183S4NH2Yya9JUZC
5wa2OUP04bt6LZ93zA7yhprNPu9uHhxNmalt5cTRVLlhwXDGMS4CS59I7F1x2N+X
T4Ei1OqEgjggrvqNNpQPN8C453NZJTRyrEoPeRtwc1iQEGJMZ39NcouaQqUWW4yh
WQfWU2ASlwcbhUVBbvn2AzDcvKhSItI7rIcps8uvkv9VMgvyqVXBuDTBxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgoJhqcoRl4yL1ZMni5k+zfP8vuMB8GA1UdIwQY
MBaAFJIiCLR7aoZNnR/zPgaqgdE4GadOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTct
OTViMDhlMzY2MGNmLzEvaUNnbUdweWhHWGpJdlZreWVMbVQ3TjhfeS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTctOTViMDhlMzY2MGNm
LzEva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPYfMA0G
CSqGSIb3DQEBCwUAA4IBAQBxF1u8R9pweKmRaAidg0Ozk3UYdbJHQ/MBgf7/UIya
fzMIsilt/l/PwQIG+Pam9w1aiAPJEfrnQ+5oMLAMu/3OMVxzTAsKXBPdnodRQCc8
NIxq13YmsFTUfZdktcZ3BTij+1I01mLtjH8EsqXSVQdkbxrP4DfgGt5x8u0j2M8g
WH0+wx5GGzkXruKx1a9vvKWdyLj/Yrj6bOKPSgs9kDQqZhqDZk9Upz61GL9XZ6h9
6dESPTnLp9p0pOZRHGjq+3ZFRJBkPD4ilhTndQf29/I4bWHrb4TSkrtPOPWGkhBr
zzyqbrWhdjnlMVNhlCMo8xiHQOT3kHl0nKZj29tfsdLG
-----END CERTIFICATE-----