Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/pFNu8k4uIydhPl4EdBCPOJcUBC4.roa
File:                     pFNu8k4uIydhPl4EdBCPOJcUBC4.roa (raw, json)
Hash identifier:          UoA/kyCP6JVDXcPEUFg52wFEYnuGpla/p+xE0/RbGhg=
Subject key identifier:   A4:53:6E:F2:4E:2E:23:27:61:3E:5E:04:74:10:8F:38:97:14:04:2E
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       0190B7E10085BDF26DD117783266D0AA0E05
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/pFNu8k4uIydhPl4EdBCPOJcUBC4.roa
Signing time:             Mon 15 Jul 2024 19:31:34 +0000
ROA not before:           Mon 15 Jul 2024 19:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149766
IP address blocks:        81.31.234.0/24 maxlen: 24
                          185.84.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b7:e1:00:85:bd:f2:6d:d1:17:78:32:66:d0:aa:0e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jul 15 19:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4536ef24e2e2327613e5e0474108f389714042e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:97:bf:d1:35:0a:57:4b:74:35:0d:d5:07:db:
                    52:c8:a9:97:04:0a:56:15:6c:ff:f0:24:d9:c3:81:
                    86:2c:fe:fe:d7:97:fc:bf:e3:a1:15:92:00:7c:cf:
                    0f:10:41:c0:3e:06:64:bd:c2:42:2e:02:eb:30:d9:
                    40:f1:05:ae:17:be:bb:ae:45:0e:d4:64:0b:99:84:
                    68:2b:63:cc:ba:d0:a0:14:4e:14:0a:8e:d1:57:cd:
                    9d:0d:ce:d3:ee:30:47:2c:4f:16:a4:65:94:9a:a2:
                    2a:b5:6b:0f:da:94:fd:1b:18:b7:2e:ee:f6:af:82:
                    9d:d8:a2:27:27:36:b7:83:44:83:a3:da:2e:b2:19:
                    f5:3a:26:e5:05:ee:e0:16:5d:c2:df:a6:4d:ca:cc:
                    85:41:29:6a:e4:31:50:7d:5a:1b:82:a4:d6:cf:a8:
                    52:73:2e:95:a2:34:a0:9b:b1:a9:dc:d6:46:cb:8d:
                    ac:95:09:d8:51:77:28:6d:15:f1:64:e2:7a:92:58:
                    36:e6:30:66:b8:f8:d7:d3:8d:d9:0b:e7:36:92:a1:
                    53:1a:13:6b:9a:5e:70:52:bb:f2:e6:c9:c4:c9:ab:
                    c2:16:b2:29:f0:6e:75:2e:08:c4:13:00:cd:9b:6a:
                    d1:f3:33:09:cc:16:5d:a1:db:20:58:0d:a8:20:d7:
                    49:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:53:6E:F2:4E:2E:23:27:61:3E:5E:04:74:10:8F:38:97:14:04:2E
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/pFNu8k4uIydhPl4EdBCPOJcUBC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.234.0/24
                  185.84.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:08:a0:d8:28:d0:58:fc:8d:4c:37:43:79:08:d0:6b:c7:64:
         3b:a2:cd:6a:76:d6:09:15:b1:dd:a9:56:77:11:f9:ea:e4:d6:
         ca:0b:3f:70:c8:62:90:13:dd:f7:15:e9:14:6a:1d:9e:3e:45:
         52:97:06:b3:95:52:39:e3:80:65:da:f4:85:91:8e:0c:f4:4b:
         8b:ca:74:a4:1a:f0:ae:85:10:96:bc:23:e0:76:cf:a6:b4:b5:
         7a:a3:17:1d:5d:2d:01:b5:db:3c:78:f1:b3:d2:26:a6:cb:03:
         3e:92:1a:46:13:0d:49:a3:9c:c9:2f:f9:ea:4b:23:da:32:ac:
         e6:f6:e7:21:d9:25:0d:e5:4d:36:38:58:f1:ee:c1:55:4c:4c:
         df:f6:4f:2e:c6:5d:be:d6:b9:96:3e:45:f8:09:83:db:da:a5:
         f8:35:eb:75:ae:27:96:d0:e6:b8:22:63:91:1e:b2:83:28:98:
         19:18:a1:4f:ec:87:ca:b0:dc:e7:b9:80:c0:eb:b4:65:c7:65:
         8d:a2:25:02:3a:b4:92:d7:2c:18:94:ca:0d:c9:c7:8c:3c:eb:
         c2:91:06:5e:0c:a1:c1:fb:fb:3c:9e:9e:21:ab:66:be:e1:10:
         27:4e:b3:4a:40:85:fe:0e:a1:bc:31:68:ea:6e:02:30:15:09:
         87:92:05:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZC34QCFvfJt0Rd4MmbQqg4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwNzE1MTkzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDUzNmVmMjRlMmUyMzI3NjEzZTVlMDQ3NDEwOGYzODk3MTQwNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJe/0TUKV0t0NQ3VB9tSyKmXBApW
FWz/8CTZw4GGLP7+15f8v+OhFZIAfM8PEEHAPgZkvcJCLgLrMNlA8QWuF767rkUO
1GQLmYRoK2PMutCgFE4UCo7RV82dDc7T7jBHLE8WpGWUmqIqtWsP2pT9Gxi3Lu72
r4Kd2KInJza3g0SDo9oushn1OiblBe7gFl3C36ZNysyFQSlq5DFQfVobgqTWz6hS
cy6VojSgm7Gp3NZGy42slQnYUXcobRXxZOJ6klg25jBmuPjX043ZC+c2kqFTGhNr
ml5wUrvy5snEyavCFrIp8G51LgjEEwDNm2rR8zMJzBZdodsgWA2oINdJSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKRTbvJOLiMnYT5eBHQQjziXFAQuMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvcEZOdThrNHVJeWRoUGw0RWRCQ1BPSmNVQkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR/qAwQB
uVSgMA0GCSqGSIb3DQEBCwUAA4IBAQALCKDYKNBY/I1MN0N5CNBrx2Q7os1qdtYJ
FbHdqVZ3Efnq5NbKCz9wyGKQE933FekUah2ePkVSlwazlVI544Bl2vSFkY4M9EuL
ynSkGvCuhRCWvCPgds+mtLV6oxcdXS0Btds8ePGz0iamywM+khpGEw1Jo5zJL/nq
SyPaMqzm9uch2SUN5U02OFjx7sFVTEzf9k8uxl2+1rmWPkX4CYPb2qX4Net1rieW
0Oa4ImORHrKDKJgZGKFP7IfKsNznuYDA67Rlx2WNoiUCOrSS1ywYlMoNyceMPOvC
kQZeDKHB+/s8np4hq2a+4RAnTrNKQIX+DqG8MWjqbgIwFQmHkgXm
-----END CERTIFICATE-----