Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ozL6hGZHCTqnlTIjscDI-TOinzQ.roa
File:                     ozL6hGZHCTqnlTIjscDI-TOinzQ.roa (raw, json)
Hash identifier:          DO7Cm/djGR9L5fCqy/j5zvtpoP9nEXWUGksC45qP83U=
Subject key identifier:   A3:32:FA:84:66:47:09:3A:A7:95:32:23:B1:C0:C8:F9:33:A2:9F:34
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCE24A9AEBA4E88BDC50809CA88F64EED
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ozL6hGZHCTqnlTIjscDI-TOinzQ.roa
Signing time:             Wed 03 Jan 2024 07:05:58 +0000
ROA not before:           Wed 03 Jan 2024 07:05:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200202
IP address blocks:        81.29.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:24:a9:ae:ba:4e:88:bd:c5:08:09:ca:88:f6:4e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  3 07:05:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a332fa846647093aa7953223b1c0c8f933a29f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:9c:d8:ea:c7:76:f7:7a:29:6f:da:d9:cc:
                    5a:3c:5a:49:b9:fa:c9:ce:5f:0f:a8:b4:12:ee:59:
                    e3:41:8e:f3:08:b2:80:b2:3a:75:2f:eb:b9:8c:2b:
                    a8:82:a5:28:f2:e4:20:95:a8:47:bc:8b:52:ce:0b:
                    11:f5:60:f5:49:df:15:fa:29:78:77:e5:37:a5:2b:
                    e7:3b:68:59:b8:9f:de:7f:8f:5f:c9:83:49:cc:53:
                    3c:16:cd:32:e5:fc:d9:52:0b:ce:ce:30:5b:d9:fc:
                    e3:fc:d8:90:ca:b1:8c:54:f7:e5:c7:fa:2e:a1:29:
                    6c:af:ec:53:fe:3d:4e:c6:66:30:3f:a6:72:02:8b:
                    2f:bc:50:54:e7:ae:c4:ba:60:f2:d4:90:f6:2d:6b:
                    0a:f3:63:99:b6:46:13:70:36:53:ac:2e:90:96:c7:
                    99:04:14:f9:07:95:a7:d0:5f:ef:70:b7:99:e9:55:
                    ae:30:e3:99:e8:e3:f5:71:42:78:d6:9a:d0:ad:24:
                    e3:55:cb:74:48:90:c2:25:72:fc:0d:80:a9:61:68:
                    8b:98:2e:a4:b4:e5:93:1b:0c:91:75:8c:83:3b:d9:
                    e6:69:d2:05:de:f0:f0:4a:fe:28:7d:92:cb:56:04:
                    4a:d0:5a:1b:4d:fb:d0:6e:8a:7f:a9:ae:76:40:0e:
                    b9:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:32:FA:84:66:47:09:3A:A7:95:32:23:B1:C0:C8:F9:33:A2:9F:34
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/ozL6hGZHCTqnlTIjscDI-TOinzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:86:cc:cb:2d:07:a8:a9:b6:90:de:bc:01:95:0b:b2:30:0e:
         89:68:bc:84:c8:66:5a:1d:78:a9:63:f1:87:23:d3:1b:61:4c:
         c5:d7:eb:8a:6a:87:11:71:0a:19:63:e6:04:7f:51:e6:c7:00:
         81:0c:05:ec:f0:75:2f:80:9d:4e:b3:5a:9d:6c:2a:5f:6f:56:
         fb:f9:d5:60:07:4a:3f:79:7f:dd:99:25:69:59:0f:81:37:56:
         82:02:08:a4:0c:6f:cc:b4:15:d0:17:20:e5:04:2e:f1:f5:bb:
         29:b3:b7:86:79:0b:04:a9:60:11:b8:2a:4d:2c:25:48:85:46:
         22:fc:4b:09:86:1a:81:ef:4a:7e:5d:b1:46:79:41:7e:ef:83:
         4d:08:a6:a8:28:6d:3f:8d:6f:c3:0a:41:a5:8a:53:24:f4:07:
         75:28:3d:3f:9e:b7:cf:89:3b:d4:71:6c:53:4d:de:64:ff:ba:
         78:48:a2:5a:c5:fc:1c:21:91:35:ee:8f:1d:9d:de:ee:38:c6:
         e6:fb:e6:66:7f:1d:52:a2:bd:fc:c7:ed:77:a1:89:92:6b:ae:
         3f:f9:86:04:98:2c:0e:81:d7:18:28:c2:c1:95:f1:7d:b1:16:
         bf:48:ad:76:27:67:5b:c0:e2:d2:3d:8b:21:d5:54:b8:d9:de:
         ba:e0:5f:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzOJKmuuk6IvcUICcqI9k7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAzMDcwNTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzMyZmE4NDY2NDcwOTNhYTc5NTMyMjNiMWMwYzhmOTMzYTI5ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv26c2OrHdvd6KW/a2cxaPFpJufrJ
zl8PqLQS7lnjQY7zCLKAsjp1L+u5jCuogqUo8uQglahHvItSzgsR9WD1Sd8V+il4
d+U3pSvnO2hZuJ/ef49fyYNJzFM8Fs0y5fzZUgvOzjBb2fzj/NiQyrGMVPflx/ou
oSlsr+xT/j1OxmYwP6ZyAosvvFBU567EumDy1JD2LWsK82OZtkYTcDZTrC6QlseZ
BBT5B5Wn0F/vcLeZ6VWuMOOZ6OP1cUJ41prQrSTjVct0SJDCJXL8DYCpYWiLmC6k
tOWTGwyRdYyDO9nmadIF3vDwSv4ofZLLVgRK0FobTfvQbop/qa52QA65ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMy+oRmRwk6p5UyI7HAyPkzop80MB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvb3pMNmhHWkhDVHFubFRJanNjREktVE9pbnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2XMA0G
CSqGSIb3DQEBCwUAA4IBAQAfhszLLQeoqbaQ3rwBlQuyMA6JaLyEyGZaHXipY/GH
I9MbYUzF1+uKaocRcQoZY+YEf1HmxwCBDAXs8HUvgJ1Os1qdbCpfb1b7+dVgB0o/
eX/dmSVpWQ+BN1aCAgikDG/MtBXQFyDlBC7x9bsps7eGeQsEqWARuCpNLCVIhUYi
/EsJhhqB70p+XbFGeUF+74NNCKaoKG0/jW/DCkGlilMk9Ad1KD0/nrfPiTvUcWxT
Td5k/7p4SKJaxfwcIZE17o8dnd7uOMbm++Zmfx1Sor38x+13oYmSa64/+YYEmCwO
gdcYKMLBlfF9sRa/SK12J2dbwOLSPYsh1VS42d664F85
-----END CERTIFICATE-----