Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/hPi3Yz-IQfnghVcK_tG22EcMbZk.roa
File:                     hPi3Yz-IQfnghVcK_tG22EcMbZk.roa (raw, json)
Hash identifier:          eBUVvaZgDfjhvtgjU9lOaAKzUUmY7IXYS3AoPIKzIbQ=
Subject key identifier:   84:F8:B7:63:3F:88:41:F9:E0:85:57:0A:FE:D1:B6:D8:47:0C:6D:99
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       019424B3FA201DE27D2CA93C89C7F8184654
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/hPi3Yz-IQfnghVcK_tG22EcMbZk.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        5.181.166.0/24 maxlen: 24
                          45.81.148.0/24 maxlen: 24
                          185.229.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fa:20:1d:e2:7d:2c:a9:3c:89:c7:f8:18:46:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84f8b7633f8841f9e085570afed1b6d8470c6d99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a0:ea:22:12:53:cd:a9:e1:e1:76:81:06:09:
                    e0:22:c1:67:5a:59:3d:d2:e9:57:b8:1b:81:8d:97:
                    36:ca:be:12:62:e3:21:59:99:4f:23:b7:47:af:56:
                    09:74:d2:b3:4b:c2:75:1f:ba:b1:dc:f1:12:7d:71:
                    c1:d3:2e:32:07:37:83:ce:b7:ac:29:65:63:27:0c:
                    be:c5:8a:38:b3:ab:88:fd:06:55:f0:e8:67:c1:81:
                    1d:77:8b:db:72:c0:9c:0c:ae:3c:aa:db:5f:87:3a:
                    bb:9b:e7:09:36:22:d6:cc:63:29:0b:50:31:b3:c2:
                    ce:46:9a:1f:e5:41:2c:cb:30:d3:42:c9:8d:d9:15:
                    d5:3e:9a:a5:84:d9:85:46:7b:0c:62:7c:95:23:d4:
                    2c:2b:ce:21:1d:9b:30:b4:d1:b4:26:e3:84:d1:ac:
                    b9:70:4d:cb:e3:09:ab:1a:dc:af:a2:be:90:f5:38:
                    99:50:7d:61:22:a2:50:bc:75:60:8e:8e:20:84:69:
                    a0:e8:b4:82:6c:eb:3a:d2:91:eb:a3:a6:40:68:4c:
                    4d:b2:14:28:8f:fa:6f:3a:0e:fb:ba:e7:b9:05:57:
                    49:dc:6f:f5:43:84:6c:48:e7:19:81:c2:86:8f:c8:
                    e1:8b:04:d4:cc:20:db:ae:3a:6d:58:19:60:c0:29:
                    2f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F8:B7:63:3F:88:41:F9:E0:85:57:0A:FE:D1:B6:D8:47:0C:6D:99
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/hPi3Yz-IQfnghVcK_tG22EcMbZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.166.0/24
                  45.81.148.0/24
                  185.229.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:89:c2:4f:7d:45:63:0a:cc:93:20:31:c2:cd:e1:dd:83:90:
         2c:b2:4b:9c:7e:df:f7:f4:47:78:62:94:16:37:02:11:37:ff:
         0f:e8:dd:66:06:7f:ef:37:dc:58:f5:50:30:8c:5c:6f:7e:e0:
         02:ed:7c:b2:1c:60:1a:f3:65:7a:20:c6:16:91:c3:78:d5:3f:
         6d:5e:92:27:77:ae:85:3f:97:fc:e6:18:2f:b3:0e:85:26:d7:
         4a:77:a4:0d:b9:03:c5:bc:fb:63:8f:41:ae:4e:a7:6a:c0:44:
         f2:aa:35:14:21:1b:35:02:02:1b:ea:e0:5b:83:3c:80:51:d3:
         cb:df:44:cb:0f:cf:00:c0:e9:21:67:18:b5:85:81:16:9d:f9:
         2f:49:1d:e6:44:30:40:fc:7d:9a:cc:08:89:1a:35:82:54:f9:
         e1:9e:b7:61:7f:68:2e:6b:92:6d:da:c9:e9:f3:c9:25:b7:41:
         43:d3:46:cf:b6:73:44:c0:1f:50:83:16:3e:8a:32:d3:95:b2:
         7a:dc:0f:1d:cb:50:82:70:2a:a5:cc:bb:36:a9:e7:31:fb:46:
         2e:82:0e:6b:f5:39:43:9e:59:46:16:b0:a5:d4:7e:8d:bb:b1:
         76:5f:30:57:d0:ca:60:72:66:56:ce:e8:f3:5a:c1:e2:a8:e9:
         d5:6d:f6:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQks/ogHeJ9LKk8icf4GEZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGY4Yjc2MzNmODg0MWY5ZTA4NTU3MGFmZWQxYjZkODQ3MGM2ZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKDqIhJTzanh4XaBBgngIsFnWlk9
0ulXuBuBjZc2yr4SYuMhWZlPI7dHr1YJdNKzS8J1H7qx3PESfXHB0y4yBzeDzres
KWVjJwy+xYo4s6uI/QZV8OhnwYEdd4vbcsCcDK48qttfhzq7m+cJNiLWzGMpC1Ax
s8LORpof5UEsyzDTQsmN2RXVPpqlhNmFRnsMYnyVI9QsK84hHZswtNG0JuOE0ay5
cE3L4wmrGtyvor6Q9TiZUH1hIqJQvHVgjo4ghGmg6LSCbOs60pHro6ZAaExNshQo
j/pvOg77uue5BVdJ3G/1Q4RsSOcZgcKGj8jhiwTUzCDbrjptWBlgwCkvGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIT4t2M/iEH54IVXCv7RtthHDG2ZMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvaFBpM1l6LUlRZm5naFZjS190RzIyRWNNYlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbWmAwQA
LVGUAwQAueXzMA0GCSqGSIb3DQEBCwUAA4IBAQBWicJPfUVjCsyTIDHCzeHdg5As
skucft/39Ed4YpQWNwIRN/8P6N1mBn/vN9xY9VAwjFxvfuAC7XyyHGAa82V6IMYW
kcN41T9tXpInd66FP5f85hgvsw6FJtdKd6QNuQPFvPtjj0GuTqdqwETyqjUUIRs1
AgIb6uBbgzyAUdPL30TLD88AwOkhZxi1hYEWnfkvSR3mRDBA/H2azAiJGjWCVPnh
nrdhf2gua5Jt2snp88klt0FD00bPtnNEwB9QgxY+ijLTlbJ63A8dy1CCcCqlzLs2
qecx+0Yugg5r9TlDnllGFrCl1H6Nu7F2XzBX0MpgcmZWzujzWsHiqOnVbfbA
-----END CERTIFICATE-----