Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IhDDYRKrYIYJ0dFDknHmZCCyQro.roa
File:                     IhDDYRKrYIYJ0dFDknHmZCCyQro.roa (raw, json)
Hash identifier:          7twHraVMv+2BwguR57wFjfZf1HJqooTSjCcqWBJhQ5Q=
Subject key identifier:   22:10:C3:61:12:AB:60:86:09:D1:D1:43:92:71:E6:64:20:B2:42:BA
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0196D84FCC355E1BD521A2A7641B2686B105
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IhDDYRKrYIYJ0dFDknHmZCCyQro.roa
Signing time:             Fri 16 May 2025 08:57:10 +0000
ROA not before:           Fri 16 May 2025 08:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208427
IP address blocks:        31.184.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d8:4f:cc:35:5e:1b:d5:21:a2:a7:64:1b:26:86:b1:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: May 16 08:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2210c36112ab608609d1d1439271e66420b242ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:69:45:de:eb:d3:d2:e6:37:59:68:06:9b:f3:
                    76:c7:a8:2e:6a:4d:4a:a3:1f:25:97:c5:a6:07:d6:
                    65:89:c8:6e:a3:1a:58:7e:63:95:7b:96:8f:c6:d1:
                    e8:d2:5b:c6:7c:6c:cf:e0:4a:5a:51:ac:52:52:fb:
                    2c:cd:60:53:bb:a0:f1:1b:ec:b3:0e:c3:67:a7:c2:
                    9d:97:61:f2:39:e3:6a:6a:e6:db:0d:b4:19:75:32:
                    b5:95:ec:59:ae:70:69:6f:51:22:ee:f9:59:7d:86:
                    6b:ad:42:01:26:33:49:2b:3a:d6:56:c5:5d:11:97:
                    41:64:f1:bd:00:0b:aa:b9:46:24:ba:53:27:a0:34:
                    17:16:8f:6d:37:4b:9d:7b:95:5e:b0:94:0a:cf:c8:
                    f2:7d:58:0d:cc:78:76:83:3b:b0:6c:aa:10:38:39:
                    a1:27:4d:57:5c:e5:38:9e:88:d2:51:fe:4d:3c:58:
                    28:bd:8c:46:4a:40:91:51:a7:4c:a7:6b:af:a2:52:
                    07:38:2b:65:ee:e1:5f:b2:e3:1b:b5:a5:97:3a:04:
                    76:41:52:41:60:d0:ba:e9:eb:a8:e7:14:ae:5e:2a:
                    e4:e3:33:36:80:01:8e:30:d3:68:be:cd:cc:93:96:
                    43:4b:f5:4b:8c:56:eb:9e:d7:16:11:06:58:7e:ab:
                    d5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:10:C3:61:12:AB:60:86:09:D1:D1:43:92:71:E6:64:20:B2:42:BA
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IhDDYRKrYIYJ0dFDknHmZCCyQro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.184.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:b0:5c:45:5f:b6:d8:bb:18:16:ea:c7:df:ca:55:5e:c4:14:
         11:de:53:b9:26:3d:fc:e0:6e:72:75:d1:bf:47:4a:0e:d8:15:
         eb:15:1e:90:cd:7a:ee:f7:4c:0e:f8:c2:f0:64:c9:3e:71:23:
         37:3b:f5:47:3a:e5:71:cd:07:a7:06:df:f3:9a:33:bf:1f:8d:
         88:4d:c1:6a:85:ed:e0:fd:c3:65:86:d4:76:fc:5e:6d:54:0b:
         1e:75:d3:fe:82:f9:c3:e1:4a:6f:9b:c4:24:c9:01:e3:c7:51:
         f6:a4:ea:33:f1:da:99:a5:df:cf:93:9c:d4:a8:a1:e5:85:db:
         12:d9:29:60:1f:4f:ed:f2:f7:aa:a1:70:7b:57:2c:22:f4:a1:
         6f:40:ac:85:fa:e2:e1:5a:de:3b:f1:dd:a2:a6:3e:06:41:9a:
         c6:0b:c1:11:22:d6:39:d3:69:d1:b1:2a:7d:32:30:23:9c:8d:
         66:30:bc:fe:df:4e:97:d5:9e:8a:8a:a0:57:34:b8:5f:ba:c5:
         92:0b:0f:18:7e:52:13:ea:5d:7b:5b:8d:91:20:8e:28:d2:00:
         b4:f0:e2:3d:96:8d:23:1f:b5:53:e6:df:2f:04:6c:c8:04:f8:
         09:e0:50:0a:e5:a0:7d:f4:56:b1:a3:5e:06:78:4d:68:15:4d:
         43:c8:66:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbYT8w1XhvVIaKnZBsmhrEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNTE2MDg1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjEwYzM2MTEyYWI2MDg2MDlkMWQxNDM5MjcxZTY2NDIwYjI0MmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WlF3uvT0uY3WWgGm/N2x6guak1K
ox8ll8WmB9ZlichuoxpYfmOVe5aPxtHo0lvGfGzP4EpaUaxSUvsszWBTu6DxG+yz
DsNnp8Kdl2HyOeNqaubbDbQZdTK1lexZrnBpb1Ei7vlZfYZrrUIBJjNJKzrWVsVd
EZdBZPG9AAuquUYkulMnoDQXFo9tN0ude5VesJQKz8jyfVgNzHh2gzuwbKoQODmh
J01XXOU4nojSUf5NPFgovYxGSkCRUadMp2uvolIHOCtl7uFfsuMbtaWXOgR2QVJB
YNC66euo5xSuXirk4zM2gAGOMNNovs3Mk5ZDS/VLjFbrntcWEQZYfqvVIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIQw2ESq2CGCdHRQ5Jx5mQgskK6MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSWhERFlSS3JZSVlKMGRGRGtuSG1aQ0N5UXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH7jwMA0G
CSqGSIb3DQEBCwUAA4IBAQBPsFxFX7bYuxgW6sffylVexBQR3lO5Jj384G5yddG/
R0oO2BXrFR6QzXru90wO+MLwZMk+cSM3O/VHOuVxzQenBt/zmjO/H42ITcFqhe3g
/cNlhtR2/F5tVAseddP+gvnD4Upvm8QkyQHjx1H2pOoz8dqZpd/Pk5zUqKHlhdsS
2SlgH0/t8veqoXB7Vywi9KFvQKyF+uLhWt478d2ipj4GQZrGC8ERItY502nRsSp9
MjAjnI1mMLz+306X1Z6KiqBXNLhfusWSCw8YflIT6l17W42RII4o0gC08OI9lo0j
H7VT5t8vBGzIBPgJ4FAK5aB99Faxo14GeE1oFU1DyGaj
-----END CERTIFICATE-----