Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/b2XsYiMu1xHQndcNQ0ucXkzeN7E.roa
File:                     b2XsYiMu1xHQndcNQ0ucXkzeN7E.roa (raw, json)
Hash identifier:          uYxfaCmhcw362gqaEMF6PdCZbjIYOfXpyFCpshaBqpM=
Subject key identifier:   6F:65:EC:62:23:2E:D7:11:D0:9D:D7:0D:43:4B:9C:5E:4C:DE:37:B1
Certificate issuer:       /CN=8756d27768e11d94a0bbcdfb3fbcd740d45a00f4
Certificate serial:       019427487CDFF155FE4AA9A10DEBA0805372
Authority key identifier: 87:56:D2:77:68:E1:1D:94:A0:BB:CD:FB:3F:BC:D7:40:D4:5A:00:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/b2XsYiMu1xHQndcNQ0ucXkzeN7E.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        82.146.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/h1bSd2jhHZSgu837P7zXQNRaAPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/h1bSd2jhHZSgu837P7zXQNRaAPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7c:df:f1:55:fe:4a:a9:a1:0d:eb:a0:80:53:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8756d27768e11d94a0bbcdfb3fbcd740d45a00f4
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f65ec62232ed711d09dd70d434b9c5e4cde37b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e0:36:fb:00:c5:f7:70:6d:6b:49:ee:a5:4c:
                    34:cf:0c:ee:d8:d5:a4:71:ef:21:16:13:e5:f0:d8:
                    7a:69:16:87:bd:da:bc:27:b2:30:e4:79:39:b6:25:
                    82:1a:e5:4b:8a:f7:14:b2:02:7c:f2:0d:af:ed:0d:
                    42:4b:28:5e:3a:6e:2e:0f:d9:e6:ad:49:4e:54:ba:
                    0f:fd:89:4b:a9:2f:96:21:3d:75:8e:99:03:3d:be:
                    b3:61:f5:04:34:c8:31:0e:e1:12:dc:50:bb:75:0e:
                    a5:13:25:51:0d:de:81:da:13:f9:6f:f4:f3:e1:d7:
                    9c:33:e1:6d:ec:a6:f7:24:be:0f:20:0c:81:fd:f7:
                    74:68:69:b3:5a:be:c0:0e:08:5f:77:4a:d8:e1:34:
                    57:af:cf:fc:26:38:84:9e:12:6d:b4:c1:9c:54:2f:
                    af:47:66:07:af:0e:e5:5e:cb:18:02:ba:59:be:ce:
                    d2:8a:95:80:a5:45:dc:39:72:f3:c1:ac:52:ad:7a:
                    25:80:9a:b7:12:9b:be:3d:95:d6:55:38:7d:74:c6:
                    e3:83:ff:14:eb:33:e3:25:b8:b3:27:76:72:e2:26:
                    23:c5:3b:7f:64:e2:a6:5c:39:50:0e:15:22:32:e6:
                    41:a0:09:95:81:c3:2c:48:00:8c:27:55:d3:43:65:
                    55:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:65:EC:62:23:2E:D7:11:D0:9D:D7:0D:43:4B:9C:5E:4C:DE:37:B1
            X509v3 Authority Key Identifier:
                keyid:87:56:D2:77:68:E1:1D:94:A0:BB:CD:FB:3F:BC:D7:40:D4:5A:00:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/b2XsYiMu1xHQndcNQ0ucXkzeN7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/h1bSd2jhHZSgu837P7zXQNRaAPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.146.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:a5:a5:fb:c1:f1:10:b0:e1:fb:bc:dc:3d:84:fa:23:a8:9f:
         fe:8e:9b:46:c3:ea:02:3a:30:0b:40:2b:33:7c:24:2e:56:4c:
         25:91:84:0c:2a:4b:5d:af:02:e1:fe:b0:f7:c2:6a:af:fe:87:
         55:42:83:52:d3:9a:8c:ce:2f:8f:bd:97:5f:a6:8a:63:5e:90:
         82:64:a8:7f:11:ab:52:06:a4:26:9b:33:a7:fb:ef:9a:d1:b7:
         78:1e:f9:c8:02:e6:24:14:4a:d8:d0:59:3e:d2:7f:df:1a:1a:
         42:6e:1d:45:2f:b5:80:77:10:b4:87:a8:07:d3:43:d5:8a:01:
         52:66:41:50:5f:c5:5c:22:47:8e:c8:f3:4a:d7:d1:5c:9d:0c:
         b3:56:85:aa:f1:49:d3:4c:54:76:44:fa:a0:e8:be:4b:8b:03:
         71:65:5b:fb:ac:68:2d:b9:04:b3:c8:78:d9:96:17:f3:13:d7:
         0f:e0:b7:87:31:c3:37:25:fd:e8:ec:bb:86:31:85:03:03:33:
         fd:45:2b:f9:b4:97:ed:a5:21:17:66:4b:14:22:80:83:28:12:
         52:fb:70:69:a5:d8:69:65:6b:cd:2a:6c:b3:03:49:36:03:e7:
         e0:69:3e:07:28:63:bb:43:1b:a1:b8:66:f1:4e:62:56:c5:bf:
         0a:9d:1c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSHzf8VX+SqmhDeuggFNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NTZkMjc3NjhlMTFkOTRhMGJiY2RmYjNmYmNkNzQwZDQ1
YTAwZjQwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjY1ZWM2MjIzMmVkNzExZDA5ZGQ3MGQ0MzRiOWM1ZTRjZGUzN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+A2+wDF93Bta0nupUw0zwzu2NWk
ce8hFhPl8Nh6aRaHvdq8J7Iw5Hk5tiWCGuVLivcUsgJ88g2v7Q1CSyheOm4uD9nm
rUlOVLoP/YlLqS+WIT11jpkDPb6zYfUENMgxDuES3FC7dQ6lEyVRDd6B2hP5b/Tz
4decM+Ft7Kb3JL4PIAyB/fd0aGmzWr7ADghfd0rY4TRXr8/8JjiEnhJttMGcVC+v
R2YHrw7lXssYArpZvs7SipWApUXcOXLzwaxSrXolgJq3Epu+PZXWVTh9dMbjg/8U
6zPjJbizJ3Zy4iYjxTt/ZOKmXDlQDhUiMuZBoAmVgcMsSACMJ1XTQ2VVQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9l7GIjLtcR0J3XDUNLnF5M3jexMB8GA1UdIwQY
MBaAFIdW0ndo4R2UoLvN+z+810DUWgD0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDFiU2QyamhIWlNndTgzN1A3elhRTlJhQVBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85NTdiYjMtMmRlNS00NWNmLWFjZjMt
YzNhMDJkN2MwNjk3LzEvYjJYc1lpTXUxeEhRbmRjTlEwdWNYa3plTjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85NTdiYjMtMmRlNS00NWNmLWFjZjMtYzNhMDJkN2MwNjk3
LzEvaDFiU2QyamhIWlNndTgzN1A3elhRTlJhQVBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUpIQMA0G
CSqGSIb3DQEBCwUAA4IBAQCUpaX7wfEQsOH7vNw9hPojqJ/+jptGw+oCOjALQCsz
fCQuVkwlkYQMKktdrwLh/rD3wmqv/odVQoNS05qMzi+PvZdfpopjXpCCZKh/EatS
BqQmmzOn+++a0bd4HvnIAuYkFErY0Fk+0n/fGhpCbh1FL7WAdxC0h6gH00PVigFS
ZkFQX8VcIkeOyPNK19FcnQyzVoWq8UnTTFR2RPqg6L5LiwNxZVv7rGgtuQSzyHjZ
lhfzE9cP4LeHMcM3Jf3o7LuGMYUDAzP9RSv5tJftpSEXZksUIoCDKBJS+3Bppdhp
ZWvNKmyzA0k2A+fgaT4HKGO7QxuhuGbxTmJWxb8KnRzQ
-----END CERTIFICATE-----