Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/5oXEjXSZXk8gGoeKSpnatlzSkU8.roa
File:                     5oXEjXSZXk8gGoeKSpnatlzSkU8.roa (raw, json)
Hash identifier:          c/0vVch+MHtmDQjhHSs8QLQwqQdJpq4N5Py2CuvTAbM=
Subject key identifier:   E6:85:C4:8D:74:99:5E:4F:20:1A:87:8A:4A:99:DA:B6:5C:D2:91:4F
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       018CC348ECB8D25152E7040965C6A8B3354C
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/5oXEjXSZXk8gGoeKSpnatlzSkU8.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22363
IP address blocks:        82.81.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ec:b8:d2:51:52:e7:04:09:65:c6:a8:b3:35:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e685c48d74995e4f201a878a4a99dab65cd2914f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6e:de:6c:03:20:60:5e:bc:99:98:46:0b:76:
                    c3:5d:af:0d:1a:f6:c5:03:e1:95:68:15:2a:40:65:
                    d4:b8:ae:ba:73:77:08:91:9b:3b:22:cc:da:02:d3:
                    f6:25:69:7d:a5:21:c3:c1:e6:bf:81:ab:ed:12:12:
                    18:02:ba:12:2e:38:69:44:b3:4b:c3:eb:c1:cd:6e:
                    57:1b:cb:eb:67:21:73:0d:a3:a1:94:86:f8:03:f4:
                    f5:af:a2:e1:d1:65:23:58:8b:3e:84:6e:3b:0c:9e:
                    58:37:97:03:98:51:39:2a:61:d7:3d:63:0d:fa:71:
                    3a:35:f6:08:1c:d6:1d:5f:01:21:15:ca:e7:14:bc:
                    29:18:3e:2e:3b:df:c5:87:6f:b2:c6:5e:7b:25:3a:
                    85:00:54:56:1c:76:f7:16:6e:83:a2:00:81:39:34:
                    7b:35:1a:e6:ad:6e:58:d4:d8:ec:42:b0:89:ef:94:
                    34:93:9e:8f:31:f1:b5:f8:25:94:6a:1a:18:a6:8a:
                    f0:45:47:f9:13:a5:dc:8e:c1:b1:fc:a4:97:76:65:
                    49:3b:55:6b:23:f2:b6:6c:c7:9b:12:b8:92:10:b6:
                    b6:95:f2:49:1f:60:4c:aa:68:9e:84:4e:18:a3:ef:
                    3a:e3:be:43:71:00:e4:06:bc:1c:b5:e1:81:cf:bf:
                    42:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:85:C4:8D:74:99:5E:4F:20:1A:87:8A:4A:99:DA:B6:5C:D2:91:4F
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/5oXEjXSZXk8gGoeKSpnatlzSkU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.81.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:96:c2:05:05:0a:15:3a:52:94:50:d9:77:9d:91:45:64:b7:
         b8:df:79:01:f8:d7:67:79:e2:3d:2d:09:1f:9f:37:20:33:1c:
         65:85:44:d7:38:56:5f:d9:00:bc:bd:f4:ea:b9:32:04:ee:df:
         9f:ca:db:7f:ab:29:85:63:7a:ed:fc:e9:a8:28:29:45:46:0d:
         ce:9c:41:5b:d8:17:aa:c3:ef:8a:2c:ec:6e:95:09:98:f6:0c:
         cd:46:46:2a:59:3c:e8:33:ac:0b:b9:98:97:c4:b6:9c:4d:83:
         7b:8a:2d:0b:7d:93:ed:6d:cf:20:e0:13:a8:5c:ea:8d:53:6c:
         6a:0d:28:92:57:93:02:9f:3f:59:1a:de:60:5f:2d:7f:a9:1a:
         23:9b:50:ad:e0:e2:66:46:0e:91:b3:20:9c:95:44:67:ec:79:
         e5:01:e4:12:dc:62:ea:ce:3e:48:25:84:61:34:51:8e:8c:5d:
         8b:20:d3:8a:79:fc:fa:7e:8d:97:8e:0f:8c:de:33:51:20:69:
         25:0a:02:e9:f3:a8:3d:21:85:be:72:07:c3:ae:a6:f2:4c:8c:
         35:cc:f1:b9:2d:64:29:13:31:b3:31:e6:f8:e0:2b:47:42:06:
         c8:cf:be:de:cb:47:cc:d2:c8:eb:5d:5f:e6:48:52:39:58:ad:
         e4:09:5b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOy40lFS5wQJZcaoszVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjg1YzQ4ZDc0OTk1ZTRmMjAxYTg3OGE0YTk5ZGFiNjVjZDI5MTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkG7ebAMgYF68mZhGC3bDXa8NGvbF
A+GVaBUqQGXUuK66c3cIkZs7IszaAtP2JWl9pSHDwea/gavtEhIYAroSLjhpRLNL
w+vBzW5XG8vrZyFzDaOhlIb4A/T1r6Lh0WUjWIs+hG47DJ5YN5cDmFE5KmHXPWMN
+nE6NfYIHNYdXwEhFcrnFLwpGD4uO9/Fh2+yxl57JTqFAFRWHHb3Fm6DogCBOTR7
NRrmrW5Y1NjsQrCJ75Q0k56PMfG1+CWUahoYporwRUf5E6XcjsGx/KSXdmVJO1Vr
I/K2bMebEriSELa2lfJJH2BMqmiehE4Yo+86475DcQDkBrwcteGBz79CZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaFxI10mV5PIBqHikqZ2rZc0pFPMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvNW9YRWpYU1pYazhnR29lS1NwbmF0bHpTa1U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUlFdMA0G
CSqGSIb3DQEBCwUAA4IBAQCMlsIFBQoVOlKUUNl3nZFFZLe433kB+NdneeI9LQkf
nzcgMxxlhUTXOFZf2QC8vfTquTIE7t+fytt/qymFY3rt/OmoKClFRg3OnEFb2Beq
w++KLOxulQmY9gzNRkYqWTzoM6wLuZiXxLacTYN7ii0LfZPtbc8g4BOoXOqNU2xq
DSiSV5MCnz9ZGt5gXy1/qRojm1Ct4OJmRg6RsyCclURn7HnlAeQS3GLqzj5IJYRh
NFGOjF2LINOKefz6fo2Xjg+M3jNRIGklCgLp86g9IYW+cgfDrqbyTIw1zPG5LWQp
EzGzMeb44CtHQgbIz77ey0fM0sjrXV/mSFI5WK3kCVvU
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:54:22 2024 by rpki-client on console-ams.rpki-client.org