Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/exnhpS71_noQuX7RFVlpAgHT_u8.roa
File:                     exnhpS71_noQuX7RFVlpAgHT_u8.roa (raw, json)
Hash identifier:          OUenkFwfcWxSdkyt2oPTOEKtg6MEcOMEwU0PNi7n7OM=
Subject key identifier:   7B:19:E1:A5:2E:F5:FE:7A:10:B9:7E:D1:15:59:69:02:01:D3:FE:EF
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B7360AE13ECCE1B7C1929D608677D7
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/exnhpS71_noQuX7RFVlpAgHT_u8.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31629
IP address blocks:        81.255.154.0/23 maxlen: 24
                          81.255.154.0/24 maxlen: 24
                          81.255.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:0a:e1:3e:cc:e1:b7:c1:92:9d:60:86:77:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b19e1a52ef5fe7a10b97ed11559690201d3feef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:10:85:28:0e:90:f9:03:9f:ea:d7:77:e4:10:
                    73:27:3a:2b:e3:5c:af:54:05:df:76:cf:4f:1e:89:
                    08:0a:63:55:bd:cd:3e:8e:eb:5a:64:7e:4f:9f:33:
                    b2:f6:cd:1f:0e:cf:d0:4c:29:72:6b:c2:19:29:03:
                    b9:5d:a4:a5:e2:27:a3:ea:c9:43:ba:3d:9a:d8:06:
                    c4:3a:f0:57:5d:6d:0e:00:4b:ce:12:83:92:53:56:
                    f3:4b:fd:f7:f8:39:e6:3e:40:6e:73:7d:68:5e:16:
                    1d:b7:04:11:0d:ea:2c:09:c5:d5:d0:f2:e9:e5:77:
                    d8:9f:85:73:57:78:9e:79:a9:bb:08:fc:76:fb:a3:
                    c6:57:05:6f:1c:27:ba:16:5c:ba:f4:9c:a6:a2:c3:
                    ff:8a:c8:11:ab:ad:91:73:ef:b2:b1:dd:8b:df:09:
                    b4:d2:74:96:a5:13:3f:c9:e7:05:83:27:cb:34:68:
                    18:fd:44:52:d5:fd:b1:04:2e:aa:0c:98:55:9c:5a:
                    d7:2d:59:95:40:bc:c2:68:4b:e9:e6:32:f9:cc:f6:
                    7f:77:9d:32:31:de:6e:78:23:80:49:22:05:aa:82:
                    28:ba:4b:e6:56:fe:cc:6c:a5:bc:f5:91:77:13:e0:
                    a8:c5:4a:58:80:61:30:96:d0:20:04:d3:21:83:0d:
                    94:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:19:E1:A5:2E:F5:FE:7A:10:B9:7E:D1:15:59:69:02:01:D3:FE:EF
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/exnhpS71_noQuX7RFVlpAgHT_u8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.255.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:0c:df:99:80:1f:f7:4d:69:3b:fe:74:a7:39:f7:5a:30:93:
         4d:0b:06:94:39:0b:ad:69:36:c1:d0:ba:3f:ad:81:d7:16:fa:
         44:b7:3b:12:6f:08:96:18:93:bf:a3:2c:b5:56:d7:63:d1:80:
         03:ff:e2:88:02:05:04:25:5c:a6:70:fa:08:a2:4d:07:01:e4:
         b7:49:fd:fc:a0:df:82:0a:80:e3:b5:8d:ce:4c:c8:2d:9c:4f:
         80:44:de:77:17:70:09:2b:cc:0e:18:79:35:15:95:ed:3a:18:
         76:33:80:dc:ae:94:4b:f4:17:64:54:91:87:b8:1d:a9:ce:af:
         2c:f9:52:88:b3:64:f7:8d:50:fb:a5:c6:f1:91:0c:76:ad:9a:
         59:e0:1e:4d:bd:32:a9:56:f4:53:18:f3:18:7d:ad:8c:3b:bb:
         76:6c:7f:15:b9:87:47:bd:b3:2a:a3:69:1a:0d:6a:fb:ec:27:
         89:eb:3d:fb:ec:38:a6:97:02:9d:92:32:0a:9e:64:33:24:8c:
         b4:b5:f8:bf:2a:f5:ec:b1:0f:6c:3a:c8:0b:ff:4b:25:e2:36:
         66:40:2e:43:c7:05:5e:c8:bd:c8:3a:ec:a4:37:e9:ab:55:6b:
         17:55:4d:40:be:39:91:df:a6:d1:58:7a:91:b7:18:8b:5f:02:
         6c:5d:45:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzYK4T7M4bfBkp1ghnfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE5ZTFhNTJlZjVmZTdhMTBiOTdlZDExNTU5NjkwMjAxZDNmZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhCFKA6Q+QOf6td35BBzJzor41yv
VAXfds9PHokICmNVvc0+jutaZH5PnzOy9s0fDs/QTClya8IZKQO5XaSl4iej6slD
uj2a2AbEOvBXXW0OAEvOEoOSU1bzS/33+DnmPkBuc31oXhYdtwQRDeosCcXV0PLp
5XfYn4VzV3ieeam7CPx2+6PGVwVvHCe6Fly69JymosP/isgRq62Rc++ysd2L3wm0
0nSWpRM/yecFgyfLNGgY/URS1f2xBC6qDJhVnFrXLVmVQLzCaEvp5jL5zPZ/d50y
Md5ueCOASSIFqoIoukvmVv7MbKW89ZF3E+CoxUpYgGEwltAgBNMhgw2UKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsZ4aUu9f56ELl+0RVZaQIB0/7vMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvZXhuaHBTNzFfbm9RdVg3UkZWbHBBZ0hUX3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUf+aMA0G
CSqGSIb3DQEBCwUAA4IBAQCwDN+ZgB/3TWk7/nSnOfdaMJNNCwaUOQutaTbB0Lo/
rYHXFvpEtzsSbwiWGJO/oyy1Vtdj0YAD/+KIAgUEJVymcPoIok0HAeS3Sf38oN+C
CoDjtY3OTMgtnE+ARN53F3AJK8wOGHk1FZXtOhh2M4DcrpRL9BdkVJGHuB2pzq8s
+VKIs2T3jVD7pcbxkQx2rZpZ4B5NvTKpVvRTGPMYfa2MO7t2bH8VuYdHvbMqo2ka
DWr77CeJ6z377DimlwKdkjIKnmQzJIy0tfi/KvXssQ9sOsgL/0sl4jZmQC5DxwVe
yL3IOuykN+mrVWsXVU1AvjmR36bRWHqRtxiLXwJsXUWA
-----END CERTIFICATE-----