Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/s3_b2FtNp_Xov0w8vOK3kpMzIJo.roa
File:                     s3_b2FtNp_Xov0w8vOK3kpMzIJo.roa (raw, json)
Hash identifier:          PaZTnhY5+lG7YbdEL6bGma8/SiooFnpR5m/5VAYlKdY=
Subject key identifier:   B3:7F:DB:D8:5B:4D:A7:F5:E8:BF:4C:3C:BC:E2:B7:92:93:33:20:9A
Certificate issuer:       /CN=080369a358961f7284fbd591e927737cdb05c35d
Certificate serial:       019178DE56D9FD411FECF3F2D875B49673A1
Authority key identifier: 08:03:69:A3:58:96:1F:72:84:FB:D5:91:E9:27:73:7C:DB:05:C3:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/s3_b2FtNp_Xov0w8vOK3kpMzIJo.roa
Signing time:             Thu 22 Aug 2024 06:55:22 +0000
ROA not before:           Thu 22 Aug 2024 06:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8426
IP address blocks:        81.92.128.0/20 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:78:de:56:d9:fd:41:1f:ec:f3:f2:d8:75:b4:96:73:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=080369a358961f7284fbd591e927737cdb05c35d
        Validity
            Not Before: Aug 22 06:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b37fdbd85b4da7f5e8bf4c3cbce2b7929333209a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:25:39:a3:f9:b7:65:65:32:7f:26:51:34:71:
                    1d:95:05:bc:f2:57:57:80:c7:0b:88:a2:3b:57:97:
                    67:e3:15:f5:5e:08:8f:cf:20:c6:7a:60:6b:10:d8:
                    6f:e5:cf:bc:6d:58:43:b1:5a:78:d6:45:d8:14:fc:
                    6f:c0:d8:dd:97:95:71:ea:75:ac:65:57:2b:24:45:
                    b9:83:0e:06:48:23:ba:f4:75:95:c0:0f:55:f8:ad:
                    a4:f2:e5:27:67:b8:d8:8d:d2:d6:8e:d1:50:1c:ce:
                    a1:7e:4c:11:3f:53:2a:69:51:86:0a:2e:e0:19:3a:
                    17:75:ea:66:6f:a3:8a:b3:d7:3b:08:e9:8e:99:c4:
                    7a:34:22:a7:8d:23:ee:8c:6a:f2:64:9d:b8:0b:e8:
                    74:62:7e:e1:c2:4f:fb:08:e1:e2:62:89:34:cb:cf:
                    71:02:d4:28:d8:91:83:54:ea:20:4e:d3:23:95:25:
                    63:f9:1d:4f:86:34:84:0d:43:89:35:7e:59:5e:2b:
                    3e:b5:2f:95:f5:1f:8d:f6:67:62:b7:2e:22:2d:94:
                    3c:cf:28:b3:20:4e:61:f8:02:a5:d4:ad:9d:f0:71:
                    15:d9:0b:d7:16:7e:b9:f4:8b:88:dc:87:0a:a3:df:
                    7f:47:34:e7:f2:f7:12:2a:64:a9:b4:b6:30:10:9a:
                    f5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:7F:DB:D8:5B:4D:A7:F5:E8:BF:4C:3C:BC:E2:B7:92:93:33:20:9A
            X509v3 Authority Key Identifier:
                keyid:08:03:69:A3:58:96:1F:72:84:FB:D5:91:E9:27:73:7C:DB:05:C3:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/s3_b2FtNp_Xov0w8vOK3kpMzIJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.92.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:07:86:57:ae:db:b1:8e:24:ac:fd:d9:0a:8c:ed:30:87:91:
         99:34:4b:b1:3d:db:4a:6f:43:ca:83:a0:78:92:55:f9:f8:16:
         87:24:1e:87:e3:de:0a:c8:e2:5b:2c:e2:42:06:a6:f5:d9:1e:
         cf:2c:cd:f6:06:c9:44:01:4f:41:48:1f:a6:4a:82:66:0e:00:
         bd:fb:1f:98:b6:db:3a:44:22:a7:5c:20:0a:c9:97:a6:79:56:
         6e:47:1a:8a:31:31:87:2b:17:18:20:c7:55:58:68:9d:6f:d6:
         1d:9a:72:13:5b:1c:3c:b3:4a:6a:b3:00:79:b3:4f:7f:3a:c5:
         55:2c:68:62:24:f1:6e:fb:45:17:93:81:ee:00:8a:33:c4:45:
         1b:32:83:07:c9:3e:db:52:0b:bb:5e:a3:e0:21:a8:8b:fb:72:
         95:a8:cd:b7:73:ea:98:4e:e0:6d:c0:e3:30:b7:08:bd:da:02:
         37:b3:55:d6:3d:a5:bf:b1:de:0b:b5:89:58:48:87:c5:43:d3:
         78:87:5d:1b:b9:48:c0:e8:b2:bf:d0:4a:e4:d0:0b:3a:c7:10:
         e5:66:b6:4d:ae:d2:24:e9:60:cf:6b:36:0f:f5:7a:fe:99:cb:
         b7:a2:9d:5a:8d:42:f4:da:53:35:88:00:de:24:e5:b8:d0:dc:
         4a:0c:d6:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF43lbZ/UEf7PPy2HW0lnOhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDM2OWEzNTg5NjFmNzI4NGZiZDU5MWU5Mjc3MzdjZGIw
NWMzNWQwHhcNMjQwODIyMDY1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzdmZGJkODViNGRhN2Y1ZThiZjRjM2NiY2UyYjc5MjkzMzMyMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyU5o/m3ZWUyfyZRNHEdlQW88ldX
gMcLiKI7V5dn4xX1XgiPzyDGemBrENhv5c+8bVhDsVp41kXYFPxvwNjdl5Vx6nWs
ZVcrJEW5gw4GSCO69HWVwA9V+K2k8uUnZ7jYjdLWjtFQHM6hfkwRP1MqaVGGCi7g
GToXdepmb6OKs9c7COmOmcR6NCKnjSPujGryZJ24C+h0Yn7hwk/7COHiYok0y89x
AtQo2JGDVOogTtMjlSVj+R1PhjSEDUOJNX5ZXis+tS+V9R+N9mdity4iLZQ8zyiz
IE5h+AKl1K2d8HEV2QvXFn659IuI3IcKo99/RzTn8vcSKmSptLYwEJr1JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLN/29hbTaf16L9MPLzit5KTMyCaMB8GA1UdIwQY
MBaAFAgDaaNYlh9yhPvVkeknc3zbBcNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FOcG8xaVdIM0tFLTlXUjZTZHpmTnNGdzEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wMWFhYzMtYmNlOS00ZDdlLWE1ZmMt
M2YxYjE2YzZjZDYzLzEvczNfYjJGdE5wX1hvdjB3OHZPSzNrcE16SUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wMWFhYzMtYmNlOS00ZDdlLWE1ZmMtM2YxYjE2YzZjZDYz
LzEvQ0FOcG8xaVdIM0tFLTlXUjZTZHpmTnNGdzEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUVyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAWB4ZXrtuxjiSs/dkKjO0wh5GZNEuxPdtKb0PKg6B4
klX5+BaHJB6H494KyOJbLOJCBqb12R7PLM32BslEAU9BSB+mSoJmDgC9+x+Ytts6
RCKnXCAKyZemeVZuRxqKMTGHKxcYIMdVWGidb9YdmnITWxw8s0pqswB5s09/OsVV
LGhiJPFu+0UXk4HuAIozxEUbMoMHyT7bUgu7XqPgIaiL+3KVqM23c+qYTuBtwOMw
twi92gI3s1XWPaW/sd4LtYlYSIfFQ9N4h10buUjA6LK/0Erk0As6xxDlZrZNrtIk
6WDPazYP9Xr+mcu3op1ajUL02lM1iADeJOW40NxKDNbg
-----END CERTIFICATE-----