Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/2I_TR2utI7nSMiA3_ij1nknDl6A.roa
File:                     2I_TR2utI7nSMiA3_ij1nknDl6A.roa (raw, json)
Hash identifier:          l2wKVSmOhup4rK7OAZHxWM9Gq2tbJCr6zbRxjSr4YY8=
Subject key identifier:   D8:8F:D3:47:6B:AD:23:B9:D2:32:20:37:FE:28:F5:9E:49:C3:97:A0
Certificate issuer:       /CN=06cc2a26b31ac24bc5295d24a8e13071f2ff0d61
Certificate serial:       019165235F4A6F1A83952FD0BE91A79C2753
Authority key identifier: 06:CC:2A:26:B3:1A:C2:4B:C5:29:5D:24:A8:E1:30:71:F2:FF:0D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/2I_TR2utI7nSMiA3_ij1nknDl6A.roa
Signing time:             Sun 18 Aug 2024 10:58:22 +0000
ROA not before:           Sun 18 Aug 2024 10:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        81.30.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:65:23:5f:4a:6f:1a:83:95:2f:d0:be:91:a7:9c:27:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06cc2a26b31ac24bc5295d24a8e13071f2ff0d61
        Validity
            Not Before: Aug 18 10:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d88fd3476bad23b9d2322037fe28f59e49c397a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e6:01:9e:a2:3c:94:18:d9:47:d1:72:20:bc:
                    e9:51:50:de:24:23:39:da:99:54:ee:ea:90:04:6a:
                    f5:00:e8:6d:6d:de:1d:3f:87:00:e4:b8:bb:be:ac:
                    19:2d:17:c2:c3:bc:b7:5d:3b:76:f3:1c:1f:eb:fc:
                    e7:a4:6c:51:a3:8d:1e:5d:ed:18:28:eb:cc:4e:f6:
                    4c:ff:8c:8e:a3:33:4d:7f:9b:36:e4:04:54:80:42:
                    54:0f:ed:21:f5:23:b0:4a:9a:1f:b5:29:5c:03:a9:
                    bd:26:b2:82:bd:76:14:ff:6a:b9:cd:65:cb:15:eb:
                    26:5c:44:10:58:18:a8:bb:70:85:99:57:f6:c8:59:
                    f3:ff:5f:39:b2:85:45:52:ab:b1:9e:b0:b2:9a:07:
                    3a:80:51:76:e8:d3:9f:ec:78:af:ed:e4:04:b4:b4:
                    d0:55:15:e2:26:98:cd:8f:38:da:9f:3e:dd:c5:f9:
                    fd:cb:63:85:18:1f:be:e8:68:07:15:63:67:41:4c:
                    a3:d3:20:7d:04:5f:3e:70:bb:df:05:f6:72:b4:77:
                    fe:3f:f7:30:55:f9:94:81:3b:89:95:be:b8:09:c3:
                    8c:4b:a9:9a:9a:89:eb:07:67:d1:9b:10:53:cf:39:
                    78:ee:74:de:86:70:c9:a0:91:c2:9d:ca:db:71:de:
                    ca:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:8F:D3:47:6B:AD:23:B9:D2:32:20:37:FE:28:F5:9E:49:C3:97:A0
            X509v3 Authority Key Identifier:
                keyid:06:CC:2A:26:B3:1A:C2:4B:C5:29:5D:24:A8:E1:30:71:F2:FF:0D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/2I_TR2utI7nSMiA3_ij1nknDl6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:33:dd:52:fd:99:00:21:c9:0d:5d:3a:e4:5d:26:cb:b4:8d:
         6d:cb:2f:54:1e:3c:96:cf:a6:9d:a5:33:92:7d:57:18:95:c1:
         3e:89:a2:eb:43:86:7a:42:51:68:42:bb:0e:89:94:48:cc:3f:
         d2:82:a3:6c:bf:13:a9:34:8d:bc:1c:82:d9:6c:d4:5a:e7:c5:
         32:7c:a2:81:0c:eb:2d:98:e4:20:28:68:bf:ee:59:5f:4e:4e:
         6d:9f:cd:d4:8e:c2:d0:67:8e:bb:cb:ec:58:98:f9:9f:a1:bc:
         ca:4b:0c:5b:c1:fd:6a:a2:f2:35:05:6a:f1:8d:90:2c:2e:eb:
         47:94:03:e8:e3:7a:34:c0:16:84:33:bc:a3:ab:2b:b7:15:7c:
         35:2f:e6:c7:e6:26:73:83:52:f0:84:3e:47:d1:c1:68:81:0c:
         64:16:1c:a0:86:c9:35:1e:30:e4:1a:e6:ac:ab:4f:9f:2d:c5:
         8e:cb:b1:04:e2:e3:1b:b2:f1:6c:63:e4:2f:70:e4:b1:37:e1:
         06:b4:7d:83:51:ac:3e:63:0a:fa:a1:7d:c2:16:90:53:2e:a6:
         8d:8e:9f:54:79:4c:47:89:1e:28:14:bb:19:b1:89:92:22:3f:
         8d:c1:b9:fa:2d:d1:8a:d1:4b:1d:80:41:7b:ee:67:48:24:6e:
         7c:6d:1b:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFlI19KbxqDlS/QvpGnnCdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Y2MyYTI2YjMxYWMyNGJjNTI5NWQyNGE4ZTEzMDcxZjJm
ZjBkNjEwHhcNMjQwODE4MTA1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODhmZDM0NzZiYWQyM2I5ZDIzMjIwMzdmZTI4ZjU5ZTQ5YzM5N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuYBnqI8lBjZR9FyILzpUVDeJCM5
2plU7uqQBGr1AOhtbd4dP4cA5Li7vqwZLRfCw7y3XTt28xwf6/znpGxRo40eXe0Y
KOvMTvZM/4yOozNNf5s25ARUgEJUD+0h9SOwSpoftSlcA6m9JrKCvXYU/2q5zWXL
FesmXEQQWBiou3CFmVf2yFnz/185soVFUquxnrCymgc6gFF26NOf7Hiv7eQEtLTQ
VRXiJpjNjzjanz7dxfn9y2OFGB++6GgHFWNnQUyj0yB9BF8+cLvfBfZytHf+P/cw
VfmUgTuJlb64CcOMS6mamonrB2fRmxBTzzl47nTehnDJoJHCncrbcd7KQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiP00drrSO50jIgN/4o9Z5Jw5egMB8GA1UdIwQY
MBaAFAbMKiazGsJLxSldJKjhMHHy/w1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnN3cUpyTWF3a3ZGS1Ywa3FPRXdjZkxfRFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8xY2ZjOGEtMjdhMC00ZDc5LTgxNGYt
ZmQ4NDIxYmYyYmE5LzEvMklfVFIydXRJN25TTWlBM19pajFua25EbDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8xY2ZjOGEtMjdhMC00ZDc5LTgxNGYtZmQ4NDIxYmYyYmE5
LzEvQnN3cUpyTWF3a3ZGS1Ywa3FPRXdjZkxfRFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5mMA0G
CSqGSIb3DQEBCwUAA4IBAQA7M91S/ZkAIckNXTrkXSbLtI1tyy9UHjyWz6adpTOS
fVcYlcE+iaLrQ4Z6QlFoQrsOiZRIzD/SgqNsvxOpNI28HILZbNRa58UyfKKBDOst
mOQgKGi/7llfTk5tn83UjsLQZ467y+xYmPmfobzKSwxbwf1qovI1BWrxjZAsLutH
lAPo43o0wBaEM7yjqyu3FXw1L+bH5iZzg1LwhD5H0cFogQxkFhyghsk1HjDkGuas
q0+fLcWOy7EE4uMbsvFsY+QvcOSxN+EGtH2DUaw+Ywr6oX3CFpBTLqaNjp9UeUxH
iR4oFLsZsYmSIj+Nwbn6LdGK0UsdgEF77mdIJG58bRsR
-----END CERTIFICATE-----