Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/3x820wyZWrDiS3CsJvGU-Fnk2Oc.roa
File:                     3x820wyZWrDiS3CsJvGU-Fnk2Oc.roa (raw, json)
Hash identifier:          gLMpSko9qA6WULzOaWzi/YjWjkZceZYIkjjTjLzG9FA=
Subject key identifier:   DF:1F:36:D3:0C:99:5A:B0:E2:4B:70:AC:26:F1:94:F8:59:E4:D8:E7
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       018CC802672D46515094B9B48E406B772750
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/3x820wyZWrDiS3CsJvGU-Fnk2Oc.roa
Signing time:             Tue 02 Jan 2024 02:30:49 +0000
ROA not before:           Tue 02 Jan 2024 02:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210030
IP address blocks:        84.54.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:67:2d:46:51:50:94:b9:b4:8e:40:6b:77:27:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan  2 02:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df1f36d30c995ab0e24b70ac26f194f859e4d8e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c3:1b:6f:dd:2e:65:7a:4d:60:ee:66:57:8a:
                    47:1b:bb:af:8d:f6:43:89:6b:d3:0e:2f:6b:f7:81:
                    93:b7:59:08:9d:35:c3:cf:75:29:fe:55:b5:bc:3d:
                    cf:50:f6:55:23:89:53:b2:a7:2d:cb:88:b3:85:9a:
                    bf:53:7e:ed:bf:f4:5d:16:ac:9c:a6:a0:f5:b1:d2:
                    bd:39:86:79:06:c3:85:75:87:af:18:e0:6b:0a:9e:
                    d2:10:95:b8:c3:bb:4e:04:5e:cf:4d:e7:30:aa:97:
                    2d:5e:7c:8d:5f:0a:aa:90:09:e1:47:48:a2:6a:3e:
                    de:7d:01:a4:0a:a0:36:2f:3a:38:b9:c9:22:8e:ce:
                    b9:84:34:ff:63:85:97:d7:28:68:84:f1:69:0d:c8:
                    fd:51:a8:78:60:28:8d:4a:1e:06:e4:83:c9:55:91:
                    76:d1:ca:aa:b6:a9:b5:78:c9:10:b8:00:97:ca:34:
                    88:95:e6:2f:10:04:f9:78:41:e8:53:f5:6f:56:1e:
                    cc:76:43:26:4e:2b:ce:07:fb:cd:e1:c9:e3:52:91:
                    2d:80:6c:eb:66:d4:f8:97:16:83:de:80:5e:3a:3b:
                    40:51:b3:dd:22:77:75:60:f5:f3:ee:7f:48:de:e5:
                    c8:29:31:0c:d2:a4:84:ca:de:d8:93:80:f5:18:1b:
                    f4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1F:36:D3:0C:99:5A:B0:E2:4B:70:AC:26:F1:94:F8:59:E4:D8:E7
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/3x820wyZWrDiS3CsJvGU-Fnk2Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:31:9b:51:17:36:e4:f5:1d:b7:f4:b0:8c:04:1f:a3:cf:56:
         54:09:58:17:a4:88:ee:78:e4:69:ac:29:ab:f5:5f:a7:05:91:
         1e:da:73:14:6e:31:ef:47:f7:12:3d:f4:c0:c2:c3:60:ad:f2:
         f8:6d:81:d2:32:22:9c:48:12:cb:29:02:8f:22:a9:b5:4f:3a:
         78:a5:29:da:d0:94:f2:ea:41:b6:5c:b4:15:6b:c5:63:ef:44:
         9d:20:43:9c:fe:61:b3:f3:42:d1:ea:5f:68:26:7c:06:84:00:
         80:af:c7:23:97:ff:e7:18:84:fe:d4:ed:2a:06:ca:d5:f3:5f:
         e3:93:95:6f:73:5f:1d:1f:f4:fe:43:33:9a:5b:cc:11:fe:12:
         d3:28:6f:8b:e0:52:86:0b:5d:d5:2e:08:5c:5a:23:19:44:33:
         8e:72:47:05:80:00:24:9c:bc:f7:5f:19:3b:3f:f4:69:49:55:
         5d:f7:ad:e1:d0:f5:41:55:75:87:35:fc:36:f9:81:4b:d8:66:
         1a:4f:c4:c1:eb:2f:32:cc:74:42:82:b6:26:33:51:2d:21:2b:
         76:d1:e8:79:24:a9:d7:99:1e:21:0c:65:65:c5:9c:de:70:2b:
         eb:f1:b3:63:0b:c8:f4:cc:0a:0a:9e:b1:4b:ea:78:e3:70:f8:
         f9:04:ca:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAmctRlFQlLm0jkBrdydQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwMTAyMDIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFmMzZkMzBjOTk1YWIwZTI0YjcwYWMyNmYxOTRmODU5ZTRkOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8Mbb90uZXpNYO5mV4pHG7uvjfZD
iWvTDi9r94GTt1kInTXDz3Up/lW1vD3PUPZVI4lTsqcty4izhZq/U37tv/RdFqyc
pqD1sdK9OYZ5BsOFdYevGOBrCp7SEJW4w7tOBF7PTecwqpctXnyNXwqqkAnhR0ii
aj7efQGkCqA2Lzo4uckijs65hDT/Y4WX1yhohPFpDcj9Uah4YCiNSh4G5IPJVZF2
0cqqtqm1eMkQuACXyjSIleYvEAT5eEHoU/VvVh7MdkMmTivOB/vN4cnjUpEtgGzr
ZtT4lxaD3oBeOjtAUbPdInd1YPXz7n9I3uXIKTEM0qSEyt7Yk4D1GBv0bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8fNtMMmVqw4ktwrCbxlPhZ5NjnMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvM3g4MjB3eVpXckRpUzNDc0p2R1UtRm5rMk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDYgMA0G
CSqGSIb3DQEBCwUAA4IBAQCmMZtRFzbk9R239LCMBB+jz1ZUCVgXpIjueORprCmr
9V+nBZEe2nMUbjHvR/cSPfTAwsNgrfL4bYHSMiKcSBLLKQKPIqm1Tzp4pSna0JTy
6kG2XLQVa8Vj70SdIEOc/mGz80LR6l9oJnwGhACAr8cjl//nGIT+1O0qBsrV81/j
k5Vvc18dH/T+QzOaW8wR/hLTKG+L4FKGC13VLghcWiMZRDOOckcFgAAknLz3Xxk7
P/RpSVVd963h0PVBVXWHNfw2+YFL2GYaT8TB6y8yzHRCgrYmM1EtISt20eh5JKnX
mR4hDGVlxZzecCvr8bNjC8j0zAoKnrFL6njjcPj5BMoz
-----END CERTIFICATE-----