Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/fcc8b3-fdd1-4abd-aca6-e7e25cb98e63/1/oEozbkM_G7KRWPvhz8IOqmSTDm8.roa
File:                     oEozbkM_G7KRWPvhz8IOqmSTDm8.roa (raw, json)
Hash identifier:          qEbF2kwynhJGjh99H+ylJThuEMgkQE+2vEhAfGvOML0=
Subject key identifier:   A0:4A:33:6E:43:3F:1B:B2:91:58:FB:E1:CF:C2:0E:AA:64:93:0E:6F
Certificate issuer:       /CN=2d35f65df2cb3ea16e51152fac75947fa9c30bf7
Certificate serial:       018D86E511A728579C0DAFFEE5052E43D966
Authority key identifier: 2D:35:F6:5D:F2:CB:3E:A1:6E:51:15:2F:AC:75:94:7F:A9:C3:0B:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LTX2XfLLPqFuURUvrHWUf6nDC_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/fcc8b3-fdd1-4abd-aca6-e7e25cb98e63/1/oEozbkM_G7KRWPvhz8IOqmSTDm8.roa
Signing time:             Thu 08 Feb 2024 04:06:15 +0000
ROA not before:           Thu 08 Feb 2024 04:06:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60930
IP address blocks:        91.147.84.0/22 maxlen: 24
                          213.134.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/fcc8b3-fdd1-4abd-aca6-e7e25cb98e63/1/LTX2XfLLPqFuURUvrHWUf6nDC_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/fcc8b3-fdd1-4abd-aca6-e7e25cb98e63/1/LTX2XfLLPqFuURUvrHWUf6nDC_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LTX2XfLLPqFuURUvrHWUf6nDC_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:86:e5:11:a7:28:57:9c:0d:af:fe:e5:05:2e:43:d9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d35f65df2cb3ea16e51152fac75947fa9c30bf7
        Validity
            Not Before: Feb  8 04:06:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a04a336e433f1bb29158fbe1cfc20eaa64930e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:05:ae:19:aa:37:c3:88:09:97:34:3b:ce:3a:
                    dd:2c:4b:96:79:99:30:0e:3a:b4:28:88:97:06:d0:
                    9a:fd:75:24:74:7c:2e:2c:8b:0b:3f:33:57:b4:96:
                    95:ac:1f:e2:35:05:61:93:4f:23:68:d9:ac:00:fd:
                    1e:5c:0d:56:60:38:16:e7:2f:96:8b:cd:c4:4e:48:
                    05:de:ba:b7:70:ad:2d:70:9e:c1:3c:ec:af:a1:11:
                    10:71:d1:e9:0f:4e:e6:df:96:05:49:ae:32:58:c0:
                    96:a0:bb:73:ab:69:84:91:9a:1b:af:56:f8:03:a2:
                    6d:d9:99:13:ce:c1:e1:da:b3:8f:28:b0:c0:5d:fc:
                    1e:21:00:df:29:0b:18:1c:75:32:8a:d6:0d:63:1f:
                    dd:9b:fa:64:62:1a:73:1b:e5:4f:35:6a:bc:13:df:
                    c0:96:b0:e2:ef:90:03:45:76:8b:62:fa:08:50:94:
                    44:12:3a:af:c5:79:a5:e3:2e:0c:4e:02:9c:a2:39:
                    57:b3:e6:fe:6a:e1:9d:97:5b:da:85:89:53:1d:ec:
                    01:9e:3e:e7:c6:38:36:e0:c3:51:e7:98:31:b6:73:
                    c9:4d:76:cc:f1:db:2b:56:e9:40:e7:21:1a:64:c4:
                    65:4a:89:4f:20:e3:f5:77:ac:f0:68:b7:10:bb:02:
                    8a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4A:33:6E:43:3F:1B:B2:91:58:FB:E1:CF:C2:0E:AA:64:93:0E:6F
            X509v3 Authority Key Identifier:
                keyid:2D:35:F6:5D:F2:CB:3E:A1:6E:51:15:2F:AC:75:94:7F:A9:C3:0B:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LTX2XfLLPqFuURUvrHWUf6nDC_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/fcc8b3-fdd1-4abd-aca6-e7e25cb98e63/1/oEozbkM_G7KRWPvhz8IOqmSTDm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/fcc8b3-fdd1-4abd-aca6-e7e25cb98e63/1/LTX2XfLLPqFuURUvrHWUf6nDC_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.84.0/22
                  213.134.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:62:7d:f1:c7:33:36:6f:0c:69:97:d9:ef:bf:0c:11:94:23:
         9d:8b:2d:f0:a2:6a:98:10:e3:09:0c:44:fb:e2:72:87:97:4d:
         17:39:07:f6:3c:54:30:6c:6b:87:76:61:6e:41:a9:71:73:5b:
         1f:60:40:85:f2:87:1f:48:d9:dd:93:c3:cf:77:7e:4e:ab:4d:
         eb:dc:a1:11:f8:eb:4e:c4:43:90:d1:a3:7e:a0:df:cf:18:3e:
         26:09:5d:56:bb:5f:fe:33:93:4c:dd:57:a4:92:04:45:ab:61:
         4a:7b:57:79:e3:d9:af:f9:a8:eb:03:28:df:3e:de:8a:c8:12:
         2f:5b:03:07:67:27:8a:61:25:be:a9:56:ba:7d:71:5c:e1:97:
         d7:7e:58:39:d8:9b:8a:e4:ea:de:d1:1c:a5:b3:ad:20:87:bd:
         29:9f:f6:a7:90:05:ba:30:c1:a4:26:ef:f7:a5:6e:5b:56:91:
         4e:14:94:91:6a:3d:de:e0:bf:40:60:e9:e0:80:32:6e:f2:cc:
         6f:f5:6d:2c:a5:c9:77:5b:1c:03:b8:51:2f:60:24:4b:1d:0d:
         85:55:62:74:c2:4b:d6:56:41:c9:04:f5:6e:e4:85:b4:37:46:
         2a:33:e2:49:14:ab:eb:50:f0:98:ac:d3:8b:b5:25:d5:75:54:
         4d:0d:26:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2G5RGnKFecDa/+5QUuQ9lmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMzVmNjVkZjJjYjNlYTE2ZTUxMTUyZmFjNzU5NDdmYTlj
MzBiZjcwHhcNMjQwMjA4MDQwNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRhMzM2ZTQzM2YxYmIyOTE1OGZiZTFjZmMyMGVhYTY0OTMwZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQWuGao3w4gJlzQ7zjrdLEuWeZkw
Djq0KIiXBtCa/XUkdHwuLIsLPzNXtJaVrB/iNQVhk08jaNmsAP0eXA1WYDgW5y+W
i83ETkgF3rq3cK0tcJ7BPOyvoREQcdHpD07m35YFSa4yWMCWoLtzq2mEkZobr1b4
A6Jt2ZkTzsHh2rOPKLDAXfweIQDfKQsYHHUyitYNYx/dm/pkYhpzG+VPNWq8E9/A
lrDi75ADRXaLYvoIUJREEjqvxXml4y4MTgKcojlXs+b+auGdl1vahYlTHewBnj7n
xjg24MNR55gxtnPJTXbM8dsrVulA5yEaZMRlSolPIOP1d6zwaLcQuwKKZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKBKM25DPxuykVj74c/CDqpkkw5vMB8GA1UdIwQY
MBaAFC019l3yyz6hblEVL6x1lH+pwwv3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFRYMlhmTExQcUZ1VVJVdnJIV1VmNm5EQ19jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9mY2M4YjMtZmRkMS00YWJkLWFjYTYt
ZTdlMjVjYjk4ZTYzLzEvb0VvemJrTV9HN0tSV1B2aHo4SU9xbVNURG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9mY2M4YjMtZmRkMS00YWJkLWFjYTYtZTdlMjVjYjk4ZTYz
LzEvTFRYMlhmTExQcUZ1VVJVdnJIV1VmNm5EQ19jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW5NUAwQA
1YYeMA0GCSqGSIb3DQEBCwUAA4IBAQANYn3xxzM2bwxpl9nvvwwRlCOdiy3womqY
EOMJDET74nKHl00XOQf2PFQwbGuHdmFuQalxc1sfYECF8ocfSNndk8PPd35Oq03r
3KER+OtOxEOQ0aN+oN/PGD4mCV1Wu1/+M5NM3VekkgRFq2FKe1d549mv+ajrAyjf
Pt6KyBIvWwMHZyeKYSW+qVa6fXFc4ZfXflg52JuK5Ore0Ryls60gh70pn/ankAW6
MMGkJu/3pW5bVpFOFJSRaj3e4L9AYOnggDJu8sxv9W0spcl3WxwDuFEvYCRLHQ2F
VWJ0wkvWVkHJBPVu5IW0N0YqM+JJFKvrUPCYrNOLtSXVdVRNDSYR
-----END CERTIFICATE-----