Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/18gdvOWBmTeANXCo7SO7UMbsy20.roa
File:                     18gdvOWBmTeANXCo7SO7UMbsy20.roa (raw, json)
Hash identifier:          kL6XO15pte2/BTIfyJL1mwarK4N5GBeS+C9/iNx0hNI=
Subject key identifier:   D7:C8:1D:BC:E5:81:99:37:80:35:70:A8:ED:23:BB:50:C6:EC:CB:6D
Certificate issuer:       /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial:       0193200700A2F5FD2E8D08947A76F6FAA574
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/18gdvOWBmTeANXCo7SO7UMbsy20.roa
Signing time:             Tue 12 Nov 2024 10:59:09 +0000
ROA not before:           Tue 12 Nov 2024 10:59:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197731
IP address blocks:        83.137.192.0/21 maxlen: 24
                          83.137.192.0/22 maxlen: 24
                          83.137.196.0/24 maxlen: 24
                          2a00:a0c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:07:00:a2:f5:fd:2e:8d:08:94:7a:76:f6:fa:a5:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
        Validity
            Not Before: Nov 12 10:59:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7c81dbce5819937803570a8ed23bb50c6eccb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ef:df:44:16:6d:6a:04:f7:5a:db:80:38:14:
                    00:84:61:27:a6:9b:ed:46:7c:ee:44:da:8d:19:df:
                    44:51:5c:5a:80:89:0c:70:31:61:e1:b5:40:3c:f2:
                    ef:16:f5:ea:a4:bf:fc:58:1a:3f:05:6c:95:3f:ac:
                    28:87:38:a8:91:37:56:a0:c0:57:74:78:27:93:63:
                    2a:26:8a:e0:e9:ee:5f:53:8b:92:1c:bf:0e:9c:d8:
                    17:af:79:dd:c8:4d:99:1d:18:e8:74:25:35:5d:fd:
                    7a:ac:fe:37:2c:2b:86:f5:99:5a:03:e6:c9:9d:61:
                    b6:42:9b:52:f3:16:da:70:57:c4:54:27:2e:fc:98:
                    67:79:69:02:83:9a:00:d1:56:b2:01:26:87:dd:3e:
                    7f:62:aa:60:cb:9b:66:0f:ae:c8:1c:19:3e:ab:d9:
                    7d:73:32:05:a8:b2:d3:88:02:1e:c7:a2:35:ce:99:
                    4b:b6:c3:1e:0c:49:d1:fd:06:9d:0b:b5:0a:43:f1:
                    46:8f:2a:7c:c2:9b:8a:83:28:f4:5c:d4:b4:6a:4f:
                    fa:83:90:8c:73:f9:02:80:a0:16:96:75:08:cc:46:
                    e6:7b:bd:0d:77:ab:84:51:d8:a3:22:8d:b4:7e:31:
                    79:b5:8e:88:b6:3f:2e:cc:d7:f0:e1:58:02:06:57:
                    4c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C8:1D:BC:E5:81:99:37:80:35:70:A8:ED:23:BB:50:C6:EC:CB:6D
            X509v3 Authority Key Identifier:
                keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/18gdvOWBmTeANXCo7SO7UMbsy20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.192.0/21
                IPv6:
                  2a00:a0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:d9:ef:da:ba:b2:25:77:83:f9:7d:c9:d9:f7:d8:25:da:73:
         a0:01:9d:cf:95:c3:64:81:29:4d:3e:d5:38:46:05:55:33:6a:
         89:73:09:9a:ab:f7:10:a8:c2:4d:d2:03:83:31:82:46:5b:97:
         84:79:1d:81:7b:e2:1e:ae:94:db:72:2f:36:aa:0a:06:7b:5c:
         47:32:4c:ef:66:a2:b6:a2:e2:97:ce:39:02:5a:30:24:75:a5:
         a0:43:04:d0:c9:64:86:9f:8d:50:8e:d8:39:46:d7:03:18:c5:
         dd:1b:b7:4e:54:fe:22:a5:20:48:28:71:ab:9c:d0:61:d9:0e:
         7d:5e:31:c0:8b:ce:29:df:24:ce:3b:82:68:fe:64:5c:0e:60:
         c4:d8:bc:91:36:93:af:90:f0:0a:06:44:70:52:15:e3:14:a0:
         96:fe:cb:39:05:20:f3:14:db:64:64:93:dc:7c:6c:d5:47:cc:
         bb:cc:1e:24:e8:1f:d9:6e:b7:7f:6a:16:39:cd:b1:2a:52:ee:
         c8:33:40:87:3d:88:e6:ae:0f:92:b1:66:54:da:d8:e8:df:78:
         51:ab:ce:99:0b:d3:ae:fc:33:5e:2f:dc:9d:98:e8:9e:bb:21:
         e2:65:67:e0:63:4d:36:ae:0a:34:d9:8c:ea:a0:ef:e1:2c:3b:
         9f:49:45:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMgBwCi9f0ujQiUenb2+qV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjQxMTEyMTA1OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M4MWRiY2U1ODE5OTM3ODAzNTcwYThlZDIzYmI1MGM2ZWNjYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO/fRBZtagT3WtuAOBQAhGEnppvt
RnzuRNqNGd9EUVxagIkMcDFh4bVAPPLvFvXqpL/8WBo/BWyVP6wohziokTdWoMBX
dHgnk2MqJorg6e5fU4uSHL8OnNgXr3ndyE2ZHRjodCU1Xf16rP43LCuG9ZlaA+bJ
nWG2QptS8xbacFfEVCcu/JhneWkCg5oA0VayASaH3T5/Yqpgy5tmD67IHBk+q9l9
czIFqLLTiAIex6I1zplLtsMeDEnR/QadC7UKQ/FGjyp8wpuKgyj0XNS0ak/6g5CM
c/kCgKAWlnUIzEbme70Nd6uEUdijIo20fjF5tY6Itj8uzNfw4VgCBldMSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNfIHbzlgZk3gDVwqO0ju1DG7MttMB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvMThnZHZPV0JtVGVBTlhDbzdTTzdVTWJzeTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4nAMA0E
AgACMAcDBQAqAKDAMA0GCSqGSIb3DQEBCwUAA4IBAQCX2e/aurIld4P5fcnZ99gl
2nOgAZ3PlcNkgSlNPtU4RgVVM2qJcwmaq/cQqMJN0gODMYJGW5eEeR2Be+IerpTb
ci82qgoGe1xHMkzvZqK2ouKXzjkCWjAkdaWgQwTQyWSGn41Qjtg5RtcDGMXdG7dO
VP4ipSBIKHGrnNBh2Q59XjHAi84p3yTOO4Jo/mRcDmDE2LyRNpOvkPAKBkRwUhXj
FKCW/ss5BSDzFNtkZJPcfGzVR8y7zB4k6B/Zbrd/ahY5zbEqUu7IM0CHPYjmrg+S
sWZU2tjo33hRq86ZC9Ou/DNeL9ydmOieuyHiZWfgY002rgo02YzqoO/hLDufSUUV
-----END CERTIFICATE-----