Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/2t-i2kopwR52Z_Mpc2NKni29tLQ.roa
File:                     2t-i2kopwR52Z_Mpc2NKni29tLQ.roa (raw, json)
Hash identifier:          tZUsUngIszxCM0ZEk2P0zYz3h8rOxng23uEouu0fEOA=
Subject key identifier:   DA:DF:A2:DA:4A:29:C1:1E:76:67:F3:29:73:63:4A:9E:2D:BD:B4:B4
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       01962D9546B873A5C564C0FD20F6122D5069
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/2t-i2kopwR52Z_Mpc2NKni29tLQ.roa
Signing time:             Sun 13 Apr 2025 05:17:59 +0000
ROA not before:           Sun 13 Apr 2025 05:17:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        31.43.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:2d:95:46:b8:73:a5:c5:64:c0:fd:20:f6:12:2d:50:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Apr 13 05:17:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dadfa2da4a29c11e7667f32973634a9e2dbdb4b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d1:bd:ed:0a:0b:22:9c:15:c3:c2:71:c2:7a:
                    f8:c2:bd:70:c5:af:79:eb:ea:b6:f4:16:31:e9:8d:
                    2e:68:3e:e8:a6:cf:95:df:54:9e:ab:de:bf:aa:43:
                    08:fa:fc:3c:80:35:6e:46:2d:08:cf:19:18:19:24:
                    69:28:56:23:55:6c:82:71:5d:c7:1a:18:4f:eb:f5:
                    fa:4f:29:ad:10:de:82:71:66:ff:c3:e5:f7:88:22:
                    7c:a6:7f:f2:ad:23:5e:30:40:d3:6d:cc:23:ae:85:
                    8a:4e:ce:ee:76:49:d9:6f:b4:a7:93:57:f9:91:cd:
                    2f:0b:8e:11:dd:c4:d4:d0:cc:b5:08:b2:3a:bb:d9:
                    25:a1:f4:8b:ba:9d:d2:1d:35:ac:91:d8:71:28:29:
                    52:4a:96:c5:91:3d:f0:53:28:66:f4:12:8a:7b:9c:
                    1f:18:05:31:64:25:78:10:3d:02:bc:3e:ae:c8:bb:
                    07:86:6b:84:d6:ab:97:c3:21:d9:62:57:28:a1:ac:
                    83:34:d7:c6:e2:1a:cc:f1:4b:cf:35:cb:70:1a:86:
                    bc:49:ca:e8:ee:02:78:0d:4e:9c:a7:c8:25:13:bb:
                    48:8c:89:69:d7:a2:de:5d:20:6a:aa:7d:15:06:7f:
                    32:2f:85:52:94:5f:47:c3:19:ea:8e:24:1d:88:c4:
                    f2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:DF:A2:DA:4A:29:C1:1E:76:67:F3:29:73:63:4A:9E:2D:BD:B4:B4
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/2t-i2kopwR52Z_Mpc2NKni29tLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:c5:e5:32:72:bd:a2:ed:9e:bd:e7:03:4a:5f:c1:19:8f:15:
         6c:28:a9:f3:72:18:ed:c4:5c:ad:87:c9:5f:97:90:af:95:8a:
         6b:33:e9:69:7c:05:a7:c5:11:98:06:5d:67:a8:ad:05:37:be:
         ee:e9:2f:7b:e7:7c:36:06:9d:ea:a4:fc:e6:bf:16:ba:42:07:
         6f:36:c7:69:1b:55:e6:63:6d:62:dc:7a:00:19:15:81:ba:b7:
         af:fa:25:69:07:22:da:7d:79:1c:c3:a9:b9:43:5d:c8:06:59:
         0f:7d:cf:3a:14:2f:87:1a:b2:7a:33:7b:7e:0a:e0:a4:7c:15:
         5d:d0:b1:c6:c1:3e:35:9e:e5:ba:52:2b:21:ed:b8:ac:1c:d0:
         b9:a4:c5:bb:8f:8b:f5:e4:24:d6:8e:77:da:17:a9:45:b9:53:
         78:a5:79:9f:31:04:2b:ac:db:b7:0e:84:1c:b5:ee:b3:ad:27:
         5b:d3:5f:d8:53:35:35:f8:87:24:25:99:43:2e:ad:31:6e:08:
         bb:08:11:30:34:54:e4:d1:95:07:d3:b5:c6:9d:52:bb:52:6f:
         c4:87:26:8e:3d:70:83:b0:34:b7:f7:68:f7:ce:d8:51:49:89:
         24:e7:37:56:8a:20:10:c6:24:d6:05:3f:46:25:7d:2c:96:38:
         a7:44:db:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYtlUa4c6XFZMD9IPYSLVBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjUwNDEzMDUxNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRmYTJkYTRhMjljMTFlNzY2N2YzMjk3MzYzNGE5ZTJkYmRiNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dG97QoLIpwVw8Jxwnr4wr1wxa95
6+q29BYx6Y0uaD7ops+V31Seq96/qkMI+vw8gDVuRi0IzxkYGSRpKFYjVWyCcV3H
GhhP6/X6TymtEN6CcWb/w+X3iCJ8pn/yrSNeMEDTbcwjroWKTs7udknZb7Snk1f5
kc0vC44R3cTU0My1CLI6u9klofSLup3SHTWskdhxKClSSpbFkT3wUyhm9BKKe5wf
GAUxZCV4ED0CvD6uyLsHhmuE1quXwyHZYlcooayDNNfG4hrM8UvPNctwGoa8Scro
7gJ4DU6cp8glE7tIjIlp16LeXSBqqn0VBn8yL4VSlF9HwxnqjiQdiMTy0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrfotpKKcEedmfzKXNjSp4tvbS0MB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvMnQtaTJrb3B3UjUyWl9NcGMyTktuaTI5dExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyumMA0G
CSqGSIb3DQEBCwUAA4IBAQA5xeUycr2i7Z695wNKX8EZjxVsKKnzchjtxFyth8lf
l5CvlYprM+lpfAWnxRGYBl1nqK0FN77u6S9753w2Bp3qpPzmvxa6QgdvNsdpG1Xm
Y21i3HoAGRWBurev+iVpByLafXkcw6m5Q13IBlkPfc86FC+HGrJ6M3t+CuCkfBVd
0LHGwT41nuW6Uish7bisHNC5pMW7j4v15CTWjnfaF6lFuVN4pXmfMQQrrNu3DoQc
te6zrSdb01/YUzU1+IckJZlDLq0xbgi7CBEwNFTk0ZUH07XGnVK7Um/EhyaOPXCD
sDS392j3zthRSYkk5zdWiiAQxiTWBT9GJX0sljinRNuB
-----END CERTIFICATE-----