Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/75a6cb-5866-44a2-8bb0-a31ab64cfccb/1/u9Oa3LUMKo1YJHbsxdeIBTuXnWE.roa
File:                     u9Oa3LUMKo1YJHbsxdeIBTuXnWE.roa (raw, json)
Hash identifier:          k4Srv4CdQRCPdaIqts/6MWkIh4wvcYeWAGJZL0fzKQc=
Subject key identifier:   BB:D3:9A:DC:B5:0C:2A:8D:58:24:76:EC:C5:D7:88:05:3B:97:9D:61
Certificate issuer:       /CN=1597b9d73480ca22cbf31faaf0bccbed30b2095e
Certificate serial:       018CC501331D4156A554F1C587FC08CF5A68
Authority key identifier: 15:97:B9:D7:34:80:CA:22:CB:F3:1F:AA:F0:BC:CB:ED:30:B2:09:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZe51zSAyiLL8x-q8LzL7TCyCV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/75a6cb-5866-44a2-8bb0-a31ab64cfccb/1/u9Oa3LUMKo1YJHbsxdeIBTuXnWE.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216269
IP address blocks:        31.172.172.0/22 maxlen: 24
                          2a13:eac0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/75a6cb-5866-44a2-8bb0-a31ab64cfccb/1/FZe51zSAyiLL8x-q8LzL7TCyCV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/75a6cb-5866-44a2-8bb0-a31ab64cfccb/1/FZe51zSAyiLL8x-q8LzL7TCyCV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZe51zSAyiLL8x-q8LzL7TCyCV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:33:1d:41:56:a5:54:f1:c5:87:fc:08:cf:5a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1597b9d73480ca22cbf31faaf0bccbed30b2095e
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbd39adcb50c2a8d582476ecc5d788053b979d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:16:91:78:7c:aa:16:17:6c:29:1c:31:47:8e:
                    60:12:70:63:90:8b:0e:7e:6b:6b:18:ea:79:06:26:
                    f7:fb:0c:1d:56:33:fa:ad:bf:00:16:6f:2b:df:36:
                    8b:cd:97:21:0e:92:94:05:8b:9a:ea:b4:b8:72:05:
                    d1:3f:4a:ca:a5:b0:6c:fe:24:bb:7b:89:0c:41:72:
                    f2:83:53:60:e4:ee:00:dd:4b:0b:5d:3a:b2:02:c0:
                    32:90:57:e4:de:9c:3d:4d:1b:4c:2b:2d:1b:ab:6d:
                    72:fe:4a:f0:e3:89:a0:90:4f:54:7d:d9:7a:d7:2f:
                    a5:27:b9:a5:49:6b:a5:91:35:5d:3c:bb:32:e1:45:
                    25:bb:f4:c4:03:f2:0f:85:f1:db:ab:8e:0e:6b:50:
                    c1:85:12:d8:a1:38:a6:34:f4:09:ac:89:11:35:73:
                    3d:6a:c6:4d:78:33:a0:42:9d:16:93:b8:ba:39:a6:
                    85:7f:27:d9:47:33:3a:3a:9a:8c:c0:56:29:21:11:
                    b5:5d:fb:f0:dd:0c:c6:86:73:00:db:eb:e1:f0:e2:
                    d9:cd:70:bb:70:5b:a6:48:34:c0:f6:0a:39:e4:6d:
                    53:bd:58:c7:4b:59:46:c4:e8:02:82:bd:88:f3:6c:
                    1a:0d:dc:1e:57:3b:f3:fe:1c:6a:07:45:57:bd:d4:
                    43:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D3:9A:DC:B5:0C:2A:8D:58:24:76:EC:C5:D7:88:05:3B:97:9D:61
            X509v3 Authority Key Identifier:
                keyid:15:97:B9:D7:34:80:CA:22:CB:F3:1F:AA:F0:BC:CB:ED:30:B2:09:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZe51zSAyiLL8x-q8LzL7TCyCV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/75a6cb-5866-44a2-8bb0-a31ab64cfccb/1/u9Oa3LUMKo1YJHbsxdeIBTuXnWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/75a6cb-5866-44a2-8bb0-a31ab64cfccb/1/FZe51zSAyiLL8x-q8LzL7TCyCV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.172.0/22
                IPv6:
                  2a13:eac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:a5:92:13:b4:67:9d:af:96:89:db:72:b7:f4:1c:9e:b3:f2:
         f7:83:35:cd:c3:e3:7c:14:9c:97:14:0d:78:85:85:1b:89:95:
         7c:ee:f2:c3:c4:3a:b2:8d:09:44:fe:d9:04:f1:71:15:48:75:
         e5:dc:65:9a:53:12:b5:e3:3e:94:4b:cc:11:0c:0e:57:e9:c6:
         9a:84:57:29:26:9e:de:13:6a:f3:6f:89:6f:47:0b:6d:fd:c4:
         d0:17:cb:88:60:64:a5:52:d2:9a:51:d6:8d:71:88:b0:6b:8d:
         6c:04:9b:e8:75:e7:ad:0c:33:14:bf:fc:da:3c:29:7f:88:f5:
         08:92:87:d1:df:cd:95:ce:81:f7:4d:70:47:30:28:dd:19:01:
         f1:ec:51:dd:79:92:8a:24:af:0b:d3:68:12:90:13:8d:43:0c:
         c6:40:8c:6a:e3:a1:31:aa:73:a7:e7:7a:fb:c1:ee:b5:60:73:
         01:1c:63:7b:c6:cf:8e:2e:2f:9d:90:84:fd:f0:a1:7c:75:b7:
         a0:c1:6d:02:e4:8d:db:e9:8a:56:d5:cc:22:9d:ae:5b:dc:46:
         2c:e3:5c:2e:74:54:95:3c:da:03:c9:46:ea:79:dc:99:b9:79:
         19:2d:77:b0:8a:e3:cc:1e:e8:83:f5:c3:c1:0b:37:0e:c1:18:
         77:88:ad:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFATMdQValVPHFh/wIz1poMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OTdiOWQ3MzQ4MGNhMjJjYmYzMWZhYWYwYmNjYmVkMzBi
MjA5NWUwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQzOWFkY2I1MGMyYThkNTgyNDc2ZWNjNWQ3ODgwNTNiOTc5ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBaReHyqFhdsKRwxR45gEnBjkIsO
fmtrGOp5Bib3+wwdVjP6rb8AFm8r3zaLzZchDpKUBYua6rS4cgXRP0rKpbBs/iS7
e4kMQXLyg1Ng5O4A3UsLXTqyAsAykFfk3pw9TRtMKy0bq21y/krw44mgkE9Ufdl6
1y+lJ7mlSWulkTVdPLsy4UUlu/TEA/IPhfHbq44Oa1DBhRLYoTimNPQJrIkRNXM9
asZNeDOgQp0Wk7i6OaaFfyfZRzM6OpqMwFYpIRG1Xfvw3QzGhnMA2+vh8OLZzXC7
cFumSDTA9go55G1TvVjHS1lGxOgCgr2I82waDdweVzvz/hxqB0VXvdRDUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLvTmty1DCqNWCR27MXXiAU7l51hMB8GA1UdIwQY
MBaAFBWXudc0gMoiy/MfqvC8y+0wsgleMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlplNTF6U0F5aUxMOHgtcThMekw3VEN5Q1Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83NWE2Y2ItNTg2Ni00NGEyLThiYjAt
YTMxYWI2NGNmY2NiLzEvdTlPYTNMVU1LbzFZSkhic3hkZUlCVHVYbldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83NWE2Y2ItNTg2Ni00NGEyLThiYjAtYTMxYWI2NGNmY2Ni
LzEvRlplNTF6U0F5aUxMOHgtcThMekw3VEN5Q1Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCH6ysMA0E
AgACMAcDBQMqE+rAMA0GCSqGSIb3DQEBCwUAA4IBAQBvpZITtGedr5aJ23K39Bye
s/L3gzXNw+N8FJyXFA14hYUbiZV87vLDxDqyjQlE/tkE8XEVSHXl3GWaUxK14z6U
S8wRDA5X6caahFcpJp7eE2rzb4lvRwtt/cTQF8uIYGSlUtKaUdaNcYiwa41sBJvo
deetDDMUv/zaPCl/iPUIkofR382VzoH3TXBHMCjdGQHx7FHdeZKKJK8L02gSkBON
QwzGQIxq46ExqnOn53r7we61YHMBHGN7xs+OLi+dkIT98KF8dbegwW0C5I3b6YpW
1cwina5b3EYs41wudFSVPNoDyUbqedyZuXkZLXewiuPMHuiD9cPBCzcOwRh3iK1o
-----END CERTIFICATE-----