Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/syMnRaIIhqO4_1N7wY4ji-1N1n0.roa
File:                     syMnRaIIhqO4_1N7wY4ji-1N1n0.roa (raw, json)
Hash identifier:          xLlwrRRa7lej4UoLuTVmXpdnMCG6v2PpZUyS52bs58I=
Subject key identifier:   B3:23:27:45:A2:08:86:A3:B8:FF:53:7B:C1:8E:23:8B:ED:4D:D6:7D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3496367C296B4B57E434869E84F4AA9
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/syMnRaIIhqO4_1N7wY4ji-1N1n0.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212783
IP address blocks:        81.168.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:63:67:c2:96:b4:b5:7e:43:48:69:e8:4f:4a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3232745a20886a3b8ff537bc18e238bed4dd67d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b1:15:37:ab:56:c0:d6:4e:5f:a1:31:ec:a2:
                    79:f0:a1:e5:47:6b:fc:3c:15:13:b0:89:16:a1:0c:
                    fc:45:a7:72:6a:6e:75:ef:dd:d3:29:18:58:6c:97:
                    3b:f0:07:0e:ce:f7:b2:78:c4:e2:e8:75:2e:1c:c2:
                    51:78:53:da:01:b3:bf:0d:2f:b9:24:05:e4:03:27:
                    3e:10:6d:87:33:51:5a:d8:5e:9e:cc:85:cf:ca:d2:
                    ba:86:87:24:8d:6b:81:60:54:b6:d4:68:82:08:5b:
                    96:9b:00:31:12:a5:82:83:2b:70:c8:02:2f:9f:ca:
                    b3:ae:e9:d3:d8:5c:f7:07:ae:1f:26:28:38:d2:e3:
                    af:30:fa:84:54:45:be:eb:5c:ce:7d:eb:e1:85:67:
                    11:00:f5:96:01:b6:7b:cf:9a:17:0c:d4:54:e4:12:
                    95:87:3d:ba:ee:c8:bb:2b:f5:96:6e:ee:73:0d:62:
                    f4:2b:56:36:73:b6:6f:66:82:10:ff:51:cd:15:21:
                    99:ca:ec:e9:9b:93:c1:6b:57:10:92:ec:f1:72:12:
                    44:c0:9c:6c:26:9b:c3:0a:a8:0d:66:58:a3:1b:f4:
                    b0:96:2d:68:6c:ed:f2:24:6e:18:85:be:19:8f:99:
                    38:90:d6:d6:d0:04:a2:d9:c1:29:d2:b9:55:50:0d:
                    3e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:23:27:45:A2:08:86:A3:B8:FF:53:7B:C1:8E:23:8B:ED:4D:D6:7D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/syMnRaIIhqO4_1N7wY4ji-1N1n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:67:07:b3:95:70:d8:3c:73:40:2d:51:2e:bd:7a:f5:6f:f5:
         c9:b6:6a:2f:88:21:37:81:d3:30:8d:a1:36:4f:3d:20:5d:9e:
         9e:45:5c:f4:10:6b:73:95:b1:98:4e:42:3e:7a:0c:fa:b0:3b:
         a4:01:77:c0:86:d9:72:84:0f:a6:fe:36:46:78:fd:22:52:73:
         9b:85:47:05:f5:e2:16:f7:47:62:a9:0a:90:59:f2:76:fc:7e:
         e2:dc:b3:d6:95:3b:73:98:cb:8a:16:72:44:34:52:ae:0b:da:
         cc:a6:9d:26:b7:67:b9:a1:8f:f5:e2:0d:57:84:51:b9:87:9d:
         d0:41:96:3f:38:78:dd:13:94:d6:76:b0:4a:a7:cb:bb:d9:ec:
         b2:47:7a:dc:32:63:28:9a:97:86:e0:ed:b3:f3:b6:0e:0e:23:
         95:24:9e:7d:42:5e:b6:e1:0e:71:0b:f0:c8:30:98:5f:0c:27:
         3e:ef:21:c6:90:ff:46:2d:7e:b8:9c:f7:66:b6:6e:3c:1f:19:
         05:63:55:28:7c:13:13:0d:e7:1e:fa:2d:40:59:3c:d1:38:78:
         b6:7b:30:0b:80:49:fa:20:66:55:f0:29:c0:25:6f:de:81:43:
         ff:a3:b9:b9:6d:18:3e:7d:e2:7a:2b:3c:94:51:45:7e:b3:43:
         4c:56:f5:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWNnwpa0tX5DSGnoT0qpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzIzMjc0NWEyMDg4NmEzYjhmZjUzN2JjMThlMjM4YmVkNGRkNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbEVN6tWwNZOX6Ex7KJ58KHlR2v8
PBUTsIkWoQz8Radyam51793TKRhYbJc78AcOzveyeMTi6HUuHMJReFPaAbO/DS+5
JAXkAyc+EG2HM1Fa2F6ezIXPytK6hockjWuBYFS21GiCCFuWmwAxEqWCgytwyAIv
n8qzrunT2Fz3B64fJig40uOvMPqEVEW+61zOfevhhWcRAPWWAbZ7z5oXDNRU5BKV
hz267si7K/WWbu5zDWL0K1Y2c7ZvZoIQ/1HNFSGZyuzpm5PBa1cQkuzxchJEwJxs
JpvDCqgNZlijG/Swli1obO3yJG4Yhb4Zj5k4kNbW0ASi2cEp0rlVUA0+UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMjJ0WiCIajuP9Te8GOI4vtTdZ9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc3lNblJhSUlocU80XzFON3dZNGppLTFOMW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUagjMA0G
CSqGSIb3DQEBCwUAA4IBAQBUZwezlXDYPHNALVEuvXr1b/XJtmoviCE3gdMwjaE2
Tz0gXZ6eRVz0EGtzlbGYTkI+egz6sDukAXfAhtlyhA+m/jZGeP0iUnObhUcF9eIW
90diqQqQWfJ2/H7i3LPWlTtzmMuKFnJENFKuC9rMpp0mt2e5oY/14g1XhFG5h53Q
QZY/OHjdE5TWdrBKp8u72eyyR3rcMmMompeG4O2z87YODiOVJJ59Ql624Q5xC/DI
MJhfDCc+7yHGkP9GLX64nPdmtm48HxkFY1UofBMTDece+i1AWTzROHi2ezALgEn6
IGZV8CnAJW/egUP/o7m5bRg+feJ6KzyUUUV+s0NMVvU7
-----END CERTIFICATE-----