Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/O71co3CROU1MBxJIlyDvfXJPfWQ.roa
File:                     O71co3CROU1MBxJIlyDvfXJPfWQ.roa (raw, json)
Hash identifier:          MJriqkFHnrUxrAyZsV7l/5EV+r4KZTaoFALCrEvgz34=
Subject key identifier:   3B:BD:5C:A3:70:91:39:4D:4C:07:12:48:97:20:EF:7D:72:4F:7D:64
Certificate issuer:       /CN=5758cb11e842bcaf1323647f3befeee2fc6f0e2c
Certificate serial:       018FCE4C24EEB9BF20982D5FDBF917E76A3A
Authority key identifier: 57:58:CB:11:E8:42:BC:AF:13:23:64:7F:3B:EF:EE:E2:FC:6F:0E:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1jLEehCvK8TI2R_O-_u4vxvDiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/O71co3CROU1MBxJIlyDvfXJPfWQ.roa
Signing time:             Fri 31 May 2024 10:57:27 +0000
ROA not before:           Fri 31 May 2024 10:57:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39718
IP address blocks:        81.30.117.0/24 maxlen: 24
                          81.30.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/V1jLEehCvK8TI2R_O-_u4vxvDiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/V1jLEehCvK8TI2R_O-_u4vxvDiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1jLEehCvK8TI2R_O-_u4vxvDiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ce:4c:24:ee:b9:bf:20:98:2d:5f:db:f9:17:e7:6a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5758cb11e842bcaf1323647f3befeee2fc6f0e2c
        Validity
            Not Before: May 31 10:57:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bbd5ca37091394d4c0712489720ef7d724f7d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:3d:5a:07:d7:c1:92:29:06:ff:dc:3f:dd:54:
                    84:32:98:9e:73:75:5c:8b:c4:8a:16:ba:40:f1:d2:
                    69:70:f9:bf:51:84:60:f2:71:79:18:09:2d:ba:6c:
                    9e:b6:75:f9:c3:8e:0c:49:02:91:89:66:82:c3:44:
                    47:c4:f1:d7:82:a7:38:17:c5:87:ee:04:c1:02:5b:
                    2c:32:2b:91:94:9f:4d:8c:b9:de:35:d6:52:1c:9b:
                    12:b9:de:95:bf:0b:e6:66:88:ec:c2:30:7b:9a:32:
                    a3:fe:94:5a:88:61:e0:b1:41:fe:f6:7f:bc:60:1c:
                    3d:12:bf:1c:da:75:18:b4:f0:98:7b:72:d2:22:c6:
                    48:b0:d2:dc:1d:d9:9e:62:1d:dc:9d:56:83:89:8c:
                    d4:9a:42:23:ea:ef:93:cb:7c:99:31:5f:36:1f:50:
                    33:dc:3a:ac:d5:2a:b3:c9:69:0d:b1:16:d1:0e:13:
                    d7:5d:86:6e:2a:d9:34:6b:0d:6b:e3:05:44:e4:98:
                    60:8c:c6:ad:b8:04:d6:ed:f1:36:1a:3e:fa:6e:3b:
                    87:ac:25:6c:b1:2e:5b:b3:db:91:da:ca:4a:cd:b4:
                    e6:f9:ad:20:55:90:d2:05:97:83:37:4b:cc:14:2f:
                    ac:7e:af:fb:8f:96:e5:9d:80:2d:b0:90:18:52:6e:
                    4d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:BD:5C:A3:70:91:39:4D:4C:07:12:48:97:20:EF:7D:72:4F:7D:64
            X509v3 Authority Key Identifier:
                keyid:57:58:CB:11:E8:42:BC:AF:13:23:64:7F:3B:EF:EE:E2:FC:6F:0E:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1jLEehCvK8TI2R_O-_u4vxvDiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/O71co3CROU1MBxJIlyDvfXJPfWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/V1jLEehCvK8TI2R_O-_u4vxvDiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.117.0/24
                  81.30.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:5f:91:46:8d:81:a8:15:8d:e0:a1:90:17:71:4f:08:64:63:
         83:1e:86:28:6f:6c:7f:65:6f:f3:6e:51:7a:22:8b:2f:9f:df:
         41:64:4d:ff:c4:40:c2:8c:4a:c7:cc:eb:72:a6:c7:68:0b:21:
         88:d8:c1:4b:c2:b6:10:0b:aa:74:10:09:7d:fa:67:63:b1:72:
         e8:64:8d:26:47:02:01:35:a8:b3:34:16:3d:9e:c6:03:f5:36:
         5b:54:6b:4a:28:7a:7b:ae:b1:79:d7:58:0c:5e:c5:11:de:a5:
         a9:43:a3:64:a0:c5:c7:7a:d1:b8:80:7f:42:13:c0:32:91:2a:
         a6:1b:c8:50:a5:36:ae:bb:6e:e7:6f:25:ec:5e:ef:c3:12:a4:
         7a:75:10:47:3f:76:47:fe:c3:6b:b0:20:4c:15:b5:db:ab:44:
         6a:a0:35:f7:95:34:f7:de:1a:f7:fc:d8:b9:09:5b:07:ba:81:
         e3:2e:f8:52:69:f2:8b:47:d5:9e:0d:de:28:a1:13:fa:f2:e0:
         ac:b9:cf:78:8a:90:b5:d1:41:bf:bd:bc:fe:59:c8:97:8d:0f:
         8a:74:a1:bc:87:6c:1d:06:70:76:26:89:2d:5f:69:33:30:cd:
         c9:37:21:eb:ef:3b:1d:bf:51:c1:67:32:9c:57:77:4d:2d:8c:
         3e:ec:03:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/OTCTuub8gmC1f2/kX52o6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NThjYjExZTg0MmJjYWYxMzIzNjQ3ZjNiZWZlZWUyZmM2
ZjBlMmMwHhcNMjQwNTMxMTA1NzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmJkNWNhMzcwOTEzOTRkNGMwNzEyNDg5NzIwZWY3ZDcyNGY3ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7T1aB9fBkikG/9w/3VSEMpiec3Vc
i8SKFrpA8dJpcPm/UYRg8nF5GAktumyetnX5w44MSQKRiWaCw0RHxPHXgqc4F8WH
7gTBAlssMiuRlJ9NjLneNdZSHJsSud6VvwvmZojswjB7mjKj/pRaiGHgsUH+9n+8
YBw9Er8c2nUYtPCYe3LSIsZIsNLcHdmeYh3cnVaDiYzUmkIj6u+Ty3yZMV82H1Az
3Dqs1SqzyWkNsRbRDhPXXYZuKtk0aw1r4wVE5JhgjMatuATW7fE2Gj76bjuHrCVs
sS5bs9uR2spKzbTm+a0gVZDSBZeDN0vMFC+sfq/7j5blnYAtsJAYUm5NOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDu9XKNwkTlNTAcSSJcg731yT31kMB8GA1UdIwQY
MBaAFFdYyxHoQryvEyNkfzvv7uL8bw4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFqTEVlaEN2SzhUSTJSX08tX3U0dnh2RGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMjgzMzAtOGJhMC00Yjg4LWE3YWMt
OGJiZjhiZmM2ZDhlLzEvTzcxY28zQ1JPVTFNQnhKSWx5RHZmWEpQZldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMjgzMzAtOGJhMC00Yjg4LWE3YWMtOGJiZjhiZmM2ZDhl
LzEvVjFqTEVlaEN2SzhUSTJSX08tX3U0dnh2RGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR51AwQA
UR5/MA0GCSqGSIb3DQEBCwUAA4IBAQCvX5FGjYGoFY3goZAXcU8IZGODHoYob2x/
ZW/zblF6Iosvn99BZE3/xEDCjErHzOtypsdoCyGI2MFLwrYQC6p0EAl9+mdjsXLo
ZI0mRwIBNaizNBY9nsYD9TZbVGtKKHp7rrF511gMXsUR3qWpQ6NkoMXHetG4gH9C
E8AykSqmG8hQpTauu27nbyXsXu/DEqR6dRBHP3ZH/sNrsCBMFbXbq0RqoDX3lTT3
3hr3/Ni5CVsHuoHjLvhSafKLR9WeDd4ooRP68uCsuc94ipC10UG/vbz+WciXjQ+K
dKG8h2wdBnB2JoktX2kzMM3JNyHr7zsdv1HBZzKcV3dNLYw+7ANy
-----END CERTIFICATE-----