Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/OYbsDpHb_iFC9TgkN-hl0t9Ag8w.roa
File:                     OYbsDpHb_iFC9TgkN-hl0t9Ag8w.roa (raw, json)
Hash identifier:          BPP5Lba3qOdQq+FGAds2IsSWGOVix63S93Qc/Uj/fsQ=
Subject key identifier:   39:86:EC:0E:91:DB:FE:21:42:F5:38:24:37:E8:65:D2:DF:40:83:CC
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0191698053E440BB1607CA74D2164FD3DB3F
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/OYbsDpHb_iFC9TgkN-hl0t9Ag8w.roa
Signing time:             Mon 19 Aug 2024 07:18:23 +0000
ROA not before:           Mon 19 Aug 2024 07:18:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216159
IP address blocks:        80.71.237.0/24 maxlen: 24
                          80.71.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:80:53:e4:40:bb:16:07:ca:74:d2:16:4f:d3:db:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Aug 19 07:18:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3986ec0e91dbfe2142f5382437e865d2df4083cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e2:c3:92:df:c0:be:e6:01:e9:63:0e:e2:de:
                    17:e1:8a:1f:31:84:4a:7d:05:68:25:ef:93:9a:e6:
                    f7:98:e4:de:8e:a1:2d:e9:3e:48:0f:f9:ad:88:fe:
                    9a:ec:89:ad:63:08:ee:3e:d0:6c:9c:20:99:78:ff:
                    32:33:05:10:3f:e3:f6:c2:22:ba:62:d4:eb:bc:1a:
                    67:24:6f:7d:44:64:ab:35:3f:f1:82:86:89:71:d5:
                    ba:7b:fe:c8:e4:d7:69:da:45:5e:65:66:d1:1a:9a:
                    21:2c:b0:a2:3a:3c:a4:b2:a9:4b:4b:58:dd:1e:50:
                    19:1c:d8:52:cd:2f:42:9d:08:3c:85:91:e0:57:8c:
                    2f:2a:9a:c8:60:ec:d7:fd:6c:49:8f:ef:d2:58:70:
                    70:bb:f7:29:62:22:96:7d:65:6d:cb:97:8e:cd:9b:
                    03:26:13:a1:5d:dd:2e:1b:42:8d:da:53:24:b3:f8:
                    d8:59:2b:90:e5:93:c3:84:9a:81:33:43:84:c0:92:
                    8d:39:0a:49:69:86:29:76:35:9a:2a:ec:c0:3b:c1:
                    5d:6d:15:4a:72:0a:d9:25:04:b8:f9:82:51:f4:e7:
                    c7:3d:50:6e:fe:0e:53:0a:29:4a:89:e7:56:7e:3f:
                    40:90:5c:b8:90:68:0a:f3:6f:50:a4:22:a6:e7:89:
                    65:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:86:EC:0E:91:DB:FE:21:42:F5:38:24:37:E8:65:D2:DF:40:83:CC
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/OYbsDpHb_iFC9TgkN-hl0t9Ag8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:54:bf:d9:e3:25:27:60:fe:49:f8:99:84:12:c1:ba:d5:39:
         78:c3:77:96:3e:16:0a:fb:62:94:d1:5a:12:0b:7f:96:7e:51:
         c7:5f:88:23:f5:37:c0:0a:63:8f:48:88:91:af:8f:91:bd:21:
         58:25:ed:a7:ef:ff:a2:2b:36:c5:64:b0:10:1a:60:d5:8f:a6:
         a9:f8:76:27:01:d3:48:6b:ed:08:e3:30:6e:61:ed:33:e4:59:
         3d:fe:aa:6f:d2:1e:2b:0d:af:20:30:56:1d:16:3d:2c:9e:88:
         83:92:3d:ba:1c:08:f9:46:25:70:b4:60:47:7d:a0:b2:66:e6:
         e8:96:02:93:8e:13:10:62:51:40:ab:6a:d7:58:b8:ac:b1:92:
         85:f4:bc:fe:fd:53:13:c6:e0:7a:f8:3e:f4:50:44:5d:5b:3d:
         da:1e:5c:58:78:cd:3b:db:e5:87:08:d3:01:1a:75:46:55:09:
         a0:63:45:02:c5:e7:a9:d0:00:ae:bf:55:f8:66:00:90:ac:5c:
         14:70:13:ba:83:e0:a2:99:c5:81:39:8a:72:55:9d:0f:23:13:
         f5:fa:8f:b9:00:8d:6d:18:89:ac:0d:6c:5c:8d:0e:5f:af:5f:
         1f:34:b6:77:f9:ae:6f:2b:b0:a8:7f:5a:82:34:c4:0d:e2:c9:
         b8:92:da:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFpgFPkQLsWB8p00hZP09s/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwODE5MDcxODIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg2ZWMwZTkxZGJmZTIxNDJmNTM4MjQzN2U4NjVkMmRmNDA4M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOLDkt/AvuYB6WMO4t4X4YofMYRK
fQVoJe+Tmub3mOTejqEt6T5ID/mtiP6a7ImtYwjuPtBsnCCZeP8yMwUQP+P2wiK6
YtTrvBpnJG99RGSrNT/xgoaJcdW6e/7I5Ndp2kVeZWbRGpohLLCiOjyksqlLS1jd
HlAZHNhSzS9CnQg8hZHgV4wvKprIYOzX/WxJj+/SWHBwu/cpYiKWfWVty5eOzZsD
JhOhXd0uG0KN2lMks/jYWSuQ5ZPDhJqBM0OEwJKNOQpJaYYpdjWaKuzAO8FdbRVK
cgrZJQS4+YJR9OfHPVBu/g5TCilKiedWfj9AkFy4kGgK829QpCKm54llfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDmG7A6R2/4hQvU4JDfoZdLfQIPMMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvT1lic0RwSGJfaUZDOVRna04taGwwdDlBZzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEftAwQA
UEfvMA0GCSqGSIb3DQEBCwUAA4IBAQB5VL/Z4yUnYP5J+JmEEsG61Tl4w3eWPhYK
+2KU0VoSC3+WflHHX4gj9TfACmOPSIiRr4+RvSFYJe2n7/+iKzbFZLAQGmDVj6ap
+HYnAdNIa+0I4zBuYe0z5Fk9/qpv0h4rDa8gMFYdFj0snoiDkj26HAj5RiVwtGBH
faCyZubolgKTjhMQYlFAq2rXWLissZKF9Lz+/VMTxuB6+D70UERdWz3aHlxYeM07
2+WHCNMBGnVGVQmgY0UCxeep0ACuv1X4ZgCQrFwUcBO6g+CimcWBOYpyVZ0PIxP1
+o+5AI1tGImsDWxcjQ5fr18fNLZ3+a5vK7Cof1qCNMQN4sm4ktpj
-----END CERTIFICATE-----