Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/9Av8yqu-QbjMMsm-zmFY7DjINQA.roa
File:                     9Av8yqu-QbjMMsm-zmFY7DjINQA.roa (raw, json)
Hash identifier:          Ilf9gfh/Zl9adF1J04lpxXCKTdbjkBrI6E3LSXUFlpo=
Subject key identifier:   F4:0B:FC:CA:AB:BE:41:B8:CC:32:C9:BE:CE:61:58:EC:38:C8:35:00
Certificate issuer:       /CN=621a130a90cb037e3803fea0bf465aa082fe3498
Certificate serial:       01904A9C8C7DA871A170A67539F9BCBFF547
Authority key identifier: 62:1A:13:0A:90:CB:03:7E:38:03:FE:A0:BF:46:5A:A0:82:FE:34:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhoTCpDLA344A_6gv0ZaoIL-NJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/9Av8yqu-QbjMMsm-zmFY7DjINQA.roa
Signing time:             Mon 24 Jun 2024 14:18:11 +0000
ROA not before:           Mon 24 Jun 2024 14:18:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212217
IP address blocks:        81.30.104.0/24 maxlen: 24
                          2a13:e280:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/YhoTCpDLA344A_6gv0ZaoIL-NJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/YhoTCpDLA344A_6gv0ZaoIL-NJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhoTCpDLA344A_6gv0ZaoIL-NJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:9c:8c:7d:a8:71:a1:70:a6:75:39:f9:bc:bf:f5:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621a130a90cb037e3803fea0bf465aa082fe3498
        Validity
            Not Before: Jun 24 14:18:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f40bfccaabbe41b8cc32c9bece6158ec38c83500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d6:cf:f4:e5:8d:67:e7:7f:cf:f5:dc:cf:d9:
                    3e:af:87:80:48:16:3b:fb:05:3c:75:52:75:8e:3d:
                    b6:8c:dc:2b:e5:c6:77:53:6c:b4:11:86:4f:48:4d:
                    15:9f:44:6f:21:48:d5:73:63:2f:27:20:34:90:35:
                    e3:6d:5c:bb:9c:db:c7:9f:e5:4a:a5:79:61:ed:f3:
                    1e:64:3a:ec:d3:ce:bc:2e:8b:32:99:a9:14:ed:65:
                    1c:2a:64:9f:6f:7f:ed:a1:51:90:36:5b:ee:d4:f3:
                    dc:03:00:f0:ef:02:5c:27:91:ba:87:3d:10:67:ba:
                    a7:71:63:12:6b:b4:24:96:11:42:ba:c9:45:5f:c0:
                    1b:57:ed:e1:ba:9e:83:ff:88:7b:30:aa:48:78:ed:
                    be:ea:04:c2:f4:ef:2a:0f:89:9d:db:f9:75:bf:bb:
                    24:61:09:ac:35:03:88:5e:b2:4c:2f:30:52:8d:b6:
                    98:55:8e:55:96:39:ce:e7:59:91:f0:6b:21:9b:b2:
                    59:fa:5a:5a:d3:17:d4:35:27:10:b5:1b:ab:8d:42:
                    e9:f5:ff:95:ec:47:02:82:27:c2:08:38:5f:22:49:
                    ed:29:b6:d6:ee:06:dc:99:86:4f:ac:bd:97:c9:c7:
                    da:bf:da:e8:2e:52:c0:2b:3d:0f:10:13:1c:c7:e1:
                    46:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:0B:FC:CA:AB:BE:41:B8:CC:32:C9:BE:CE:61:58:EC:38:C8:35:00
            X509v3 Authority Key Identifier:
                keyid:62:1A:13:0A:90:CB:03:7E:38:03:FE:A0:BF:46:5A:A0:82:FE:34:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhoTCpDLA344A_6gv0ZaoIL-NJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/9Av8yqu-QbjMMsm-zmFY7DjINQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/21492f-1663-409d-bfb2-6a0451c49d4d/1/YhoTCpDLA344A_6gv0ZaoIL-NJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.104.0/24
                IPv6:
                  2a13:e280:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:cd:6c:2c:53:ff:5a:6f:61:44:7f:6e:c5:68:8a:07:3b:0a:
         02:42:8e:37:c2:32:1d:92:37:4a:10:b5:66:c5:fc:69:d8:88:
         7f:9f:9d:ef:8e:fc:36:6c:7c:2b:c3:71:f4:1a:55:77:9e:3a:
         2d:f3:fb:be:5f:bf:fe:52:f3:09:24:34:fd:ff:f1:0e:f4:13:
         b1:63:ef:4e:70:83:a3:e4:f9:68:ba:d4:51:69:dd:fa:64:00:
         7e:b0:c6:ef:2e:c4:53:96:dd:0d:56:d1:ca:4c:ec:a2:22:d9:
         26:b4:a8:0a:91:e9:c0:f7:d6:22:45:0b:b4:16:20:9e:2b:86:
         cd:7c:20:39:bf:57:ed:00:69:35:94:8b:fa:49:92:7b:25:3b:
         90:0c:eb:7b:15:b8:94:36:36:85:7a:87:1b:48:c9:6a:33:d8:
         e8:2d:af:2c:78:0d:c3:5c:6e:ce:7e:5b:68:53:86:41:9f:60:
         41:6b:17:e6:6e:8e:4f:7d:6b:63:73:81:33:e8:2c:9e:46:86:
         3e:e5:91:cd:84:42:66:10:df:d3:c3:4e:3d:09:98:ee:a1:f1:
         c2:4d:fb:c7:1d:f1:69:07:a7:4c:50:ee:8d:a4:02:24:4d:60:
         8c:91:81:f1:ce:ab:76:eb:05:57:26:85:2f:e6:56:e6:67:4d:
         e2:2f:a9:37
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBKnIx9qHGhcKZ1Ofm8v/VHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMWExMzBhOTBjYjAzN2UzODAzZmVhMGJmNDY1YWEwODJm
ZTM0OTgwHhcNMjQwNjI0MTQxODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDBiZmNjYWFiYmU0MWI4Y2MzMmM5YmVjZTYxNThlYzM4YzgzNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudbP9OWNZ+d/z/Xcz9k+r4eASBY7
+wU8dVJ1jj22jNwr5cZ3U2y0EYZPSE0Vn0RvIUjVc2MvJyA0kDXjbVy7nNvHn+VK
pXlh7fMeZDrs0868LosymakU7WUcKmSfb3/toVGQNlvu1PPcAwDw7wJcJ5G6hz0Q
Z7qncWMSa7QklhFCuslFX8AbV+3hup6D/4h7MKpIeO2+6gTC9O8qD4md2/l1v7sk
YQmsNQOIXrJMLzBSjbaYVY5VljnO51mR8Gshm7JZ+lpa0xfUNScQtRurjULp9f+V
7EcCgifCCDhfIkntKbbW7gbcmYZPrL2Xycfav9roLlLAKz0PEBMcx+FGVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPQL/MqrvkG4zDLJvs5hWOw4yDUAMB8GA1UdIwQY
MBaAFGIaEwqQywN+OAP+oL9GWqCC/jSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhvVENwRExBMzQ0QV82Z3YwWmFvSUwtTkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yMTQ5MmYtMTY2My00MDlkLWJmYjIt
NmEwNDUxYzQ5ZDRkLzEvOUF2OHlxdS1RYmpNTXNtLXptRlk3RGpJTlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yMTQ5MmYtMTY2My00MDlkLWJmYjItNmEwNDUxYzQ5ZDRk
LzEvWWhvVENwRExBMzQ0QV82Z3YwWmFvSUwtTkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUR5oMA8E
AgACMAkDBwAqE+KAAAEwDQYJKoZIhvcNAQELBQADggEBAGzNbCxT/1pvYUR/bsVo
igc7CgJCjjfCMh2SN0oQtWbF/GnYiH+fne+O/DZsfCvDcfQaVXeeOi3z+75fv/5S
8wkkNP3/8Q70E7Fj705wg6Pk+Wi61FFp3fpkAH6wxu8uxFOW3Q1W0cpM7KIi2Sa0
qAqR6cD31iJFC7QWIJ4rhs18IDm/V+0AaTWUi/pJknslO5AM63sVuJQ2NoV6hxtI
yWoz2Ogtryx4DcNcbs5+W2hThkGfYEFrF+Zujk99a2NzgTPoLJ5Ghj7lkc2EQmYQ
39PDTj0JmO6h8cJN+8cd8WkHp0xQ7o2kAiRNYIyRgfHOq3brBVcmhS/mVuZnTeIv
qTc=
-----END CERTIFICATE-----