Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PkD5bjl66QGwpxdVKnsSwGzqTEg.roa
File:                     PkD5bjl66QGwpxdVKnsSwGzqTEg.roa (raw, json)
Hash identifier:          CTocChyRA4WrqlD5cDPlknnBb2xuQiZ1koR444pKFTs=
Subject key identifier:   3E:40:F9:6E:39:7A:E9:01:B0:A7:17:55:2A:7B:12:C0:6C:EA:4C:48
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01904F706C5AA5ADD7A42D859E2FC6AA218D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PkD5bjl66QGwpxdVKnsSwGzqTEg.roa
Signing time:             Tue 25 Jun 2024 12:48:06 +0000
ROA not before:           Tue 25 Jun 2024 12:48:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39690
IP address blocks:        45.86.16.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:70:6c:5a:a5:ad:d7:a4:2d:85:9e:2f:c6:aa:21:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jun 25 12:48:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e40f96e397ae901b0a717552a7b12c06cea4c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:76:f9:5c:50:4b:5a:cf:b2:6f:6a:e2:18:44:
                    41:1d:fd:c2:6a:17:c8:b1:88:41:df:58:19:a3:45:
                    0a:89:e5:e0:0e:fb:4a:74:5d:43:bd:29:de:95:7c:
                    b3:d9:c1:1e:99:2d:c7:00:01:a7:a7:3f:63:86:dc:
                    c1:d2:52:be:27:d9:56:3b:7a:c2:90:9e:f9:17:51:
                    87:7f:4c:a0:27:b9:ad:d1:fc:c9:3e:f2:f8:38:fe:
                    a7:22:95:12:9b:f0:96:ab:93:a0:5b:39:26:1c:6d:
                    6c:3f:f7:8d:25:f1:47:7d:54:f3:91:a7:50:85:60:
                    ce:39:9f:dc:fa:b2:88:a7:57:ef:6b:87:56:42:22:
                    62:c0:db:f3:f7:74:10:83:88:6d:21:e9:3c:2c:3d:
                    04:92:53:85:81:f1:fe:fc:10:a4:69:cc:73:6a:cb:
                    05:19:db:fd:6a:d6:d9:e2:21:06:54:f6:c9:2d:85:
                    ed:44:b3:cf:1b:43:dd:fb:95:2a:09:61:75:b7:4d:
                    18:9a:e5:8e:b3:da:95:bc:50:c5:b0:07:97:3b:6f:
                    c2:71:c2:9b:9c:b1:e7:a9:90:85:52:c6:4c:41:2b:
                    cd:6c:3c:ba:be:5a:ca:35:09:80:b1:ea:9f:02:44:
                    55:7b:b9:cb:9a:ce:b1:8a:12:f7:ac:72:a5:3c:14:
                    a2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:40:F9:6E:39:7A:E9:01:B0:A7:17:55:2A:7B:12:C0:6C:EA:4C:48
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/PkD5bjl66QGwpxdVKnsSwGzqTEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         69:3c:13:d9:d6:95:a5:05:06:75:40:e1:8c:87:11:ba:6b:8d:
         8c:bf:4a:cc:e9:e5:9b:12:ec:51:af:4b:83:13:36:6b:83:ad:
         f4:af:6f:2a:07:77:23:2d:de:f5:29:08:35:51:68:0b:d8:f7:
         83:65:ca:c3:2d:a6:27:6d:a6:e6:fe:9c:9b:dd:92:24:ae:dc:
         ea:02:ea:0f:4e:c3:ad:d8:e0:f1:4a:16:84:70:28:22:6a:d2:
         ae:d7:23:db:9f:62:98:95:f5:3f:84:59:0a:c3:8c:a2:a6:cd:
         65:5b:30:2c:8c:e0:50:57:58:26:ed:1c:48:c5:2e:0a:5c:23:
         63:4d:b3:0b:92:17:62:46:b7:7f:85:d6:5b:c2:f4:85:5f:ce:
         62:e0:9b:b5:2c:20:19:34:0e:05:8d:03:bf:ed:ad:30:54:5f:
         a8:02:d7:a1:9b:8b:6b:90:6a:06:25:1b:65:6c:28:2e:19:c6:
         07:77:cb:56:84:85:65:1d:98:e1:a5:f3:26:86:46:10:f0:69:
         9b:be:56:9f:03:c4:b0:fd:1f:cc:33:ca:b7:d4:60:98:26:36:
         45:9d:0b:5b:56:eb:5c:2c:4e:fb:65:75:5b:13:f5:09:29:63:
         f9:a6:ae:37:a2:b3:a0:32:ce:02:a5:27:ff:f6:2d:b0:67:38:
         1e:c6:ae:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBPcGxapa3XpC2Fni/GqiGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNjI1MTI0ODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTQwZjk2ZTM5N2FlOTAxYjBhNzE3NTUyYTdiMTJjMDZjZWE0YzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nb5XFBLWs+yb2riGERBHf3CahfI
sYhB31gZo0UKieXgDvtKdF1DvSnelXyz2cEemS3HAAGnpz9jhtzB0lK+J9lWO3rC
kJ75F1GHf0ygJ7mt0fzJPvL4OP6nIpUSm/CWq5OgWzkmHG1sP/eNJfFHfVTzkadQ
hWDOOZ/c+rKIp1fva4dWQiJiwNvz93QQg4htIek8LD0EklOFgfH+/BCkacxzassF
Gdv9atbZ4iEGVPbJLYXtRLPPG0Pd+5UqCWF1t00YmuWOs9qVvFDFsAeXO2/CccKb
nLHnqZCFUsZMQSvNbDy6vlrKNQmAseqfAkRVe7nLms6xihL3rHKlPBSiBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5A+W45eukBsKcXVSp7EsBs6kxIMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUGtENWJqbDY2UUd3cHhkVktuc1N3R3pxVEVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLVYQMA0G
CSqGSIb3DQEBCwUAA4IBAQBpPBPZ1pWlBQZ1QOGMhxG6a42Mv0rM6eWbEuxRr0uD
EzZrg630r28qB3cjLd71KQg1UWgL2PeDZcrDLaYnbabm/pyb3ZIkrtzqAuoPTsOt
2ODxShaEcCgiatKu1yPbn2KYlfU/hFkKw4yips1lWzAsjOBQV1gm7RxIxS4KXCNj
TbMLkhdiRrd/hdZbwvSFX85i4Ju1LCAZNA4FjQO/7a0wVF+oAtehm4trkGoGJRtl
bCguGcYHd8tWhIVlHZjhpfMmhkYQ8GmbvlafA8Sw/R/MM8q31GCYJjZFnQtbVutc
LE77ZXVbE/UJKWP5pq43orOgMs4CpSf/9i2wZzgexq5f
-----END CERTIFICATE-----