Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/u382SX9OuMSbo5aEpBkh6Q_bc-g.roa
File:                     u382SX9OuMSbo5aEpBkh6Q_bc-g.roa (raw, json)
Hash identifier:          PbF5dFWHFvjFan9sccVhaBtXVLjSr4aOHMB1tRnHijc=
Subject key identifier:   BB:7F:36:49:7F:4E:B8:C4:9B:A3:96:84:A4:19:21:E9:0F:DB:73:E8
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       0192D38C8E72F42C4CCF26ABBB5CD72244ED
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/u382SX9OuMSbo5aEpBkh6Q_bc-g.roa
Signing time:             Mon 28 Oct 2024 14:34:16 +0000
ROA not before:           Mon 28 Oct 2024 14:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        212.22.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:8c:8e:72:f4:2c:4c:cf:26:ab:bb:5c:d7:22:44:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Oct 28 14:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb7f36497f4eb8c49ba39684a41921e90fdb73e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6f:74:09:6b:a5:9e:a3:9c:53:65:72:c8:27:
                    b2:11:89:17:34:8b:c1:cd:0b:b4:0d:af:ce:71:19:
                    a2:e6:ef:dc:eb:96:1f:57:10:7f:f5:dd:1a:c1:58:
                    b0:a8:1e:4e:05:cf:8f:5e:1f:e2:e5:f9:9c:37:4a:
                    13:11:ee:47:95:18:2c:e8:30:c8:46:4e:67:20:c2:
                    64:96:93:01:46:91:45:53:4c:4d:a3:5f:3d:81:03:
                    1d:1d:7a:e4:ac:aa:08:b7:bd:ae:85:90:f1:4e:b3:
                    ac:f0:53:f6:0f:0e:df:fa:f0:5c:6e:c1:71:22:7c:
                    8a:70:97:38:c5:2f:d1:6d:dd:f8:ad:53:95:cd:b1:
                    0a:5c:fb:80:f4:1d:85:86:3a:45:85:26:f3:38:90:
                    50:d1:d9:c1:c0:5b:f6:8f:3d:4e:8f:b4:f7:a0:e7:
                    27:4b:77:11:d5:27:cf:f2:3e:09:c3:26:27:d4:65:
                    b3:37:46:d4:83:ff:c4:ff:ac:ea:dd:cc:5a:6c:9a:
                    37:f8:4c:bb:5f:b9:d7:67:3c:89:00:f4:b8:6b:0d:
                    a1:5c:bc:d8:c2:88:22:3f:f2:7b:32:f2:54:5f:db:
                    52:80:54:54:a4:01:98:8e:38:09:b8:ed:5e:eb:58:
                    c5:27:84:25:d3:56:78:11:36:e1:bf:bd:c9:5c:cb:
                    01:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:7F:36:49:7F:4E:B8:C4:9B:A3:96:84:A4:19:21:E9:0F:DB:73:E8
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/u382SX9OuMSbo5aEpBkh6Q_bc-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:fd:ed:a3:22:f6:62:f5:64:ae:a8:4d:3b:8a:f1:eb:88:b6:
         ff:34:61:f9:cb:27:6d:f0:6c:24:41:48:40:b5:e8:6e:65:7c:
         29:eb:69:ba:02:62:51:38:83:c5:c1:18:45:b4:86:af:04:25:
         07:fc:49:61:df:83:25:7b:9a:11:b3:46:15:ae:fc:4a:80:ca:
         16:d2:61:aa:f2:c9:f6:9d:18:53:15:52:d9:61:8d:bc:13:83:
         61:3f:6c:be:ed:37:4f:41:4a:55:9e:08:f3:d4:e7:59:4d:d6:
         17:b3:96:7c:fb:83:d7:96:e0:fe:76:bf:78:6b:66:f4:73:9d:
         ca:f6:12:b5:56:5a:8b:5e:c0:39:c4:4d:36:3e:cf:56:a8:84:
         bf:05:6c:2f:74:fd:ac:60:06:f8:25:33:a5:56:d3:e7:0e:1a:
         d0:07:5a:f0:8f:e9:7b:a4:f5:a3:30:7a:b9:b7:d9:ba:cd:dd:
         30:99:01:2b:e6:31:62:9f:07:8a:da:9b:55:f2:fb:06:88:e7:
         e6:a5:ee:bf:23:57:09:62:a5:dc:37:8e:1c:39:41:b6:87:69:
         30:22:60:8e:e2:f8:fe:d7:6b:75:af:af:31:64:7c:d0:88:b3:
         a4:75:0e:71:55:e1:d0:2a:67:6a:61:88:ed:62:59:49:17:e6:
         ff:79:d7:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLTjI5y9CxMzyaru1zXIkTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQxMDI4MTQzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjdmMzY0OTdmNGViOGM0OWJhMzk2ODRhNDE5MjFlOTBmZGI3M2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG90CWulnqOcU2VyyCeyEYkXNIvB
zQu0Da/OcRmi5u/c65YfVxB/9d0awViwqB5OBc+PXh/i5fmcN0oTEe5HlRgs6DDI
Rk5nIMJklpMBRpFFU0xNo189gQMdHXrkrKoIt72uhZDxTrOs8FP2Dw7f+vBcbsFx
InyKcJc4xS/Rbd34rVOVzbEKXPuA9B2FhjpFhSbzOJBQ0dnBwFv2jz1Oj7T3oOcn
S3cR1SfP8j4JwyYn1GWzN0bUg//E/6zq3cxabJo3+Ey7X7nXZzyJAPS4aw2hXLzY
wogiP/J7MvJUX9tSgFRUpAGYjjgJuO1e61jFJ4Ql01Z4ETbhv73JXMsBkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLt/Nkl/TrjEm6OWhKQZIekP23PoMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvdTM4MlNYOU91TVNibzVhRXBCa2g2UV9iYy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZMMA0G
CSqGSIb3DQEBCwUAA4IBAQAz/e2jIvZi9WSuqE07ivHriLb/NGH5yydt8GwkQUhA
tehuZXwp62m6AmJROIPFwRhFtIavBCUH/Elh34Mle5oRs0YVrvxKgMoW0mGq8sn2
nRhTFVLZYY28E4NhP2y+7TdPQUpVngjz1OdZTdYXs5Z8+4PXluD+dr94a2b0c53K
9hK1VlqLXsA5xE02Ps9WqIS/BWwvdP2sYAb4JTOlVtPnDhrQB1rwj+l7pPWjMHq5
t9m6zd0wmQEr5jFinweK2ptV8vsGiOfmpe6/I1cJYqXcN44cOUG2h2kwImCO4vj+
12t1r68xZHzQiLOkdQ5xVeHQKmdqYYjtYllJF+b/edcp
-----END CERTIFICATE-----