Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XtAjOJwwWSRAfkSgS6fxzbeOq7Y.roa
File:                     XtAjOJwwWSRAfkSgS6fxzbeOq7Y.roa (raw, json)
Hash identifier:          pWqSXYcrFf6RvnCkfarUcGtByiq7ejzwqCAuURNQrGg=
Subject key identifier:   5E:D0:23:38:9C:30:59:24:40:7E:44:A0:4B:A7:F1:CD:B7:8E:AB:B6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01919E17279DA7110E88A829D5E1D8E4D5FF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XtAjOJwwWSRAfkSgS6fxzbeOq7Y.roa
Signing time:             Thu 29 Aug 2024 12:23:23 +0000
ROA not before:           Thu 29 Aug 2024 12:23:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        81.168.83.0/24 maxlen: 24
                          217.145.73.0/24 maxlen: 24
                          217.145.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9e:17:27:9d:a7:11:0e:88:a8:29:d5:e1:d8:e4:d5:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 29 12:23:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ed023389c305924407e44a04ba7f1cdb78eabb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:90:54:24:2d:48:6c:12:98:44:a0:43:15:86:
                    fa:69:95:10:7a:5f:75:c7:5d:18:3d:03:ae:c9:d1:
                    bd:da:c8:53:ec:57:20:d5:4e:6b:3c:65:d4:c0:6b:
                    19:de:8c:6f:c2:e4:10:49:93:b7:b2:df:40:da:d8:
                    93:5d:be:9d:89:0a:c7:a6:d7:f3:70:1b:12:11:8d:
                    5a:8b:13:12:4f:b5:f1:cb:b4:4f:ca:46:1b:21:07:
                    86:b6:7e:6f:5c:19:ac:de:6b:2a:a3:4b:b2:68:57:
                    18:8c:1c:06:0b:e3:d3:c7:df:96:bf:69:fe:46:8b:
                    65:ec:f1:91:e9:4f:04:2f:56:5d:f6:57:3c:59:51:
                    26:f1:51:c6:5f:27:65:8c:5b:72:05:65:e9:3c:1c:
                    d9:ed:ad:75:cb:83:fd:9f:63:bb:56:53:bd:cb:a5:
                    2a:92:50:1d:c3:8a:07:4d:28:67:bc:17:95:2e:3f:
                    0c:6d:61:6d:e3:bf:df:12:3f:3e:c6:15:1e:5d:4c:
                    67:a4:f3:36:3e:3c:73:8b:21:7a:34:d3:4a:68:5e:
                    03:54:3d:34:9a:64:4b:19:19:d7:97:41:96:91:ab:
                    90:5d:39:27:fb:b8:7a:2f:aa:9d:73:17:ee:55:91:
                    15:89:41:ba:c4:1d:6b:61:1d:5e:c5:07:8a:4e:fd:
                    89:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D0:23:38:9C:30:59:24:40:7E:44:A0:4B:A7:F1:CD:B7:8E:AB:B6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XtAjOJwwWSRAfkSgS6fxzbeOq7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24
                  217.145.73.0-217.145.74.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:f9:28:4a:66:ab:f4:f7:58:98:bc:17:7a:a6:2b:e9:c8:91:
         42:15:71:13:cb:01:40:46:d0:5e:b2:26:cd:18:81:1c:59:fe:
         02:a0:a1:9e:21:5c:23:d3:d1:9a:14:cf:91:43:d2:4c:ca:94:
         49:e8:f3:6a:0e:e7:ad:be:81:77:23:9c:c3:4c:29:67:86:4f:
         d6:e8:ce:8b:ed:4d:69:ee:4b:bf:24:8e:d8:ed:bc:85:5d:df:
         95:21:97:0c:60:4a:3d:1b:33:79:96:28:e1:c3:e5:19:05:59:
         b4:15:be:f0:81:cd:59:e5:f6:78:24:38:19:d8:fd:a2:41:30:
         f3:78:ac:dd:c2:9c:1d:df:75:67:3b:4b:7f:74:56:29:9c:57:
         27:83:85:7b:4a:67:33:2a:c0:5f:02:50:64:76:26:70:63:58:
         67:96:ee:af:ed:a2:74:b9:a8:a1:17:37:ad:13:a0:b0:5b:1f:
         03:ec:70:9f:54:19:17:a6:48:31:03:f7:28:81:ab:2a:98:eb:
         cd:bd:86:f6:c2:8d:d9:64:f9:0f:76:f4:9b:3c:1c:d6:c6:88:
         67:4c:15:97:da:8a:b3:2d:9e:6f:0a:c3:02:44:27:ce:e9:af:
         85:6f:e1:7c:80:85:14:5c:00:f5:74:b6:ae:09:06:74:06:d9:
         29:33:da:7c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZGeFyedpxEOiKgp1eHY5NX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODI5MTIyMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQwMjMzODljMzA1OTI0NDA3ZTQ0YTA0YmE3ZjFjZGI3OGVhYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZBUJC1IbBKYRKBDFYb6aZUQel91
x10YPQOuydG92shT7Fcg1U5rPGXUwGsZ3oxvwuQQSZO3st9A2tiTXb6diQrHptfz
cBsSEY1aixMST7Xxy7RPykYbIQeGtn5vXBms3msqo0uyaFcYjBwGC+PTx9+Wv2n+
Rotl7PGR6U8EL1Zd9lc8WVEm8VHGXydljFtyBWXpPBzZ7a11y4P9n2O7VlO9y6Uq
klAdw4oHTShnvBeVLj8MbWFt47/fEj8+xhUeXUxnpPM2PjxziyF6NNNKaF4DVD00
mmRLGRnXl0GWkauQXTkn+7h6L6qdcxfuVZEViUG6xB1rYR1exQeKTv2J2QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFF7QIzicMFkkQH5EoEun8c23jqu2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHRBak9Kd3dXU1JBZmtTZ1M2Znh6YmVPcTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAUahTMAwD
BADZkUkDBADZkUowDQYJKoZIhvcNAQELBQADggEBAG35KEpmq/T3WJi8F3qmK+nI
kUIVcRPLAUBG0F6yJs0YgRxZ/gKgoZ4hXCPT0ZoUz5FD0kzKlEno82oO562+gXcj
nMNMKWeGT9bozovtTWnuS78kjtjtvIVd35UhlwxgSj0bM3mWKOHD5RkFWbQVvvCB
zVnl9ngkOBnY/aJBMPN4rN3CnB3fdWc7S390VimcVyeDhXtKZzMqwF8CUGR2JnBj
WGeW7q/tonS5qKEXN60ToLBbHwPscJ9UGRemSDED9yiBqyqY6829hvbCjdlk+Q92
9Js8HNbGiGdMFZfairMtnm8KwwJEJ87pr4Vv4XyAhRRcAPV0tq4JBnQG2Skz2nw=
-----END CERTIFICATE-----