Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/OYUi7QZHCpvO-fcJkt0NTrTpa9U.roa
File:                     OYUi7QZHCpvO-fcJkt0NTrTpa9U.roa (raw, json)
Hash identifier:          Q0V7fLt7XFp1MduPfvEamsLEbRN1qeVQSMaqTl0RxLw=
Subject key identifier:   39:85:22:ED:06:47:0A:9B:CE:F9:F7:09:92:DD:0D:4E:B4:E9:6B:D5
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       018CC94E3825BEEF94F4579D99FB0FCF5F56
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/OYUi7QZHCpvO-fcJkt0NTrTpa9U.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211695
IP address blocks:        81.199.112.0/24 maxlen: 24
                          81.199.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:03:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:38:25:be:ef:94:f4:57:9d:99:fb:0f:cf:5f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=398522ed06470a9bcef9f70992dd0d4eb4e96bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:44:8a:c0:a6:28:a3:2d:0b:99:7c:7b:c7:b3:
                    f5:9b:2e:62:3b:e4:ab:6e:14:95:e3:ab:1c:f2:2a:
                    a8:42:df:bb:67:55:18:92:4f:84:a5:98:23:c5:df:
                    ce:52:a6:92:6d:3b:a3:79:a1:0d:1f:a6:76:0f:45:
                    c8:1e:fc:9b:f9:6a:a8:b1:ba:7a:d4:89:31:11:9e:
                    2a:21:ef:66:95:11:f8:0d:2f:31:a2:1f:e1:08:23:
                    8a:92:31:58:cf:34:c3:e6:43:e3:fe:28:98:10:15:
                    3b:d9:8b:17:ab:1b:fb:82:04:b7:8c:ff:a7:f1:61:
                    79:58:08:6e:35:8e:29:7c:08:5c:9d:3b:70:15:a3:
                    c5:a9:b5:78:f7:75:8f:e1:52:26:47:bd:8e:93:ac:
                    8b:70:8a:ac:e4:6b:1a:24:e7:2c:78:48:99:27:ea:
                    ea:07:95:bb:72:b7:b4:89:2a:a3:91:d9:23:9c:5a:
                    46:a1:77:af:73:8a:12:b9:4d:8a:94:e1:f1:3c:c3:
                    07:4a:4a:ee:dd:04:47:91:c5:f4:5f:f5:e7:f0:0f:
                    01:86:36:ab:4c:64:8a:89:7f:bb:20:e5:b0:95:0d:
                    ff:22:c1:68:26:54:5a:5b:f9:52:cb:94:35:5a:78:
                    00:f9:7b:74:dd:16:01:3b:48:ce:05:7c:ba:7c:6f:
                    73:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:85:22:ED:06:47:0A:9B:CE:F9:F7:09:92:DD:0D:4E:B4:E9:6B:D5
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/OYUi7QZHCpvO-fcJkt0NTrTpa9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:d7:26:ea:9f:f4:4b:fc:9c:00:0c:64:e4:28:11:f3:94:3b:
         26:13:e2:61:7a:ab:51:b8:5b:0d:a7:3e:cd:11:5e:e4:14:f3:
         32:de:37:11:10:05:89:22:c0:4f:7a:cf:e0:6c:17:d6:cc:66:
         14:cf:a3:a0:0e:8b:db:62:c8:a9:f1:01:ae:d7:6f:71:36:50:
         9d:c1:d7:e1:d4:dc:3c:e6:b4:f4:a3:b5:05:cc:42:3d:1d:d0:
         6b:1b:b5:db:e3:2c:70:03:34:a0:3a:30:41:c1:59:16:47:9e:
         7d:77:cc:85:51:a8:97:8f:b0:38:f7:ad:61:32:ae:18:59:d7:
         c9:9a:4d:a1:10:78:cc:17:7c:f3:d2:5a:f2:4c:67:7c:6f:31:
         45:30:36:50:e7:7a:62:13:21:ac:ad:c2:e7:3a:40:75:85:fd:
         da:10:6a:88:3f:85:2f:8e:0e:19:eb:db:b7:46:a5:8d:58:80:
         93:3d:a9:42:7a:75:be:37:96:b4:40:51:d7:2e:21:d9:7a:c8:
         ef:00:e8:cf:be:09:6c:5f:7f:33:ff:d1:31:fb:36:bc:a9:86:
         e4:c3:3e:b5:1c:b7:5d:48:cf:f5:6b:a1:d8:54:42:de:02:f2:
         dd:85:70:97:80:01:30:8b:36:7d:e6:5b:6f:01:64:a7:0c:f5:
         eb:62:69:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjglvu+U9FedmfsPz19WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg1MjJlZDA2NDcwYTliY2VmOWY3MDk5MmRkMGQ0ZWI0ZTk2YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApESKwKYooy0LmXx7x7P1my5iO+Sr
bhSV46sc8iqoQt+7Z1UYkk+EpZgjxd/OUqaSbTujeaENH6Z2D0XIHvyb+Wqosbp6
1IkxEZ4qIe9mlRH4DS8xoh/hCCOKkjFYzzTD5kPj/iiYEBU72YsXqxv7ggS3jP+n
8WF5WAhuNY4pfAhcnTtwFaPFqbV493WP4VImR72Ok6yLcIqs5GsaJOcseEiZJ+rq
B5W7cre0iSqjkdkjnFpGoXevc4oSuU2KlOHxPMMHSkru3QRHkcX0X/Xn8A8Bhjar
TGSKiX+7IOWwlQ3/IsFoJlRaW/lSy5Q1WngA+Xt03RYBO0jOBXy6fG9zTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmFIu0GRwqbzvn3CZLdDU606WvVMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvT1lVaTdRWkhDcHZPLWZjSmt0ME5UclRwYTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUcdwMA0G
CSqGSIb3DQEBCwUAA4IBAQAN1ybqn/RL/JwADGTkKBHzlDsmE+JheqtRuFsNpz7N
EV7kFPMy3jcREAWJIsBPes/gbBfWzGYUz6OgDovbYsip8QGu129xNlCdwdfh1Nw8
5rT0o7UFzEI9HdBrG7Xb4yxwAzSgOjBBwVkWR559d8yFUaiXj7A4961hMq4YWdfJ
mk2hEHjMF3zz0lryTGd8bzFFMDZQ53piEyGsrcLnOkB1hf3aEGqIP4Uvjg4Z69u3
RqWNWICTPalCenW+N5a0QFHXLiHZesjvAOjPvglsX38z/9Ex+za8qYbkwz61HLdd
SM/1a6HYVELeAvLdhXCXgAEwizZ95ltvAWSnDPXrYmlW
-----END CERTIFICATE-----