Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/xiZp6eivWb7x_d9W-WC8kwhVWsI.roa
File:                     xiZp6eivWb7x_d9W-WC8kwhVWsI.roa (raw, json)
Hash identifier:          GvxU73beqXLMBxGmaGGngexgQ65uQMfsvmeuizGIl8o=
Subject key identifier:   C6:26:69:E9:E8:AF:59:BE:F1:FD:DF:56:F9:60:BC:93:08:55:5A:C2
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BDE38FE5F4963DEED4CF095FA2A3
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/xiZp6eivWb7x_d9W-WC8kwhVWsI.roa
Signing time:             Wed 01 Jan 2025 19:48:39 +0000
ROA not before:           Wed 01 Jan 2025 19:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60506
IP address blocks:        81.199.24.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:bd:e3:8f:e5:f4:96:3d:ee:d4:cf:09:5f:a2:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c62669e9e8af59bef1fddf56f960bc9308555ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:95:db:0c:f4:dc:4d:18:1b:6b:e5:b5:65:77:
                    ee:03:f7:30:66:ea:4f:4e:ee:2d:97:af:44:44:64:
                    7d:7f:22:2e:20:58:ce:37:e2:e8:32:a1:c0:bf:05:
                    ac:86:4d:50:d8:01:0a:86:90:a5:fd:20:6d:98:31:
                    65:1f:ab:06:1e:8b:36:18:96:ac:a1:8b:73:54:62:
                    50:13:88:a1:a7:3b:ee:38:a9:c9:c5:08:56:3a:2c:
                    7e:d3:a1:48:a0:82:d2:7c:99:40:8c:e7:39:5b:4b:
                    43:ca:20:83:14:c6:b7:da:9c:0d:73:df:63:2e:06:
                    81:0a:6c:bd:57:b5:06:16:d4:4f:1b:ef:13:90:4b:
                    7b:d7:2f:be:33:85:07:92:38:5c:a5:74:81:e7:00:
                    8e:a3:f5:9f:57:27:62:92:62:00:32:56:99:c1:f5:
                    3a:20:13:86:19:7b:89:25:72:d7:74:0f:20:24:52:
                    11:f8:16:5c:a7:a2:4d:91:cf:ff:88:02:9d:bc:d3:
                    d8:4c:3a:7c:b5:dd:a0:2e:fd:d5:d2:ba:a4:99:95:
                    71:55:74:8e:8d:82:ed:1e:fc:75:bc:93:5d:e4:4f:
                    18:53:9b:e6:15:69:ec:73:7c:13:7f:98:30:b8:18:
                    59:23:2c:c4:31:a6:2e:ce:12:86:9e:ad:53:f8:ee:
                    19:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:26:69:E9:E8:AF:59:BE:F1:FD:DF:56:F9:60:BC:93:08:55:5A:C2
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/xiZp6eivWb7x_d9W-WC8kwhVWsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:c9:0b:41:4b:7e:5e:3d:00:dd:dd:b3:f9:7b:5d:77:98:ec:
         b3:4e:98:27:7e:a7:d3:c6:e1:8d:c5:97:8a:ed:a3:46:6d:ad:
         c5:34:5a:f3:ef:64:da:65:8d:44:31:a8:29:da:43:48:86:78:
         cd:3b:97:c2:60:91:9f:8b:f3:3a:fd:66:84:db:6b:5c:74:3f:
         b5:b5:09:8b:1f:41:d8:27:4c:e5:3a:ab:1e:b2:31:e1:89:d6:
         e7:0b:51:37:91:ba:f3:d8:06:4d:59:25:21:6e:a6:dd:70:3a:
         72:11:3a:1f:d8:48:53:33:e8:f7:ba:e0:be:2f:c3:84:7e:24:
         83:97:95:d1:98:3c:ad:1a:66:ad:99:a0:25:6d:48:4a:57:3b:
         f8:f0:e8:77:93:49:7b:30:f2:be:a4:0a:62:19:ad:b9:de:22:
         ef:e3:41:a9:c2:99:9c:07:f1:c7:e5:55:f7:05:7a:43:2b:3f:
         4d:21:22:55:be:d1:48:b0:d4:75:39:59:e7:cc:03:46:cc:ab:
         13:6e:c3:ab:fe:e7:83:dc:88:99:dd:71:9f:a4:6d:5a:e9:5f:
         1a:36:db:8c:0b:94:f0:2b:19:8a:d6:24:9a:54:01:81:b2:78:
         36:00:e1:60:9a:32:43:3c:16:6b:4c:88:e9:0a:cd:b5:25:95:
         73:5b:77:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjab3jj+X0lj3u1M8JX6KjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjI2NjllOWU4YWY1OWJlZjFmZGRmNTZmOTYwYmM5MzA4NTU1YWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5XbDPTcTRgba+W1ZXfuA/cwZupP
Tu4tl69ERGR9fyIuIFjON+LoMqHAvwWshk1Q2AEKhpCl/SBtmDFlH6sGHos2GJas
oYtzVGJQE4ihpzvuOKnJxQhWOix+06FIoILSfJlAjOc5W0tDyiCDFMa32pwNc99j
LgaBCmy9V7UGFtRPG+8TkEt71y++M4UHkjhcpXSB5wCOo/WfVydikmIAMlaZwfU6
IBOGGXuJJXLXdA8gJFIR+BZcp6JNkc//iAKdvNPYTDp8td2gLv3V0rqkmZVxVXSO
jYLtHvx1vJNd5E8YU5vmFWnsc3wTf5gwuBhZIyzEMaYuzhKGnq1T+O4Z4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYmaenor1m+8f3fVvlgvJMIVVrCMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEveGlacDZlaXZXYjd4X2Q5Vy1XQzhrd2hWV3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUccYMA0G
CSqGSIb3DQEBCwUAA4IBAQC0yQtBS35ePQDd3bP5e113mOyzTpgnfqfTxuGNxZeK
7aNGba3FNFrz72TaZY1EMagp2kNIhnjNO5fCYJGfi/M6/WaE22tcdD+1tQmLH0HY
J0zlOqsesjHhidbnC1E3kbrz2AZNWSUhbqbdcDpyETof2EhTM+j3uuC+L8OEfiSD
l5XRmDytGmatmaAlbUhKVzv48Oh3k0l7MPK+pApiGa253iLv40GpwpmcB/HH5VX3
BXpDKz9NISJVvtFIsNR1OVnnzANGzKsTbsOr/ueD3IiZ3XGfpG1a6V8aNtuMC5Tw
KxmK1iSaVAGBsng2AOFgmjJDPBZrTIjpCs21JZVzW3d+
-----END CERTIFICATE-----