Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/eHnZ1HOq1lcmimOtp90LOBKgKFs.roa
File:                     eHnZ1HOq1lcmimOtp90LOBKgKFs.roa (raw, json)
Hash identifier:          grUhC0Kpryb4i4UY9M0a8WN++ttFmlUQtTYVDtECn1Y=
Subject key identifier:   78:79:D9:D4:73:AA:D6:57:26:8A:63:AD:A7:DD:0B:38:12:A0:28:5B
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018F136666035C2D2F9C211EDB66114F5AC2
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/eHnZ1HOq1lcmimOtp90LOBKgKFs.roa
Signing time:             Thu 25 Apr 2024 03:57:08 +0000
ROA not before:           Thu 25 Apr 2024 03:57:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56769
IP address blocks:        31.15.20.0/24 maxlen: 24
                          31.15.21.0/24 maxlen: 24
                          192.162.66.0/24 maxlen: 24
                          192.162.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:13:66:66:03:5c:2d:2f:9c:21:1e:db:66:11:4f:5a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Apr 25 03:57:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7879d9d473aad657268a63ada7dd0b3812a0285b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:51:bc:36:94:bc:86:30:cf:07:53:56:92:6d:
                    a1:7f:80:ad:c4:cf:29:d8:7d:8e:b1:f4:9b:e8:a4:
                    08:fb:07:95:81:d5:40:bb:19:22:34:bc:d6:f4:2c:
                    6e:c6:c3:18:8b:3a:0c:2a:a1:d1:63:1b:e3:f8:a9:
                    47:33:1a:ca:07:13:0b:79:3e:0f:da:08:4a:2e:b7:
                    f6:ac:9b:99:a1:7f:e6:d6:a2:d8:55:f5:14:f6:47:
                    0f:53:47:b6:a5:6d:1e:52:4e:13:ad:fb:72:0c:d5:
                    40:17:92:c4:7f:f5:2a:c6:ab:9c:be:79:f8:64:1b:
                    d4:7d:9f:a5:96:f1:d1:4c:c5:a4:10:66:74:c8:c8:
                    74:70:26:3d:79:60:02:5f:e6:db:6c:5f:af:71:ba:
                    46:58:2a:a7:97:09:e5:31:c1:6b:ea:39:d4:3a:87:
                    d0:a9:70:63:a6:91:67:d6:20:89:96:48:9f:74:57:
                    60:a9:ce:58:ab:59:82:a7:6a:87:b4:f8:8f:d2:f7:
                    4f:80:ed:58:93:dc:fd:83:d0:43:2d:2d:ff:cf:e0:
                    e5:a0:f4:f6:5f:79:3e:a0:8b:eb:30:2e:34:f8:91:
                    02:80:1c:fb:27:8e:6e:7c:af:c5:00:e7:07:6e:f6:
                    c0:3d:d1:b9:d6:0c:ff:e1:0c:a0:5d:1c:9e:18:4b:
                    05:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:79:D9:D4:73:AA:D6:57:26:8A:63:AD:A7:DD:0B:38:12:A0:28:5B
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/eHnZ1HOq1lcmimOtp90LOBKgKFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.20.0/23
                  192.162.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:67:bd:31:98:69:36:df:15:0d:ca:77:74:03:a6:3d:bb:5a:
         1a:95:78:b6:50:d4:56:68:96:19:e7:fb:db:74:1c:b7:73:43:
         e5:97:74:c8:8a:49:08:f8:33:7b:1e:1b:82:f4:0d:6a:a7:63:
         58:b9:91:3c:63:86:db:ae:c4:fc:04:26:41:bf:ba:0b:1e:ed:
         87:fa:06:41:b1:84:e2:be:67:8b:3d:c3:3c:2b:ce:ae:3f:e2:
         8a:e6:a0:8d:07:06:f6:f1:74:0b:67:8b:e5:52:7a:a7:ce:9a:
         2c:92:aa:86:44:3e:03:ec:af:45:f7:fc:9c:6d:81:9c:cb:d1:
         02:5f:8d:b7:ce:41:0f:a9:8a:b8:d6:50:21:30:ed:66:1a:06:
         d3:4d:43:69:bd:17:f4:97:10:6f:36:b9:2a:29:b0:b5:10:dc:
         11:19:bc:07:b8:93:13:25:98:67:b4:35:8b:a3:86:8e:04:7a:
         0c:ce:b8:59:36:f4:79:85:08:57:dc:2d:ea:04:34:1d:6b:55:
         4a:78:16:d0:e1:ae:8e:d2:27:a9:20:01:d6:df:fd:68:9f:df:
         1a:40:fb:34:14:d7:6d:01:b0:a4:7d:9f:66:2b:d9:db:35:81:
         94:2d:58:b0:c5:db:30:4c:44:b8:ae:24:3e:28:73:a9:40:75:
         c0:84:db:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8TZmYDXC0vnCEe22YRT1rCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwNDI1MDM1NzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODc5ZDlkNDczYWFkNjU3MjY4YTYzYWRhN2RkMGIzODEyYTAyODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlG8NpS8hjDPB1NWkm2hf4CtxM8p
2H2OsfSb6KQI+weVgdVAuxkiNLzW9CxuxsMYizoMKqHRYxvj+KlHMxrKBxMLeT4P
2ghKLrf2rJuZoX/m1qLYVfUU9kcPU0e2pW0eUk4TrftyDNVAF5LEf/Uqxqucvnn4
ZBvUfZ+llvHRTMWkEGZ0yMh0cCY9eWACX+bbbF+vcbpGWCqnlwnlMcFr6jnUOofQ
qXBjppFn1iCJlkifdFdgqc5Yq1mCp2qHtPiP0vdPgO1Yk9z9g9BDLS3/z+DloPT2
X3k+oIvrMC40+JECgBz7J45ufK/FAOcHbvbAPdG51gz/4QygXRyeGEsFKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHh52dRzqtZXJopjrafdCzgSoChbMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvZUhuWjFIT3ExbGNtaW1PdHA5MExPQktnS0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBHw8UAwQB
wKJCMA0GCSqGSIb3DQEBCwUAA4IBAQBAZ70xmGk23xUNynd0A6Y9u1oalXi2UNRW
aJYZ5/vbdBy3c0Pll3TIikkI+DN7HhuC9A1qp2NYuZE8Y4bbrsT8BCZBv7oLHu2H
+gZBsYTivmeLPcM8K86uP+KK5qCNBwb28XQLZ4vlUnqnzposkqqGRD4D7K9F9/yc
bYGcy9ECX423zkEPqYq41lAhMO1mGgbTTUNpvRf0lxBvNrkqKbC1ENwRGbwHuJMT
JZhntDWLo4aOBHoMzrhZNvR5hQhX3C3qBDQda1VKeBbQ4a6O0iepIAHW3/1on98a
QPs0FNdtAbCkfZ9mK9nbNYGULViwxdswTES4riQ+KHOpQHXAhNvt
-----END CERTIFICATE-----