Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/3Evq9XohP7CBt0n9iwCHdukvPbI.roa
File:                     3Evq9XohP7CBt0n9iwCHdukvPbI.roa (raw, json)
Hash identifier:          /8me4XcJRxlitRmvA0Pvg4Ou2F62YaEI2vOOw7enPzg=
Subject key identifier:   DC:4B:EA:F5:7A:21:3F:B0:81:B7:49:FD:8B:00:87:76:E9:2F:3D:B2
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       0191A818CA945588E55FDED1B47356A4DA60
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/3Evq9XohP7CBt0n9iwCHdukvPbI.roa
Signing time:             Sat 31 Aug 2024 11:01:22 +0000
ROA not before:           Sat 31 Aug 2024 11:01:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        81.199.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a8:18:ca:94:55:88:e5:5f:de:d1:b4:73:56:a4:da:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Aug 31 11:01:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc4beaf57a213fb081b749fd8b008776e92f3db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f0:74:ac:2c:36:bb:90:32:96:db:fc:b3:6f:
                    d9:dc:ca:63:d7:e9:8a:f5:09:f3:e0:3c:b8:0b:d8:
                    f6:06:0a:68:74:7a:a3:01:b9:19:8c:80:8e:08:f3:
                    de:fa:cd:d8:45:30:6e:b6:f5:d7:9c:5e:fb:e6:30:
                    d3:ef:3d:0e:d9:1c:73:0c:70:d9:b6:e9:3c:e3:da:
                    fc:87:72:3b:7c:f9:48:5b:55:22:4d:2b:55:4c:e0:
                    9a:8f:b6:cd:ea:7e:03:02:f4:f1:27:9a:60:46:a4:
                    68:32:3d:9f:61:71:d1:c8:66:16:88:b5:6c:03:6c:
                    1f:4a:8e:9b:33:73:8e:45:09:44:8d:44:68:2e:f9:
                    bb:a2:8f:20:69:88:c9:b3:77:0b:6d:d9:81:d5:ae:
                    9d:e4:19:d6:16:e8:f2:cf:14:6b:a0:59:ae:57:76:
                    8d:0a:f7:2e:3b:1f:fc:ce:58:ec:d3:eb:01:6c:03:
                    f3:64:0c:ee:6f:d6:13:fd:dc:f1:aa:47:8f:c7:aa:
                    85:a9:e2:9d:45:35:68:7a:2b:d0:78:fa:55:51:3d:
                    e5:b6:77:19:5c:5a:c7:dd:17:fa:1a:9e:3d:33:25:
                    09:ba:12:98:da:90:2d:10:aa:7d:1a:fb:de:3b:fe:
                    6d:56:2e:9b:88:83:61:2c:f2:84:9a:91:b5:8b:d1:
                    d4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:4B:EA:F5:7A:21:3F:B0:81:B7:49:FD:8B:00:87:76:E9:2F:3D:B2
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/3Evq9XohP7CBt0n9iwCHdukvPbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:39:a0:4a:1a:14:cb:46:90:41:07:a7:bb:30:5e:01:32:78:
         4f:cd:fc:62:73:a1:03:11:b4:e3:77:53:db:28:f2:50:55:2c:
         54:a1:01:8c:b6:99:c4:97:45:f8:c9:bc:2b:f4:48:87:dd:07:
         3d:95:a4:8e:51:7c:ea:bb:41:7e:98:b3:57:6a:98:83:0e:15:
         54:2f:f9:e8:0d:35:92:fd:c1:8e:46:c7:be:83:47:92:a1:96:
         02:88:8d:e4:bd:13:16:99:00:57:13:58:03:01:b6:83:36:6b:
         32:e8:53:fc:9d:d4:85:1e:73:18:38:26:0c:11:17:0d:5c:d7:
         89:78:6f:ed:47:48:d4:97:0b:93:0f:3c:04:4f:b5:2f:1f:bd:
         cd:45:89:59:b8:ea:d4:19:e4:99:17:92:c3:b5:33:46:00:15:
         bf:47:62:ea:66:32:35:82:3a:19:11:0a:1e:49:59:b6:e5:ad:
         57:0d:b3:72:ca:c0:a1:d3:c4:2b:24:76:80:b0:24:48:b9:ad:
         0d:cc:9e:f8:2f:5f:b2:ff:75:ee:57:06:46:de:c0:2c:3f:c9:
         88:04:21:ed:cd:b7:4b:1c:9a:75:ae:c3:fa:a7:7f:b1:54:3d:
         ed:99:7f:81:65:43:1c:d5:6d:2c:8c:1e:09:08:85:46:0f:60:
         2a:4b:ac:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGoGMqUVYjlX97RtHNWpNpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjQwODMxMTEwMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzRiZWFmNTdhMjEzZmIwODFiNzQ5ZmQ4YjAwODc3NmU5MmYzZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPB0rCw2u5Ayltv8s2/Z3Mpj1+mK
9Qnz4Dy4C9j2BgpodHqjAbkZjICOCPPe+s3YRTButvXXnF775jDT7z0O2RxzDHDZ
tuk849r8h3I7fPlIW1UiTStVTOCaj7bN6n4DAvTxJ5pgRqRoMj2fYXHRyGYWiLVs
A2wfSo6bM3OORQlEjURoLvm7oo8gaYjJs3cLbdmB1a6d5BnWFujyzxRroFmuV3aN
CvcuOx/8zljs0+sBbAPzZAzub9YT/dzxqkePx6qFqeKdRTVoeivQePpVUT3ltncZ
XFrH3Rf6Gp49MyUJuhKY2pAtEKp9GvveO/5tVi6biINhLPKEmpG1i9HUTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxL6vV6IT+wgbdJ/YsAh3bpLz2yMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvM0V2cTlYb2hQN0NCdDBuOWl3Q0hkdWt2UGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcccMA0G
CSqGSIb3DQEBCwUAA4IBAQCaOaBKGhTLRpBBB6e7MF4BMnhPzfxic6EDEbTjd1Pb
KPJQVSxUoQGMtpnEl0X4ybwr9EiH3Qc9laSOUXzqu0F+mLNXapiDDhVUL/noDTWS
/cGORse+g0eSoZYCiI3kvRMWmQBXE1gDAbaDNmsy6FP8ndSFHnMYOCYMERcNXNeJ
eG/tR0jUlwuTDzwET7UvH73NRYlZuOrUGeSZF5LDtTNGABW/R2LqZjI1gjoZEQoe
SVm25a1XDbNyysCh08QrJHaAsCRIua0NzJ74L1+y/3XuVwZG3sAsP8mIBCHtzbdL
HJp1rsP6p3+xVD3tmX+BZUMc1W0sjB4JCIVGD2AqS6wt
-----END CERTIFICATE-----