Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/u8ktcQMK5Tkf7e2C2IC7drl74lI.roa
File:                     u8ktcQMK5Tkf7e2C2IC7drl74lI.roa (raw, json)
Hash identifier:          3LHl9w9dPMZOWgRSu2vSnW3aYoD5mFaP92Q1DU7uvIU=
Subject key identifier:   BB:C9:2D:71:03:0A:E5:39:1F:ED:ED:82:D8:80:BB:76:B9:7B:E2:52
Certificate issuer:       /CN=c68c65e699b576ab113a79be8828948f1e6cc260
Certificate serial:       019251CAF7F03A711C560014C387DDC849C2
Authority key identifier: C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/u8ktcQMK5Tkf7e2C2IC7drl74lI.roa
Signing time:             Thu 03 Oct 2024 09:51:49 +0000
ROA not before:           Thu 03 Oct 2024 09:51:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.115.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:ca:f7:f0:3a:71:1c:56:00:14:c3:87:dd:c8:49:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c68c65e699b576ab113a79be8828948f1e6cc260
        Validity
            Not Before: Oct  3 09:51:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbc92d71030ae5391feded82d880bb76b97be252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:7e:2f:e4:41:74:80:7b:a5:7b:bb:6e:f3:04:
                    30:2d:81:e9:36:85:4e:3d:f1:83:8c:ef:9d:bf:b6:
                    b7:8c:30:8a:d8:94:f7:3f:df:20:18:88:52:68:7e:
                    36:f4:53:06:6e:51:d5:23:20:ad:ac:cf:74:b9:2f:
                    fd:44:4b:14:bb:41:85:a0:27:b6:ac:d3:61:d3:a5:
                    45:12:f3:e6:62:d4:92:1f:6c:1d:76:09:8e:e6:9f:
                    5f:a1:14:a7:c8:05:16:59:48:66:48:19:98:41:6c:
                    39:36:5e:1b:df:29:05:f1:a9:56:3c:4b:8c:ba:45:
                    a4:d9:9e:9b:ec:72:25:bc:5f:5b:74:02:58:0f:cc:
                    88:2d:53:53:39:2d:2d:3b:e9:3e:55:c5:54:ca:4b:
                    c2:50:52:e6:cd:38:3d:84:7d:62:c2:4d:d4:fd:c6:
                    a9:19:26:fc:1a:94:84:97:35:c1:18:5e:f5:af:af:
                    84:cd:70:67:e8:13:b4:c7:ae:a2:f1:f5:c7:6d:c2:
                    d0:40:33:11:75:cf:f3:67:6e:33:81:a4:7d:aa:7a:
                    a0:53:2b:03:46:ed:ac:a8:0b:05:ff:9a:e9:73:19:
                    90:50:9c:8b:4b:02:aa:52:f4:33:20:31:3c:92:97:
                    82:2b:29:a5:bc:f7:b5:5f:0a:2f:de:8f:78:7f:3d:
                    33:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C9:2D:71:03:0A:E5:39:1F:ED:ED:82:D8:80:BB:76:B9:7B:E2:52
            X509v3 Authority Key Identifier:
                keyid:C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/u8ktcQMK5Tkf7e2C2IC7drl74lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:50:95:7d:37:95:98:1a:d1:47:79:14:e7:b7:c8:c1:ad:37:
         85:01:fd:bd:15:e9:08:f6:72:79:68:3a:56:b5:eb:6d:e5:fa:
         6e:0a:78:6c:d8:fd:35:47:15:38:ee:09:aa:80:99:0b:eb:76:
         f4:69:02:a3:f0:14:2e:c7:97:99:d5:df:47:96:e1:13:b3:a8:
         d0:48:0c:da:49:9f:0a:84:da:e0:ea:d2:00:bd:75:d3:74:78:
         df:c1:8e:81:d9:61:42:db:05:a8:b3:0c:b5:dd:28:cd:c1:82:
         de:d3:29:e9:ff:78:71:e7:2e:2e:35:8d:44:1a:1e:f1:d4:35:
         25:49:5b:50:2f:0b:0e:f0:0c:7e:8e:a1:1b:91:8d:65:b1:8e:
         73:fa:cb:55:af:a0:e8:56:c5:9d:bc:13:5f:76:ec:eb:2d:7a:
         d6:9d:26:f3:74:00:d2:23:db:0c:38:9a:7f:ff:cb:0d:65:84:
         a1:63:07:1d:75:e3:15:a7:c0:25:af:20:0a:f3:f0:84:2a:fd:
         91:27:a5:49:f0:6c:6c:5d:8d:29:c8:f0:a4:88:18:15:21:4e:
         b5:ae:6c:7f:57:a3:80:8f:a2:79:86:54:eb:a7:4d:4d:01:c3:
         f2:20:47:86:48:15:01:22:3d:d7:ba:45:23:67:88:25:62:1b:
         86:75:e1:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRyvfwOnEcVgAUw4fdyEnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OGM2NWU2OTliNTc2YWIxMTNhNzliZTg4Mjg5NDhmMWU2
Y2MyNjAwHhcNMjQxMDAzMDk1MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmM5MmQ3MTAzMGFlNTM5MWZlZGVkODJkODgwYmI3NmI5N2JlMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8X4v5EF0gHule7tu8wQwLYHpNoVO
PfGDjO+dv7a3jDCK2JT3P98gGIhSaH429FMGblHVIyCtrM90uS/9REsUu0GFoCe2
rNNh06VFEvPmYtSSH2wddgmO5p9foRSnyAUWWUhmSBmYQWw5Nl4b3ykF8alWPEuM
ukWk2Z6b7HIlvF9bdAJYD8yILVNTOS0tO+k+VcVUykvCUFLmzTg9hH1iwk3U/cap
GSb8GpSElzXBGF71r6+EzXBn6BO0x66i8fXHbcLQQDMRdc/zZ24zgaR9qnqgUysD
Ru2sqAsF/5rpcxmQUJyLSwKqUvQzIDE8kpeCKymlvPe1Xwov3o94fz0zSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvJLXEDCuU5H+3tgtiAu3a5e+JSMB8GA1UdIwQY
MBaAFMaMZeaZtXarETp5vogolI8ebMJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYt
NjA3ZDRmMzdmNTlmLzEvdThrdGNRTUs1VGtmN2UyQzJJQzdkcmw3NGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYtNjA3ZDRmMzdmNTlm
LzEveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnPZMA0G
CSqGSIb3DQEBCwUAA4IBAQCTUJV9N5WYGtFHeRTnt8jBrTeFAf29FekI9nJ5aDpW
tett5fpuCnhs2P01RxU47gmqgJkL63b0aQKj8BQux5eZ1d9HluETs6jQSAzaSZ8K
hNrg6tIAvXXTdHjfwY6B2WFC2wWoswy13SjNwYLe0ynp/3hx5y4uNY1EGh7x1DUl
SVtQLwsO8Ax+jqEbkY1lsY5z+stVr6DoVsWdvBNfduzrLXrWnSbzdADSI9sMOJp/
/8sNZYShYwcddeMVp8AlryAK8/CEKv2RJ6VJ8GxsXY0pyPCkiBgVIU61rmx/V6OA
j6J5hlTrp01NAcPyIEeGSBUBIj3XukUjZ4glYhuGdeHQ
-----END CERTIFICATE-----