Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/82ISlv6lBx8dA9P-81N8V-LR25g.roa
File:                     82ISlv6lBx8dA9P-81N8V-LR25g.roa (raw, json)
Hash identifier:          yh7d8e+idi+BfjnnFo/2dsQb/Y7Vb+YgrEo6XD/5wyw=
Subject key identifier:   F3:62:12:96:FE:A5:07:1F:1D:03:D3:FE:F3:53:7C:57:E2:D1:DB:98
Certificate issuer:       /CN=9599b3e782370dc2814f525c1d6ece84d8f70f36
Certificate serial:       01933FD209E12D1B40EA7CADA6145E4B13C3
Authority key identifier: 95:99:B3:E7:82:37:0D:C2:81:4F:52:5C:1D:6E:CE:84:D8:F7:0F:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lZmz54I3DcKBT1JcHW7OhNj3DzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/82ISlv6lBx8dA9P-81N8V-LR25g.roa
Signing time:             Mon 18 Nov 2024 15:09:09 +0000
ROA not before:           Mon 18 Nov 2024 15:09:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47527
IP address blocks:        185.226.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/lZmz54I3DcKBT1JcHW7OhNj3DzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/lZmz54I3DcKBT1JcHW7OhNj3DzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lZmz54I3DcKBT1JcHW7OhNj3DzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3f:d2:09:e1:2d:1b:40:ea:7c:ad:a6:14:5e:4b:13:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9599b3e782370dc2814f525c1d6ece84d8f70f36
        Validity
            Not Before: Nov 18 15:09:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3621296fea5071f1d03d3fef3537c57e2d1db98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bf:c8:3b:54:f7:c5:50:17:ff:4d:32:61:d3:
                    55:83:5e:6e:38:ca:c4:89:b9:97:02:d1:7f:17:9b:
                    2e:21:3d:4b:33:15:09:28:e4:4e:d7:65:7f:33:43:
                    59:8d:68:2d:81:7a:91:3b:30:d7:ef:f4:b4:c0:99:
                    12:4c:f4:38:e8:8a:76:bd:39:50:49:1b:a5:6d:23:
                    79:f0:15:eb:e2:9e:07:f9:77:43:75:dc:00:e8:fd:
                    5e:5f:79:00:ac:94:3c:70:84:75:1c:48:e5:91:fe:
                    4e:eb:c9:ca:42:b4:64:28:df:18:05:dd:7b:b7:ce:
                    bf:4e:be:a1:1c:90:57:7d:a5:05:48:c3:16:11:e6:
                    af:c9:18:0c:86:e5:ae:6b:35:ee:9f:1d:bd:2d:91:
                    05:b4:23:46:95:c4:49:c3:48:ae:c3:9a:2a:5a:b4:
                    dc:35:6d:63:3c:0d:d3:0b:96:55:be:95:dd:c4:a0:
                    61:f9:07:7a:4f:04:72:a0:c9:e3:5d:3c:4e:b6:96:
                    46:9a:a2:af:5f:81:e1:c6:d0:4f:d4:95:b6:85:d7:
                    0c:2f:c3:07:62:5a:c7:f6:2d:3b:27:ef:69:83:63:
                    62:91:42:88:42:4c:42:b7:86:e9:92:08:a6:24:1a:
                    51:28:9d:8f:c9:04:d7:bb:0b:31:59:db:a8:36:ca:
                    7e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:62:12:96:FE:A5:07:1F:1D:03:D3:FE:F3:53:7C:57:E2:D1:DB:98
            X509v3 Authority Key Identifier:
                keyid:95:99:B3:E7:82:37:0D:C2:81:4F:52:5C:1D:6E:CE:84:D8:F7:0F:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lZmz54I3DcKBT1JcHW7OhNj3DzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/82ISlv6lBx8dA9P-81N8V-LR25g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/40a102-efcd-4fd2-9373-d06aa518aa6d/1/lZmz54I3DcKBT1JcHW7OhNj3DzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:d5:b9:ee:b8:54:8f:dd:6d:13:b8:63:f8:44:d4:e1:73:af:
         71:9c:b9:da:47:4d:7d:22:89:90:56:61:89:a6:20:bf:60:82:
         1f:8d:92:8b:84:5c:0e:49:31:a4:fe:18:0d:2e:e8:f6:e5:43:
         c9:00:fa:2b:51:34:6d:4a:e1:b0:a6:b4:41:aa:cc:14:05:ac:
         83:51:e6:45:25:ad:52:ce:45:71:2b:79:28:29:51:eb:30:22:
         87:f1:71:03:90:a2:ce:51:2a:ad:87:24:fc:5a:3b:8d:54:1e:
         b7:88:74:a3:10:3a:70:09:b0:19:df:ca:d7:61:7c:17:f6:e4:
         b5:ee:53:14:b4:19:f0:54:0b:e5:c9:17:7b:92:db:ee:54:78:
         e1:92:02:07:cc:02:7c:27:5b:fc:2f:ef:f8:2c:9b:be:30:d3:
         c3:b3:eb:21:13:0d:4e:9a:cc:1e:70:12:a0:53:e3:f4:d1:10:
         a7:e4:dd:97:66:c7:f3:c3:0d:81:19:66:96:dd:a3:55:32:a7:
         c7:54:96:31:7f:3f:7d:b0:93:67:18:97:a4:04:e1:cf:ff:99:
         63:be:a4:25:ea:98:f0:8d:85:40:4c:13:51:38:1f:f6:a2:a5:
         9f:a8:f2:bc:21:87:89:6b:c5:b0:97:f1:24:e4:dc:0a:d3:16:
         97:50:06:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM/0gnhLRtA6nytphReSxPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1OTliM2U3ODIzNzBkYzI4MTRmNTI1YzFkNmVjZTg0ZDhm
NzBmMzYwHhcNMjQxMTE4MTUwOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzYyMTI5NmZlYTUwNzFmMWQwM2QzZmVmMzUzN2M1N2UyZDFkYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1L/IO1T3xVAX/00yYdNVg15uOMrE
ibmXAtF/F5suIT1LMxUJKORO12V/M0NZjWgtgXqROzDX7/S0wJkSTPQ46Ip2vTlQ
SRulbSN58BXr4p4H+XdDddwA6P1eX3kArJQ8cIR1HEjlkf5O68nKQrRkKN8YBd17
t86/Tr6hHJBXfaUFSMMWEeavyRgMhuWuazXunx29LZEFtCNGlcRJw0iuw5oqWrTc
NW1jPA3TC5ZVvpXdxKBh+Qd6TwRyoMnjXTxOtpZGmqKvX4HhxtBP1JW2hdcML8MH
YlrH9i07J+9pg2NikUKIQkxCt4bpkgimJBpRKJ2PyQTXuwsxWduoNsp+kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNiEpb+pQcfHQPT/vNTfFfi0duYMB8GA1UdIwQY
MBaAFJWZs+eCNw3CgU9SXB1uzoTY9w82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFptejU0STNEY0tCVDFKY0hXN09oTmozRHpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi80MGExMDItZWZjZC00ZmQyLTkzNzMt
ZDA2YWE1MThhYTZkLzEvODJJU2x2NmxCeDhkQTlQLTgxTjhWLUxSMjVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi80MGExMDItZWZjZC00ZmQyLTkzNzMtZDA2YWE1MThhYTZk
LzEvbFptejU0STNEY0tCVDFKY0hXN09oTmozRHpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueIVMA0G
CSqGSIb3DQEBCwUAA4IBAQB61bnuuFSP3W0TuGP4RNThc69xnLnaR019IomQVmGJ
piC/YIIfjZKLhFwOSTGk/hgNLuj25UPJAPorUTRtSuGwprRBqswUBayDUeZFJa1S
zkVxK3koKVHrMCKH8XEDkKLOUSqthyT8WjuNVB63iHSjEDpwCbAZ38rXYXwX9uS1
7lMUtBnwVAvlyRd7ktvuVHjhkgIHzAJ8J1v8L+/4LJu+MNPDs+shEw1OmswecBKg
U+P00RCn5N2XZsfzww2BGWaW3aNVMqfHVJYxfz99sJNnGJekBOHP/5ljvqQl6pjw
jYVATBNROB/2oqWfqPK8IYeJa8Wwl/Ek5NwK0xaXUAbS
-----END CERTIFICATE-----