Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QvgrDPP52tirzVaoRRmacqQvfdU.roa
File:                     QvgrDPP52tirzVaoRRmacqQvfdU.roa (raw, json)
Hash identifier:          apzYdHkYAcpeL2ykFi8nbsXg1GaNB7F173ABlB3sb0w=
Subject key identifier:   42:F8:2B:0C:F3:F9:DA:D8:AB:CD:56:A8:45:19:9A:72:A4:2F:7D:D5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3496191FA845BCB3D163282786693C6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QvgrDPP52tirzVaoRRmacqQvfdU.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        81.168.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:61:91:fa:84:5b:cb:3d:16:32:82:78:66:93:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42f82b0cf3f9dad8abcd56a845199a72a42f7dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:36:a9:91:11:b5:08:18:68:84:b5:5b:d8:e6:
                    de:f3:2d:aa:ec:4f:a1:90:27:48:5f:18:6d:64:a7:
                    92:d5:8c:f9:bf:14:08:2b:d0:34:19:36:50:64:9b:
                    6d:d0:95:68:ab:11:71:19:06:c8:4d:f8:f1:44:a1:
                    54:dc:7a:25:a8:aa:7f:0a:a4:ea:e5:01:02:04:cb:
                    82:f4:e1:75:37:88:97:d3:52:a4:17:25:89:57:8f:
                    be:e6:55:02:ab:ca:fa:77:94:6b:97:b8:d9:8d:b8:
                    65:e6:be:55:ab:b9:d2:77:fe:44:2c:52:0b:b7:fa:
                    2c:3a:8f:9d:3b:37:d7:6d:38:89:47:71:41:93:19:
                    98:af:a5:66:ec:99:de:c1:d1:85:2a:cd:90:1e:94:
                    53:72:5b:88:86:69:8d:f4:91:6f:e9:e4:85:19:0e:
                    fc:5c:47:61:d1:55:d3:5b:db:2c:d8:f2:d0:e6:1c:
                    6d:d2:4a:f7:87:ba:7e:c1:c3:4a:22:db:f6:f6:b4:
                    93:73:8f:a2:64:3a:40:6f:7e:e2:1a:dc:de:90:ac:
                    6c:a8:79:59:18:69:aa:05:b3:fc:74:af:10:7c:8b:
                    ae:5d:07:6f:08:35:69:d1:9f:89:3c:f1:8b:97:da:
                    7e:e3:49:42:15:43:ad:c9:1a:22:98:55:08:73:86:
                    b5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F8:2B:0C:F3:F9:DA:D8:AB:CD:56:A8:45:19:9A:72:A4:2F:7D:D5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QvgrDPP52tirzVaoRRmacqQvfdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:54:f5:13:07:c9:94:24:ab:fe:ac:c2:45:60:77:f7:35:7d:
         b5:68:38:06:17:d8:74:93:e7:49:4c:f9:93:0c:91:cc:68:0d:
         6b:62:13:00:ba:14:d3:8b:bb:ea:57:61:48:8e:78:66:8c:21:
         a4:f7:e1:f3:b1:21:a4:2d:a2:d5:be:4b:a7:cd:b4:da:81:13:
         f8:92:0b:99:f8:08:2f:3a:36:fb:4d:e2:2d:bd:bc:f8:91:a4:
         fb:22:23:0a:5c:63:2a:65:24:16:fc:f5:7b:fb:89:f7:6a:f0:
         24:86:31:bb:ba:82:c9:3f:53:d5:b9:88:4c:ab:14:02:95:df:
         20:48:93:9f:61:6a:60:cc:93:a4:c4:23:6a:db:ad:6f:6d:8f:
         e9:ba:0a:dd:c1:cd:89:cd:2a:53:61:ea:9b:ab:3e:7e:bd:51:
         be:52:c4:f6:fd:34:dd:6f:c8:ff:d7:a3:c0:0c:b9:cf:1c:bd:
         6d:70:7f:d2:f4:49:4d:93:41:53:4a:71:a7:9a:60:5b:a7:b5:
         92:d0:82:8f:63:9c:0c:78:e8:6c:b5:4b:f9:c1:53:18:27:0e:
         fe:9a:c7:17:a2:16:5b:29:bc:97:5a:00:ae:8d:e8:f8:f4:73:
         24:f5:64:3d:57:a8:18:00:32:97:d9:a2:fe:15:69:16:cc:cd:
         8a:6d:5b:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWGR+oRbyz0WMoJ4ZpPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmY4MmIwY2YzZjlkYWQ4YWJjZDU2YTg0NTE5OWE3MmE0MmY3ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljapkRG1CBhohLVb2Obe8y2q7E+h
kCdIXxhtZKeS1Yz5vxQIK9A0GTZQZJtt0JVoqxFxGQbITfjxRKFU3HolqKp/CqTq
5QECBMuC9OF1N4iX01KkFyWJV4++5lUCq8r6d5Rrl7jZjbhl5r5Vq7nSd/5ELFIL
t/osOo+dOzfXbTiJR3FBkxmYr6Vm7JnewdGFKs2QHpRTcluIhmmN9JFv6eSFGQ78
XEdh0VXTW9ss2PLQ5hxt0kr3h7p+wcNKItv29rSTc4+iZDpAb37iGtzekKxsqHlZ
GGmqBbP8dK8QfIuuXQdvCDVp0Z+JPPGLl9p+40lCFUOtyRoimFUIc4a1XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEL4Kwzz+drYq81WqEUZmnKkL33VMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUXZnckRQUDUydGlyelZhb1JSbWFjcVF2ZmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUah1MA0G
CSqGSIb3DQEBCwUAA4IBAQA2VPUTB8mUJKv+rMJFYHf3NX21aDgGF9h0k+dJTPmT
DJHMaA1rYhMAuhTTi7vqV2FIjnhmjCGk9+HzsSGkLaLVvkunzbTagRP4kguZ+Agv
Ojb7TeItvbz4kaT7IiMKXGMqZSQW/PV7+4n3avAkhjG7uoLJP1PVuYhMqxQCld8g
SJOfYWpgzJOkxCNq261vbY/pugrdwc2JzSpTYeqbqz5+vVG+UsT2/TTdb8j/16PA
DLnPHL1tcH/S9ElNk0FTSnGnmmBbp7WS0IKPY5wMeOhstUv5wVMYJw7+mscXohZb
KbyXWgCujej49HMk9WQ9V6gYADKX2aL+FWkWzM2KbVvo
-----END CERTIFICATE-----