Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/3wyQEu5OoyZI6zzFu_K7eR8r2k0.roa
File:                     3wyQEu5OoyZI6zzFu_K7eR8r2k0.roa (raw, json)
Hash identifier:          XH9jkxrIlZPxvTylaely66F2tNQox49s+kPAwUtxuCA=
Subject key identifier:   DF:0C:90:12:EE:4E:A3:26:48:EB:3C:C5:BB:F2:BB:79:1F:2B:DA:4D
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FBD2802A072A67B5B7ADA2A816129
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/3wyQEu5OoyZI6zzFu_K7eR8r2k0.roa
Signing time:             Tue 02 Jan 2024 04:30:15 +0000
ROA not before:           Tue 02 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6461
IP address blocks:        93.120.0.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:bd:28:02:a0:72:a6:7b:5b:7a:da:2a:81:61:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df0c9012ee4ea32648eb3cc5bbf2bb791f2bda4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:67:53:59:d8:15:a1:90:82:0d:40:c2:58:ac:
                    30:79:78:01:22:e3:db:ab:63:39:e2:81:cb:e3:00:
                    51:ca:ed:28:f4:92:87:32:0d:df:71:b5:87:e0:95:
                    71:90:fe:3b:dc:32:18:53:f8:4f:2f:65:fc:b8:b1:
                    c3:65:4d:5b:23:0d:98:7a:30:44:06:42:3f:97:3e:
                    4a:05:50:16:d8:5b:3a:b9:03:79:60:50:42:ad:dd:
                    16:f2:96:d2:2a:44:d6:58:c6:9b:8c:ab:3c:d6:60:
                    35:93:c7:98:59:1c:5b:46:78:23:e1:74:e7:a2:17:
                    28:74:64:7e:7a:36:c0:a8:4c:c7:4b:fd:14:5e:48:
                    c8:59:3c:2f:e3:40:43:c4:88:f6:d6:ef:d6:ba:57:
                    bd:be:c6:df:38:84:79:70:48:6f:44:27:a6:4b:10:
                    58:66:22:1e:c2:96:5f:f9:15:1a:9e:1b:af:99:b5:
                    ad:e8:39:2b:74:b2:2d:ea:d1:76:5f:b8:af:30:ab:
                    28:54:b6:8e:d3:0c:8d:8b:d4:7a:3d:ca:c2:01:24:
                    fe:ce:d4:e1:dd:4e:34:5a:3a:b9:fc:fc:27:f8:23:
                    51:af:16:e7:49:f8:e9:43:39:e5:58:a5:0e:27:4d:
                    1d:27:59:89:a1:94:c7:ea:1f:c0:8f:2d:e2:9a:2f:
                    f8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:0C:90:12:EE:4E:A3:26:48:EB:3C:C5:BB:F2:BB:79:1F:2B:DA:4D
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/3wyQEu5OoyZI6zzFu_K7eR8r2k0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.120.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:c7:82:b3:76:ac:90:fb:4a:a7:03:4e:d4:c1:72:b2:61:86:
         7f:3f:8a:78:1f:a4:f8:22:e2:cc:ab:6d:49:e7:bc:fc:c5:ed:
         74:b8:6f:c4:7c:1b:51:7d:cc:ec:90:ae:44:20:d9:d8:cf:95:
         75:2f:89:88:c2:ae:23:9d:ab:b7:6f:66:d4:16:4e:22:55:20:
         36:15:02:7b:e4:df:b3:91:6f:73:47:6c:02:a8:29:a7:62:60:
         76:e8:74:4d:d9:86:2c:b4:fa:22:3c:7f:0d:02:6d:18:f5:55:
         17:eb:a5:5a:00:3c:b1:4d:cd:c5:3b:ed:2f:37:f5:6a:f5:07:
         32:4c:3d:8e:9a:41:a9:7a:84:8d:a0:0f:c7:a4:3f:ec:2b:00:
         73:ac:9d:8c:5c:e6:77:2c:d7:0c:4b:f6:8a:d4:ac:b4:b3:e6:
         32:6b:b1:5f:20:fd:9b:1d:1f:2e:a0:88:15:f8:f6:a7:b5:67:
         e7:68:b8:8c:4f:e0:21:cb:2e:44:0c:70:3f:d3:c9:1f:ce:59:
         51:2f:fb:d7:6d:1a:c6:14:a6:4e:58:68:26:02:63:a9:00:77:
         f1:f6:d4:45:2d:f8:f2:ab:06:9e:78:92:31:76:af:a2:6b:e6:
         e2:b6:0a:5d:75:f9:53:b2:9c:1a:95:3f:fd:3a:fb:98:a4:89:
         17:33:14:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb70oAqBypntbetoqgWEpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjBjOTAxMmVlNGVhMzI2NDhlYjNjYzViYmYyYmI3OTFmMmJkYTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGdTWdgVoZCCDUDCWKwweXgBIuPb
q2M54oHL4wBRyu0o9JKHMg3fcbWH4JVxkP473DIYU/hPL2X8uLHDZU1bIw2YejBE
BkI/lz5KBVAW2Fs6uQN5YFBCrd0W8pbSKkTWWMabjKs81mA1k8eYWRxbRngj4XTn
ohcodGR+ejbAqEzHS/0UXkjIWTwv40BDxIj21u/Wule9vsbfOIR5cEhvRCemSxBY
ZiIewpZf+RUanhuvmbWt6DkrdLIt6tF2X7ivMKsoVLaO0wyNi9R6PcrCAST+ztTh
3U40Wjq5/Pwn+CNRrxbnSfjpQznlWKUOJ00dJ1mJoZTH6h/Ajy3imi/4eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8MkBLuTqMmSOs8xbvyu3kfK9pNMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvM3d5UUV1NU9veVpJNnp6RnVfSzdlUjhyMmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXXgAMA0G
CSqGSIb3DQEBCwUAA4IBAQArx4KzdqyQ+0qnA07UwXKyYYZ/P4p4H6T4IuLMq21J
57z8xe10uG/EfBtRfczskK5EINnYz5V1L4mIwq4jnau3b2bUFk4iVSA2FQJ75N+z
kW9zR2wCqCmnYmB26HRN2YYstPoiPH8NAm0Y9VUX66VaADyxTc3FO+0vN/Vq9Qcy
TD2OmkGpeoSNoA/HpD/sKwBzrJ2MXOZ3LNcMS/aK1Ky0s+Yya7FfIP2bHR8uoIgV
+PantWfnaLiMT+Ahyy5EDHA/08kfzllRL/vXbRrGFKZOWGgmAmOpAHfx9tRFLfjy
qwaeeJIxdq+ia+bitgpddflTspwalT/9OvuYpIkXMxQU
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:29:39 2024 by rpki-client on console-fra.rpki-client.org