Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd5824-2dde-403e-b2c4-d225032d1858/1/_5Qm160P4OiGqALIpE_z-DfyRrA.roa
File:                     _5Qm160P4OiGqALIpE_z-DfyRrA.roa (raw, json)
Hash identifier:          saM1lkoTgdMrDHvgPelAO5nEXBRcB8QQ4RXoJpJFn5k=
Subject key identifier:   FF:94:26:D7:AD:0F:E0:E8:86:A8:02:C8:A4:4F:F3:F8:37:F2:46:B0
Certificate issuer:       /CN=7271506bfab912c7b8171b96b85a099b140e6cd8
Certificate serial:       01905252C4FE3ACAA17EFDE17F2ECAD75E95
Authority key identifier: 72:71:50:6B:FA:B9:12:C7:B8:17:1B:96:B8:5A:09:9B:14:0E:6C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnFQa_q5Ese4FxuWuFoJmxQObNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd5824-2dde-403e-b2c4-d225032d1858/1/_5Qm160P4OiGqALIpE_z-DfyRrA.roa
Signing time:             Wed 26 Jun 2024 02:14:34 +0000
ROA not before:           Wed 26 Jun 2024 02:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        81.30.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd5824-2dde-403e-b2c4-d225032d1858/1/cnFQa_q5Ese4FxuWuFoJmxQObNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd5824-2dde-403e-b2c4-d225032d1858/1/cnFQa_q5Ese4FxuWuFoJmxQObNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cnFQa_q5Ese4FxuWuFoJmxQObNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:52:52:c4:fe:3a:ca:a1:7e:fd:e1:7f:2e:ca:d7:5e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7271506bfab912c7b8171b96b85a099b140e6cd8
        Validity
            Not Before: Jun 26 02:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff9426d7ad0fe0e886a802c8a44ff3f837f246b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:46:69:d2:42:98:cb:38:89:9c:9b:0c:d3:77:
                    fe:c5:c7:b6:f5:12:38:8c:cb:b3:82:6e:fa:aa:59:
                    19:31:ae:bd:8a:c4:81:60:0d:b6:17:c3:18:52:9f:
                    42:51:33:74:b6:c9:65:ab:da:48:f2:48:bd:76:aa:
                    b1:2d:54:ff:6e:98:29:32:4b:66:71:30:c8:83:06:
                    3c:0e:71:aa:d9:6a:bc:f2:50:79:49:b9:f9:d6:82:
                    fa:d2:a2:bb:7a:4b:9c:e9:2c:af:63:86:1e:64:a7:
                    41:f3:61:3b:70:ee:a7:08:a3:86:78:7c:d2:3b:b3:
                    01:a2:bf:3e:09:ff:98:c8:78:07:43:82:7e:a2:b0:
                    45:96:46:c5:6d:5b:19:a9:df:4d:0e:d4:1c:a8:f9:
                    83:ef:b1:e4:51:48:7b:dd:12:9b:32:15:aa:78:65:
                    b3:9e:08:ee:e4:45:4c:74:b9:26:0c:0d:2a:ba:ce:
                    d4:54:4c:f2:57:60:5b:a2:40:3c:12:cd:20:32:62:
                    dc:ca:a5:63:7b:2e:bb:c2:5e:c1:2b:c1:09:a7:aa:
                    34:e9:12:37:b4:08:b5:12:6a:42:91:23:f0:d2:a9:
                    bd:fd:e4:8f:c6:7d:fb:76:08:8b:cf:9c:e9:00:db:
                    c2:18:1c:60:b0:74:8a:44:b2:5f:ce:30:38:46:8c:
                    01:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:94:26:D7:AD:0F:E0:E8:86:A8:02:C8:A4:4F:F3:F8:37:F2:46:B0
            X509v3 Authority Key Identifier:
                keyid:72:71:50:6B:FA:B9:12:C7:B8:17:1B:96:B8:5A:09:9B:14:0E:6C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnFQa_q5Ese4FxuWuFoJmxQObNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd5824-2dde-403e-b2c4-d225032d1858/1/_5Qm160P4OiGqALIpE_z-DfyRrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd5824-2dde-403e-b2c4-d225032d1858/1/cnFQa_q5Ese4FxuWuFoJmxQObNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:8c:88:14:4e:d2:53:24:f7:50:25:30:f8:5a:59:81:4b:89:
         35:f1:f4:40:e8:ee:35:6d:11:ab:ac:2f:bf:0e:f2:64:fd:49:
         a1:d0:eb:1b:84:77:d4:ee:47:3e:4f:a9:77:a5:02:62:c4:03:
         40:cd:a3:99:e4:76:82:4c:27:dc:56:4a:36:8f:5b:42:1f:19:
         50:e8:68:6b:2c:32:e2:ab:e6:35:b1:f5:e1:a1:60:44:84:5d:
         dc:69:6b:f2:a3:0c:40:5a:dd:86:b2:4c:95:c3:ec:57:c7:58:
         bf:4c:a9:ad:99:9f:fe:16:9c:12:22:39:4b:9e:20:e1:24:77:
         de:fd:f7:38:66:78:3a:c9:3a:75:4b:15:f5:22:29:22:c2:fe:
         80:0b:88:94:b1:71:5a:ec:f4:d4:d6:2a:02:ff:21:a0:2e:d0:
         35:e3:c9:e7:1e:f4:d4:d6:97:fc:42:df:0b:7b:40:2b:dd:ba:
         16:58:70:83:cc:fc:06:d8:09:c9:73:76:56:bf:be:22:d9:d4:
         4b:44:16:52:61:6d:91:d0:06:9f:e9:0d:8e:cd:19:73:4a:6f:
         d6:22:9b:74:9d:fb:fa:29:56:d2:cb:b8:0d:cf:82:68:b8:bc:
         0d:b2:11:5e:83:85:61:1d:55:ae:0f:04:e4:07:52:2e:4d:45:
         c2:12:c0:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBSUsT+Osqhfv3hfy7K116VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzE1MDZiZmFiOTEyYzdiODE3MWI5NmI4NWEwOTliMTQw
ZTZjZDgwHhcNMjQwNjI2MDIxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjk0MjZkN2FkMGZlMGU4ODZhODAyYzhhNDRmZjNmODM3ZjI0NmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0Zp0kKYyziJnJsM03f+xce29RI4
jMuzgm76qlkZMa69isSBYA22F8MYUp9CUTN0tsllq9pI8ki9dqqxLVT/bpgpMktm
cTDIgwY8DnGq2Wq88lB5Sbn51oL60qK7ekuc6SyvY4YeZKdB82E7cO6nCKOGeHzS
O7MBor8+Cf+YyHgHQ4J+orBFlkbFbVsZqd9NDtQcqPmD77HkUUh73RKbMhWqeGWz
ngju5EVMdLkmDA0qus7UVEzyV2BbokA8Es0gMmLcyqVjey67wl7BK8EJp6o06RI3
tAi1EmpCkSPw0qm9/eSPxn37dgiLz5zpANvCGBxgsHSKRLJfzjA4RowBrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+UJtetD+DohqgCyKRP8/g38kawMB8GA1UdIwQY
MBaAFHJxUGv6uRLHuBcblrhaCZsUDmzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25GUWFfcTVFc2U0Rnh1V3VGb0pteFFPYk5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDU4MjQtMmRkZS00MDNlLWIyYzQt
ZDIyNTAzMmQxODU4LzEvXzVRbTE2MFA0T2lHcUFMSXBFX3otRGZ5UnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDU4MjQtMmRkZS00MDNlLWIyYzQtZDIyNTAzMmQxODU4
LzEvY25GUWFfcTVFc2U0Rnh1V3VGb0pteFFPYk5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5sMA0G
CSqGSIb3DQEBCwUAA4IBAQCIjIgUTtJTJPdQJTD4WlmBS4k18fRA6O41bRGrrC+/
DvJk/Umh0OsbhHfU7kc+T6l3pQJixANAzaOZ5HaCTCfcVko2j1tCHxlQ6GhrLDLi
q+Y1sfXhoWBEhF3caWvyowxAWt2GskyVw+xXx1i/TKmtmZ/+FpwSIjlLniDhJHfe
/fc4Zng6yTp1SxX1Iikiwv6AC4iUsXFa7PTU1ioC/yGgLtA148nnHvTU1pf8Qt8L
e0Ar3boWWHCDzPwG2AnJc3ZWv74i2dRLRBZSYW2R0Aaf6Q2OzRlzSm/WIpt0nfv6
KVbSy7gNz4JouLwNshFeg4VhHVWuDwTkB1IuTUXCEsDb
-----END CERTIFICATE-----