Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Xd6VzOAi6V7JjNCVBpspnpPuEAY.roa
File:                     Xd6VzOAi6V7JjNCVBpspnpPuEAY.roa (raw, json)
Hash identifier:          hKcgr5kZYZ2tbU9Qxc+kSPYR+1/YumASDf5DKWrMhY0=
Subject key identifier:   5D:DE:95:CC:E0:22:E9:5E:C9:8C:D0:95:06:9B:29:9E:93:EE:10:06
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       01922CF508F146D26AA73E70F3781575C15C
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Xd6VzOAi6V7JjNCVBpspnpPuEAY.roa
Signing time:             Thu 26 Sep 2024 06:11:48 +0000
ROA not before:           Thu 26 Sep 2024 06:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        185.191.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2c:f5:08:f1:46:d2:6a:a7:3e:70:f3:78:15:75:c1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Sep 26 06:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dde95cce022e95ec98cd095069b299e93ee1006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8e:5d:99:3c:ad:67:8f:4a:af:11:03:46:e5:
                    8e:89:ff:75:c0:54:14:9d:6d:69:52:40:4c:52:ed:
                    3d:b5:ff:b9:ad:0e:27:a6:40:6d:87:f4:ee:b3:0e:
                    13:57:b4:da:fd:73:82:b7:c0:2c:46:0d:ce:c4:3e:
                    95:af:29:a3:f0:e9:50:2a:dd:b9:7f:6b:2f:77:9d:
                    75:58:e3:bb:cd:f7:52:e2:d0:e2:89:a3:73:b7:91:
                    af:6b:cf:6f:4c:12:d3:bb:77:7e:0a:24:ec:cd:15:
                    50:59:7c:78:24:3a:11:70:d8:85:78:0a:55:5c:3c:
                    45:a8:af:7e:10:ca:7c:c7:1a:62:00:0c:a8:e1:97:
                    1f:3a:9a:e6:6f:04:bb:59:7b:15:50:4a:ea:f8:f4:
                    dd:2f:d3:e0:05:82:cf:da:e2:f4:c5:cf:81:dd:eb:
                    a4:b0:8d:43:85:4a:65:78:5b:b3:1b:fb:83:63:a1:
                    90:fa:39:7e:56:71:b1:2d:53:5e:e6:dc:82:16:dc:
                    73:92:ba:31:85:90:3e:72:f3:eb:3c:70:69:06:00:
                    f6:1a:f9:a1:a1:8f:b5:80:ce:4a:04:c1:4b:a0:c5:
                    8d:42:76:b6:52:82:65:2d:4b:d0:8b:4b:8a:01:76:
                    f4:05:b2:cd:1e:db:14:9e:dd:22:55:78:e8:bf:50:
                    3d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:DE:95:CC:E0:22:E9:5E:C9:8C:D0:95:06:9B:29:9E:93:EE:10:06
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Xd6VzOAi6V7JjNCVBpspnpPuEAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:cf:ac:16:c7:50:2b:33:2f:2a:f1:78:c4:c2:ef:86:20:15:
         15:44:27:a3:62:8c:fd:09:9e:aa:df:d2:81:cd:d3:02:e6:23:
         23:91:25:32:67:04:05:d4:0a:bb:ee:22:19:4e:6d:eb:f5:68:
         a7:12:5f:76:ad:0c:be:04:e5:4c:e0:81:cc:4e:0b:ed:38:f3:
         47:20:8f:77:2c:85:85:9d:8a:14:03:65:c7:64:01:99:88:f7:
         d4:a9:01:82:49:72:52:a0:12:06:c0:02:c4:63:18:40:84:2f:
         3e:fe:f1:58:bf:9f:de:46:c6:9c:c2:80:3d:4c:4c:64:7e:77:
         63:2b:92:ad:c6:19:b7:54:2a:bf:75:38:8c:8d:09:32:d4:9b:
         45:81:da:05:1f:8e:1b:27:17:dd:92:36:64:ee:62:05:b6:29:
         eb:57:b2:2d:e5:62:16:65:6a:cf:64:44:fd:c2:45:2e:e4:3c:
         7c:af:0f:4f:99:33:fd:dc:a8:f2:ba:de:65:a9:c3:a8:39:48:
         37:52:3c:dc:11:b7:d7:67:dc:ea:dc:46:db:76:6b:cb:7f:8b:
         8f:04:8c:ca:b0:c5:46:49:ff:9d:84:d9:44:aa:dc:ae:01:93:
         5c:98:99:5a:46:78:f3:76:c7:59:5e:21:82:a4:03:9b:b8:63:
         08:53:9f:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIs9QjxRtJqpz5w83gVdcFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwOTI2MDYxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGRlOTVjY2UwMjJlOTVlYzk4Y2QwOTUwNjliMjk5ZTkzZWUxMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3o5dmTytZ49KrxEDRuWOif91wFQU
nW1pUkBMUu09tf+5rQ4npkBth/Tusw4TV7Ta/XOCt8AsRg3OxD6Vrymj8OlQKt25
f2svd511WOO7zfdS4tDiiaNzt5Gva89vTBLTu3d+CiTszRVQWXx4JDoRcNiFeApV
XDxFqK9+EMp8xxpiAAyo4ZcfOprmbwS7WXsVUErq+PTdL9PgBYLP2uL0xc+B3euk
sI1DhUpleFuzG/uDY6GQ+jl+VnGxLVNe5tyCFtxzkroxhZA+cvPrPHBpBgD2Gvmh
oY+1gM5KBMFLoMWNQna2UoJlLUvQi0uKAXb0BbLNHtsUnt0iVXjov1A9rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3elczgIuleyYzQlQabKZ6T7hAGMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvWGQ2VnpPQWk2VjdKak5DVkJwc3BucFB1RUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub8VMA0G
CSqGSIb3DQEBCwUAA4IBAQABz6wWx1ArMy8q8XjEwu+GIBUVRCejYoz9CZ6q39KB
zdMC5iMjkSUyZwQF1Aq77iIZTm3r9WinEl92rQy+BOVM4IHMTgvtOPNHII93LIWF
nYoUA2XHZAGZiPfUqQGCSXJSoBIGwALEYxhAhC8+/vFYv5/eRsacwoA9TExkfndj
K5Ktxhm3VCq/dTiMjQky1JtFgdoFH44bJxfdkjZk7mIFtinrV7It5WIWZWrPZET9
wkUu5Dx8rw9PmTP93Kjyut5lqcOoOUg3UjzcEbfXZ9zq3EbbdmvLf4uPBIzKsMVG
Sf+dhNlEqtyuAZNcmJlaRnjzdsdZXiGCpAObuGMIU5/D
-----END CERTIFICATE-----