Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/3jJ82HVPslTsoQ3Zek0YPT1_Qqg.roa
File:                     3jJ82HVPslTsoQ3Zek0YPT1_Qqg.roa (raw, json)
Hash identifier:          yFGb5rj40EYonlA7/wN6HRVnV9+uU8Q5NT5SowJubSo=
Subject key identifier:   DE:32:7C:D8:75:4F:B2:54:EC:A1:0D:D9:7A:4D:18:3D:3D:7F:42:A8
Certificate issuer:       /CN=185a2f67d245cba9518b017061a71692ee79e7ff
Certificate serial:       018CC64B844042F7801FC645B1510125A037
Authority key identifier: 18:5A:2F:67:D2:45:CB:A9:51:8B:01:70:61:A7:16:92:EE:79:E7:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GFovZ9JFy6lRiwFwYacWku555_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/3jJ82HVPslTsoQ3Zek0YPT1_Qqg.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213273
IP address blocks:        81.163.192.0/23 maxlen: 23
                          81.163.194.0/24 maxlen: 24
                          2a13:1a81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/GFovZ9JFy6lRiwFwYacWku555_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/GFovZ9JFy6lRiwFwYacWku555_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GFovZ9JFy6lRiwFwYacWku555_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:84:40:42:f7:80:1f:c6:45:b1:51:01:25:a0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=185a2f67d245cba9518b017061a71692ee79e7ff
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de327cd8754fb254eca10dd97a4d183d3d7f42a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:21:80:fa:01:9e:ee:f4:23:90:6e:a5:aa:47:
                    00:ac:fb:0d:86:0b:06:61:7d:bb:59:e3:d8:cf:38:
                    36:2b:4c:1c:80:75:7b:26:81:2d:61:6a:ca:74:93:
                    fd:4c:43:9c:38:c3:a0:5e:68:e2:66:99:69:11:f2:
                    49:cc:80:ea:47:62:d9:69:cd:88:80:32:d1:da:2c:
                    91:98:6b:a8:e3:57:f0:bb:6e:47:ab:16:86:e2:f2:
                    c8:96:68:e4:da:f6:d1:f8:3e:ac:e7:54:a1:01:a9:
                    55:e7:38:59:6e:75:2e:e2:30:5c:df:7f:8f:29:d0:
                    ed:d1:80:ab:79:d7:c1:52:71:b6:ce:7d:61:2a:e7:
                    9b:39:b3:80:aa:ca:c1:a5:22:2f:b1:86:3e:a0:21:
                    b7:96:0c:2f:82:75:b6:85:e0:14:90:85:29:97:1f:
                    bc:ab:58:de:30:74:38:da:5f:1c:9c:26:2b:70:a2:
                    28:9e:b9:58:c4:a8:32:f4:68:6f:8b:3b:4d:4f:4a:
                    bf:e5:df:a4:22:bc:84:40:14:23:d9:2a:37:da:ba:
                    88:ee:9f:14:1a:a0:bd:ec:82:44:bb:a2:5e:f3:68:
                    d8:1c:52:ce:b7:3b:76:26:bb:0a:af:3c:d5:a5:81:
                    90:1c:5e:da:02:47:80:3b:50:a2:16:ce:05:ad:db:
                    0a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:32:7C:D8:75:4F:B2:54:EC:A1:0D:D9:7A:4D:18:3D:3D:7F:42:A8
            X509v3 Authority Key Identifier:
                keyid:18:5A:2F:67:D2:45:CB:A9:51:8B:01:70:61:A7:16:92:EE:79:E7:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GFovZ9JFy6lRiwFwYacWku555_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/3jJ82HVPslTsoQ3Zek0YPT1_Qqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/GFovZ9JFy6lRiwFwYacWku555_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.163.192.0-81.163.194.255
                IPv6:
                  2a13:1a81::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:24:db:9c:d4:d1:f6:67:e5:86:23:19:73:c7:ad:26:4a:da:
         f5:d4:9c:ee:08:95:f3:61:76:06:fc:50:01:6c:48:8b:ae:40:
         4c:2b:95:7e:5b:52:c4:b4:14:13:75:ab:01:dd:66:b8:15:78:
         04:46:39:2b:94:bd:f0:28:41:7e:7a:85:20:15:97:97:d0:69:
         df:e3:d0:09:7c:95:2a:97:b8:b2:5a:15:f9:b0:bb:3d:1d:b9:
         16:0f:53:cd:6d:c3:e2:0a:a8:2f:83:f7:54:0c:c7:da:88:60:
         c3:64:cd:4a:05:5b:67:48:23:81:bc:3b:c6:10:e2:e5:79:f4:
         3e:83:c4:19:76:2d:02:54:89:c3:a0:e3:e0:8f:ba:61:3f:ba:
         96:dc:02:a4:32:75:24:30:b1:ad:ee:17:fa:05:3d:ff:b7:70:
         98:57:e3:d0:33:0e:f3:2f:05:5c:dc:9b:af:a1:30:bb:90:0d:
         11:df:b3:51:95:60:e0:60:5d:2b:26:0a:9a:79:5f:1a:cb:5f:
         98:66:cd:2a:43:bc:fb:a3:56:89:45:8a:b9:dc:b8:4b:d3:d4:
         38:63:f3:b9:fc:eb:85:42:10:07:22:8b:3d:a1:fc:28:25:4a:
         80:a4:22:c0:3e:1b:78:6d:6b:a3:f7:51:36:0d:14:2c:b5:f9:
         f2:2e:9a:04
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGS4RAQveAH8ZFsVEBJaA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NWEyZjY3ZDI0NWNiYTk1MThiMDE3MDYxYTcxNjkyZWU3
OWU3ZmYwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTMyN2NkODc1NGZiMjU0ZWNhMTBkZDk3YTRkMTgzZDNkN2Y0MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSGA+gGe7vQjkG6lqkcArPsNhgsG
YX27WePYzzg2K0wcgHV7JoEtYWrKdJP9TEOcOMOgXmjiZplpEfJJzIDqR2LZac2I
gDLR2iyRmGuo41fwu25HqxaG4vLIlmjk2vbR+D6s51ShAalV5zhZbnUu4jBc33+P
KdDt0YCredfBUnG2zn1hKuebObOAqsrBpSIvsYY+oCG3lgwvgnW2heAUkIUplx+8
q1jeMHQ42l8cnCYrcKIonrlYxKgy9GhviztNT0q/5d+kIryEQBQj2So32rqI7p8U
GqC97IJEu6Je82jYHFLOtzt2JrsKrzzVpYGQHF7aAkeAO1CiFs4FrdsKuwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFN4yfNh1T7JU7KEN2XpNGD09f0KoMB8GA1UdIwQY
MBaAFBhaL2fSRcupUYsBcGGnFpLueef/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0Zvdlo5SkZ5NmxSaXdGd1lhY1drdTU1NV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kNTU5ODgtNDJkMi00MjA2LTk1YTkt
YmIwMThjZmJlYWEyLzEvM2pKODJIVlBzbFRzb1EzWmVrMFlQVDFfUXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kNTU5ODgtNDJkMi00MjA2LTk1YTktYmIwMThjZmJlYWEy
LzEvR0Zvdlo5SkZ5NmxSaXdGd1lhY1drdTU1NV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAZRo8AD
BABRo8IwDQQCAAIwBwMFACoTGoEwDQYJKoZIhvcNAQELBQADggEBAAkk25zU0fZn
5YYjGXPHrSZK2vXUnO4IlfNhdgb8UAFsSIuuQEwrlX5bUsS0FBN1qwHdZrgVeARG
OSuUvfAoQX56hSAVl5fQad/j0Al8lSqXuLJaFfmwuz0duRYPU81tw+IKqC+D91QM
x9qIYMNkzUoFW2dII4G8O8YQ4uV59D6DxBl2LQJUicOg4+CPumE/upbcAqQydSQw
sa3uF/oFPf+3cJhX49AzDvMvBVzcm6+hMLuQDRHfs1GVYOBgXSsmCpp5XxrLX5hm
zSpDvPujVolFirncuEvT1Dhj87n864VCEAciiz2h/CglSoCkIsA+G3hta6P3UTYN
FCy1+fIumgQ=
-----END CERTIFICATE-----