Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oELWZzFJyrvk5_Jjf9qQbEfiPOs.roa
File:                     oELWZzFJyrvk5_Jjf9qQbEfiPOs.roa (raw, json)
Hash identifier:          fsionTir9YzoAIT44iSlBZg/ZAh9GrYSN7OZx1hW1LM=
Subject key identifier:   A0:42:D6:67:31:49:CA:BB:E4:E7:F2:63:7F:DA:90:6C:47:E2:3C:EB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E75F3F2BCB4446B1EBB88A1247BE89EAC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oELWZzFJyrvk5_Jjf9qQbEfiPOs.roa
Signing time:             Mon 25 Mar 2024 14:11:45 +0000
ROA not before:           Mon 25 Mar 2024 14:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204316
IP address blocks:        82.152.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:f3:f2:bc:b4:44:6b:1e:bb:88:a1:24:7b:e8:9e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 14:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a042d6673149cabbe4e7f2637fda906c47e23ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ae:a3:24:4e:3a:86:e2:cf:50:72:5e:ea:a7:
                    96:93:87:f7:61:24:30:36:cc:c7:72:c7:2c:04:c3:
                    a8:71:2c:54:0e:e8:60:76:55:bb:bc:d2:1e:ff:74:
                    4d:8a:ab:c3:45:c3:4f:a6:35:47:16:34:e9:fd:77:
                    8a:ed:03:14:bf:9f:b1:f4:46:21:e3:01:95:fd:eb:
                    82:b7:03:99:47:6c:66:c1:66:15:de:6e:8d:e9:62:
                    f2:18:70:8a:5b:ee:e1:37:be:e8:40:a6:7e:11:18:
                    39:1f:3b:7d:fa:a0:13:c7:28:13:70:22:94:80:26:
                    79:5c:97:05:e1:82:ac:0f:1c:3f:81:0f:8d:e5:c8:
                    73:44:5a:8f:2a:98:d9:d5:55:b5:e1:40:b3:7b:bd:
                    60:80:0f:87:71:ce:1d:79:cf:93:43:fc:69:9b:bd:
                    5e:c8:cc:09:da:c5:b2:5a:13:b1:1b:f9:00:51:da:
                    78:c0:19:0a:1e:c7:d3:9e:32:7a:a3:f4:38:10:f4:
                    4a:5b:f0:6d:d8:da:91:b5:f1:46:39:c0:12:3e:a3:
                    6c:f3:13:3d:d3:ef:61:b2:10:87:4c:6f:3a:32:6b:
                    7c:d4:da:09:71:84:17:16:d3:bd:29:2f:80:82:e4:
                    9f:29:7e:b1:5b:7f:5a:48:3e:e8:c8:ac:42:6b:9e:
                    01:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:42:D6:67:31:49:CA:BB:E4:E7:F2:63:7F:DA:90:6C:47:E2:3C:EB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oELWZzFJyrvk5_Jjf9qQbEfiPOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:09:b5:30:4b:22:b3:6b:2f:d4:95:e9:86:4d:9b:0b:80:2a:
         a7:25:43:0b:72:02:c3:40:37:1c:7a:fb:01:8e:b7:9b:c3:fa:
         15:22:80:e6:18:38:82:b2:c6:8c:12:c3:b5:ef:6d:c7:2f:d1:
         01:18:c0:20:3f:96:85:61:d0:38:65:89:5f:52:10:53:2b:c5:
         23:1c:df:57:fd:78:94:00:f0:6d:15:56:db:cd:97:d8:36:85:
         48:21:de:a3:43:aa:6a:8a:2a:7f:1b:5a:3b:d7:c0:d7:88:56:
         cc:e2:b5:e9:b8:25:6b:eb:88:e2:de:00:b4:6e:fe:2d:68:cd:
         39:f7:4f:91:07:38:5e:c4:a0:02:fc:1c:82:a6:9a:05:12:da:
         cc:80:89:5f:c6:ee:89:f6:a3:d8:0f:1c:3f:31:80:0f:5c:35:
         6c:a9:66:bf:6f:38:67:24:d4:98:72:ef:d4:3d:da:da:67:08:
         7d:b1:07:30:15:b5:51:fe:4e:b9:b4:18:1e:97:da:56:ad:76:
         31:78:c9:b7:1d:15:6d:02:1c:71:af:41:f9:4a:ee:71:cd:71:
         0f:95:fb:4e:ab:ef:39:5c:f2:7c:de:78:d1:55:84:fc:f0:c9:
         a6:72:5c:9b:15:3f:ed:e1:b4:8c:d4:3f:b4:6b:14:bc:7a:74:
         ba:ba:26:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY518/K8tERrHruIoSR76J6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MTQxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDQyZDY2NzMxNDljYWJiZTRlN2YyNjM3ZmRhOTA2YzQ3ZTIzY2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq6jJE46huLPUHJe6qeWk4f3YSQw
NszHcscsBMOocSxUDuhgdlW7vNIe/3RNiqvDRcNPpjVHFjTp/XeK7QMUv5+x9EYh
4wGV/euCtwOZR2xmwWYV3m6N6WLyGHCKW+7hN77oQKZ+ERg5Hzt9+qATxygTcCKU
gCZ5XJcF4YKsDxw/gQ+N5chzRFqPKpjZ1VW14UCze71ggA+Hcc4dec+TQ/xpm71e
yMwJ2sWyWhOxG/kAUdp4wBkKHsfTnjJ6o/Q4EPRKW/Bt2NqRtfFGOcASPqNs8xM9
0+9hshCHTG86Mmt81NoJcYQXFtO9KS+AguSfKX6xW39aSD7oyKxCa54BYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBC1mcxScq75OfyY3/akGxH4jzrMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb0VMV1p6Rkp5cnZrNV9KamY5cVFiRWZpUE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUphsMA0G
CSqGSIb3DQEBCwUAA4IBAQBeCbUwSyKzay/UlemGTZsLgCqnJUMLcgLDQDccevsB
jrebw/oVIoDmGDiCssaMEsO1723HL9EBGMAgP5aFYdA4ZYlfUhBTK8UjHN9X/XiU
APBtFVbbzZfYNoVIId6jQ6pqiip/G1o718DXiFbM4rXpuCVr64ji3gC0bv4taM05
90+RBzhexKAC/ByCppoFEtrMgIlfxu6J9qPYDxw/MYAPXDVsqWa/bzhnJNSYcu/U
PdraZwh9sQcwFbVR/k65tBgel9pWrXYxeMm3HRVtAhxxr0H5Su5xzXEPlftOq+85
XPJ83njRVYT88MmmclybFT/t4bSM1D+0axS8enS6uiYJ
-----END CERTIFICATE-----