Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/2-nCaHmevlNVQ1LwN6cDQxc9WPs.roa
File:                     2-nCaHmevlNVQ1LwN6cDQxc9WPs.roa (raw, json)
Hash identifier:          kni7NUDdyCWq6EQHouYj/2AZWVMQyGvaJ7F1Gtymwlc=
Subject key identifier:   DB:E9:C2:68:79:9E:BE:53:55:43:52:F0:37:A7:03:43:17:3D:58:FB
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AE6780DA2108CA587F4E76663D6FA
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/2-nCaHmevlNVQ1LwN6cDQxc9WPs.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42508
IP address blocks:        81.181.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e6:78:0d:a2:10:8c:a5:87:f4:e7:66:63:d6:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe9c268799ebe53554352f037a70343173d58fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:39:65:c0:c9:34:57:2c:61:77:66:99:a5:94:
                    dd:de:59:c6:98:07:8a:2e:fc:2a:22:9f:d6:38:e4:
                    ef:53:fe:52:ce:c0:63:39:21:3f:24:84:af:22:55:
                    69:5e:41:6c:23:ef:b8:ab:0c:52:0d:22:48:df:bd:
                    f2:09:54:de:ed:6f:7a:51:b2:df:d2:82:3e:88:dd:
                    c7:b8:63:6a:1a:3d:27:05:e2:0b:ad:90:0b:6d:20:
                    64:c7:44:98:c4:89:58:0d:57:28:4b:b9:83:7b:2b:
                    ca:4b:d4:76:a1:37:a7:cd:2d:52:de:38:ad:36:46:
                    b2:16:56:01:c3:96:d5:62:fe:04:a4:e9:0a:31:82:
                    eb:1f:3a:43:69:3d:e2:e6:b0:f0:80:a8:e6:9b:8a:
                    c3:d8:b9:8b:89:a3:b9:53:86:ea:62:68:c6:c2:2f:
                    a3:2d:3b:0f:b8:c7:dc:7e:b0:2b:5d:49:35:a1:c8:
                    4d:b2:ca:22:b7:c0:88:00:a1:52:37:18:6f:af:7a:
                    d8:cf:a3:6e:11:ee:14:df:a2:3c:41:c2:50:30:69:
                    94:de:af:e7:b7:a3:49:09:44:61:27:94:c3:b8:5c:
                    e7:26:e0:39:be:ba:fe:e0:bb:e1:9a:2f:0d:53:4b:
                    9c:87:7e:ac:36:c2:83:46:d5:71:7e:92:95:9f:c9:
                    82:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E9:C2:68:79:9E:BE:53:55:43:52:F0:37:A7:03:43:17:3D:58:FB
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/2-nCaHmevlNVQ1LwN6cDQxc9WPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:f1:21:f2:33:c2:23:ff:75:7e:ea:2a:85:99:44:a2:62:ed:
         77:70:fa:b2:96:80:3c:0b:a4:34:b1:51:c0:d6:21:be:4f:2e:
         76:bb:0f:cd:66:bb:86:f8:70:4e:46:ab:5d:da:ba:c0:18:30:
         65:ef:53:33:69:f9:ba:e2:70:3c:88:63:37:93:c7:82:70:f0:
         ac:45:a2:e4:62:5e:e8:7f:66:2b:d1:b2:83:19:5e:1f:22:fd:
         37:f3:ba:de:fb:fc:ab:75:4b:6f:8b:13:37:80:f2:26:07:d3:
         bb:62:ed:5e:9a:f8:6a:e7:7b:17:25:55:4a:48:7f:de:0f:ac:
         49:6b:3e:7c:01:cf:f6:ad:62:62:7b:59:19:56:e2:c7:3f:e1:
         79:86:bf:82:a2:c3:2c:e5:27:1f:48:9a:34:fb:8d:c1:10:13:
         4b:d1:23:5f:94:7a:c3:51:8b:36:38:2b:e6:d9:f8:0e:9a:63:
         ea:26:80:d5:7b:34:f7:25:53:ac:08:b1:9d:f4:0f:c0:ff:63:
         99:af:a6:e7:d5:10:12:ff:c0:d0:8d:bb:a2:87:89:3e:cd:38:
         d9:4d:70:b5:93:82:ba:ac:f3:9b:71:78:c1:fe:fd:91:66:a1:
         57:21:4c:a0:49:b5:6e:6d:f1:a4:b4:c2:25:cb:78:a9:10:cb:
         1e:ea:99:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuZ4DaIQjKWH9OdmY9b6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmU5YzI2ODc5OWViZTUzNTU0MzUyZjAzN2E3MDM0MzE3M2Q1OGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTllwMk0Vyxhd2aZpZTd3lnGmAeK
LvwqIp/WOOTvU/5SzsBjOSE/JISvIlVpXkFsI++4qwxSDSJI373yCVTe7W96UbLf
0oI+iN3HuGNqGj0nBeILrZALbSBkx0SYxIlYDVcoS7mDeyvKS9R2oTenzS1S3jit
NkayFlYBw5bVYv4EpOkKMYLrHzpDaT3i5rDwgKjmm4rD2LmLiaO5U4bqYmjGwi+j
LTsPuMfcfrArXUk1ochNssoit8CIAKFSNxhvr3rYz6NuEe4U36I8QcJQMGmU3q/n
t6NJCURhJ5TDuFznJuA5vrr+4Lvhmi8NU0uch36sNsKDRtVxfpKVn8mC2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvpwmh5nr5TVUNS8DenA0MXPVj7MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMi1uQ2FIbWV2bE5WUTFMd042Y0RReGM5V1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbVmMA0G
CSqGSIb3DQEBCwUAA4IBAQCy8SHyM8Ij/3V+6iqFmUSiYu13cPqyloA8C6Q0sVHA
1iG+Ty52uw/NZruG+HBORqtd2rrAGDBl71Mzafm64nA8iGM3k8eCcPCsRaLkYl7o
f2Yr0bKDGV4fIv0387re+/yrdUtvixM3gPImB9O7Yu1emvhq53sXJVVKSH/eD6xJ
az58Ac/2rWJie1kZVuLHP+F5hr+CosMs5ScfSJo0+43BEBNL0SNflHrDUYs2OCvm
2fgOmmPqJoDVezT3JVOsCLGd9A/A/2OZr6bn1RAS/8DQjbuih4k+zTjZTXC1k4K6
rPObcXjB/v2RZqFXIUygSbVubfGktMIly3ipEMse6pnf
-----END CERTIFICATE-----