Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/3o9IELpQCyPrgvjZ4SOcnAUL-EI.roa
File:                     3o9IELpQCyPrgvjZ4SOcnAUL-EI.roa (raw, json)
Hash identifier:          cyeOkr1BBKchKImsapoC045Lto2ZCEZMdQqiB7uVJhc=
Subject key identifier:   DE:8F:48:10:BA:50:0B:23:EB:82:F8:D9:E1:23:9C:9C:05:0B:F8:42
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       018CC94E372AF57A76E9D10B2720383C7576
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/3o9IELpQCyPrgvjZ4SOcnAUL-EI.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139719
IP address blocks:        81.199.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:37:2a:f5:7a:76:e9:d1:0b:27:20:38:3c:75:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de8f4810ba500b23eb82f8d9e1239c9c050bf842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7d:77:c9:93:da:2d:42:a9:36:3d:2b:30:fe:
                    f2:64:28:99:38:fe:83:2d:01:1d:6b:e7:ee:a0:bd:
                    03:7b:c2:50:e1:f7:d3:b2:c9:8d:28:be:d3:ee:31:
                    15:36:37:c2:21:f1:75:ff:3f:0c:0a:b5:c7:2b:a7:
                    d0:06:20:9d:e2:94:45:70:74:8d:7a:0a:ab:1d:37:
                    a9:b3:e5:5f:44:96:69:21:fc:34:e7:7a:8e:fb:a2:
                    fa:d1:4f:c5:e9:94:17:78:25:58:b7:16:24:db:3a:
                    d3:4c:cd:08:d1:ac:bd:3c:21:12:ab:7d:15:c0:cd:
                    ea:42:90:e7:05:74:79:c4:41:23:b7:79:8a:0c:59:
                    ad:6b:6c:63:5a:ec:1d:ec:97:54:37:f4:e9:d1:87:
                    e0:78:55:b6:57:c3:19:de:73:5e:80:df:0a:20:56:
                    6e:b6:16:cf:21:ad:d9:fc:cb:b2:56:5f:1e:a4:b8:
                    1e:59:50:5b:4b:b0:80:6f:84:db:b7:90:9f:e1:ea:
                    0e:4f:1a:85:1b:3e:1a:03:ed:89:4d:7c:f7:5c:f5:
                    47:45:2e:07:80:b9:f4:89:45:fa:2c:27:a8:67:6b:
                    f1:32:a2:10:9d:a4:b2:de:c2:db:a3:8a:25:1f:87:
                    8b:34:be:d7:e5:ea:9d:ec:a0:30:72:93:33:cd:80:
                    4a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8F:48:10:BA:50:0B:23:EB:82:F8:D9:E1:23:9C:9C:05:0B:F8:42
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/3o9IELpQCyPrgvjZ4SOcnAUL-EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:5e:e5:a7:7a:52:9d:bf:59:a3:de:4f:a0:74:10:1f:9a:62:
         29:e6:8f:e1:ce:2b:0f:ab:60:0a:8f:98:fe:6e:e2:56:45:a9:
         94:e3:58:38:85:a2:63:9a:b6:11:55:05:44:99:73:49:48:a8:
         7a:76:c7:a7:5d:cd:2c:97:56:50:74:7b:0a:6f:9d:f2:c9:fe:
         f4:b1:ba:51:0b:ba:83:5e:fa:28:61:2b:cd:0b:cb:cb:e8:c4:
         dd:02:4b:3e:9c:3a:f9:e2:02:74:3a:a4:1f:20:fa:96:98:ac:
         6f:89:83:d3:b2:23:3d:f6:2e:bc:ef:c2:ef:78:8e:4e:2a:6d:
         a2:b8:d4:eb:82:38:30:e4:14:c0:ad:2b:f1:12:88:fd:c9:d0:
         69:77:e4:c7:dc:62:86:78:d5:4d:90:00:b8:60:5e:f9:4c:0b:
         1a:b6:9b:26:52:ab:28:f0:92:0c:eb:d0:32:cc:7f:3e:ee:7a:
         84:82:56:10:9a:24:12:bf:d3:00:7a:41:4d:19:bd:9e:da:e2:
         02:45:63:51:c6:18:74:e5:38:9c:7c:d0:d1:21:74:81:b9:59:
         52:bf:7d:93:15:b8:00:15:84:25:9c:7a:3d:fd:9f:7f:f5:66:
         a4:fd:09:b5:59:bb:26:5f:16:f8:45:89:81:71:d3:d4:f5:e2:
         da:38:b2:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjcq9Xp26dELJyA4PHV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThmNDgxMGJhNTAwYjIzZWI4MmY4ZDllMTIzOWM5YzA1MGJmODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw313yZPaLUKpNj0rMP7yZCiZOP6D
LQEda+fuoL0De8JQ4ffTssmNKL7T7jEVNjfCIfF1/z8MCrXHK6fQBiCd4pRFcHSN
egqrHTeps+VfRJZpIfw053qO+6L60U/F6ZQXeCVYtxYk2zrTTM0I0ay9PCESq30V
wM3qQpDnBXR5xEEjt3mKDFmta2xjWuwd7JdUN/Tp0YfgeFW2V8MZ3nNegN8KIFZu
thbPIa3Z/MuyVl8epLgeWVBbS7CAb4Tbt5Cf4eoOTxqFGz4aA+2JTXz3XPVHRS4H
gLn0iUX6LCeoZ2vxMqIQnaSy3sLbo4olH4eLNL7X5eqd7KAwcpMzzYBKOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6PSBC6UAsj64L42eEjnJwFC/hCMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvM285SUVMcFFDeVByZ3ZqWjRTT2NuQVVMLUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcdyMA0G
CSqGSIb3DQEBCwUAA4IBAQCDXuWnelKdv1mj3k+gdBAfmmIp5o/hzisPq2AKj5j+
buJWRamU41g4haJjmrYRVQVEmXNJSKh6dsenXc0sl1ZQdHsKb53yyf70sbpRC7qD
XvooYSvNC8vL6MTdAks+nDr54gJ0OqQfIPqWmKxviYPTsiM99i6878LveI5OKm2i
uNTrgjgw5BTArSvxEoj9ydBpd+TH3GKGeNVNkAC4YF75TAsatpsmUqso8JIM69Ay
zH8+7nqEglYQmiQSv9MAekFNGb2e2uICRWNRxhh05TicfNDRIXSBuVlSv32TFbgA
FYQlnHo9/Z9/9Wak/Qm1WbsmXxb4RYmBcdPU9eLaOLKH
-----END CERTIFICATE-----