Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_rbgiNGO-S27H5VBRvlSaosM5pA.roa
File:                     _rbgiNGO-S27H5VBRvlSaosM5pA.roa (raw, json)
Hash identifier:          F4Wzd0keTC9/E8Yr8BBEUoGpX4zOhFgL+3EUdrKLPwg=
Subject key identifier:   FE:B6:E0:88:D1:8E:F9:2D:BB:1F:95:41:46:F9:52:6A:8B:0C:E6:90
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1B51EA783E9D44E71827B3E60F2D8
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_rbgiNGO-S27H5VBRvlSaosM5pA.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        81.21.3.0/24 maxlen: 24
                          176.57.49.0/24 maxlen: 24
                          176.57.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b5:1e:a7:83:e9:d4:4e:71:82:7b:3e:60:f2:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=feb6e088d18ef92dbb1f954146f9526a8b0ce690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:73:92:d1:46:42:55:fa:78:0e:ff:c7:1b:85:
                    95:dc:be:92:b3:28:91:4d:75:5b:81:9f:b3:62:fc:
                    08:ef:31:15:e8:62:47:3e:b9:94:8d:c2:ed:1d:1a:
                    5a:a7:31:ec:2f:28:9a:8a:b4:90:37:53:3a:0c:7b:
                    77:1f:71:d8:a1:14:a6:28:1d:34:f0:9d:fa:9c:8d:
                    33:db:a3:c0:74:7f:b8:ee:85:2c:3c:ef:5b:0f:0d:
                    0b:5d:ff:20:8a:d2:69:f4:8c:da:c0:c6:e9:1f:18:
                    a7:0e:fe:22:83:2f:fa:53:c6:22:6c:6d:04:5a:86:
                    18:59:61:97:40:be:fa:18:0d:49:ed:30:52:8d:ec:
                    1c:91:9b:1a:e1:95:24:6c:5c:ba:e7:af:ad:85:37:
                    fc:13:65:1a:dd:18:e2:80:38:23:fd:83:01:f7:c5:
                    04:47:6b:9b:a4:7b:2c:ff:96:db:62:94:ea:c9:68:
                    05:95:31:3f:ee:c4:ac:dc:fe:8f:48:d8:31:6a:31:
                    05:61:b6:ce:c7:76:b7:03:21:3d:c5:8a:7d:e5:8b:
                    c5:da:cc:bb:e4:9e:1d:74:89:94:d7:3e:24:b5:a9:
                    74:8a:b7:5e:40:e1:b1:43:3b:33:b0:b9:31:1d:0c:
                    ae:a3:45:a8:fc:be:9f:9a:80:64:7c:b6:63:9c:b2:
                    ff:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B6:E0:88:D1:8E:F9:2D:BB:1F:95:41:46:F9:52:6A:8B:0C:E6:90
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/_rbgiNGO-S27H5VBRvlSaosM5pA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.3.0/24
                  176.57.49.0/24
                  176.57.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:7f:c6:08:fd:8a:9f:a7:bb:26:1a:a4:9e:ca:3f:ab:38:90:
         53:51:d8:0d:b6:02:3a:2c:7e:0b:95:87:7d:a7:e8:07:5e:dd:
         f6:be:bf:bd:24:22:5d:44:da:74:7a:ee:f4:b6:7b:46:5d:70:
         f1:70:6d:46:f2:0e:77:30:d6:cd:16:fc:d8:b1:9c:5c:67:6c:
         86:a2:22:89:9c:08:64:75:ea:ac:a8:2e:9e:5c:22:e4:3a:ba:
         16:5f:7f:40:a5:5d:76:39:90:a5:38:c3:49:76:c9:64:a2:e5:
         d5:81:69:3f:d4:00:73:2b:7f:e0:b0:dc:98:6a:ad:bc:a6:6d:
         80:9f:bb:0d:79:3b:02:9a:18:dd:b3:74:af:4f:6b:57:50:84:
         7d:e6:db:8f:29:09:0e:a5:80:67:4f:c7:a0:11:f3:55:fe:0c:
         54:38:02:dc:a9:38:39:0e:b3:f4:fa:3c:77:6b:ba:57:1c:5c:
         f0:9f:73:4f:da:61:cb:98:9b:50:ad:14:38:cc:89:44:26:a9:
         97:79:87:fa:d5:66:a2:24:fb:ec:15:8e:2b:61:52:c3:90:8d:
         30:c0:70:ab:7d:bb:80:dc:7f:b8:d4:8b:62:85:42:b8:04:c2:
         a7:3d:d2:c2:cb:05:13:fd:f7:79:2f:fd:59:bb:64:16:3b:9c:
         14:cb:95:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsbUep4Pp1E5xgns+YPLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWI2ZTA4OGQxOGVmOTJkYmIxZjk1NDE0NmY5NTI2YThiMGNlNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XOS0UZCVfp4Dv/HG4WV3L6SsyiR
TXVbgZ+zYvwI7zEV6GJHPrmUjcLtHRpapzHsLyiairSQN1M6DHt3H3HYoRSmKB00
8J36nI0z26PAdH+47oUsPO9bDw0LXf8gitJp9IzawMbpHxinDv4igy/6U8YibG0E
WoYYWWGXQL76GA1J7TBSjewckZsa4ZUkbFy656+thTf8E2Ua3RjigDgj/YMB98UE
R2ubpHss/5bbYpTqyWgFlTE/7sSs3P6PSNgxajEFYbbOx3a3AyE9xYp95YvF2sy7
5J4ddImU1z4ktal0irdeQOGxQzszsLkxHQyuo0Wo/L6fmoBkfLZjnLL/GQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP624IjRjvktux+VQUb5UmqLDOaQMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvX3JiZ2lOR08tUzI3SDVWQlJ2bFNhb3NNNXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAURUDAwQA
sDkxAwQAsDk6MA0GCSqGSIb3DQEBCwUAA4IBAQB9f8YI/Yqfp7smGqSeyj+rOJBT
UdgNtgI6LH4LlYd9p+gHXt32vr+9JCJdRNp0eu70tntGXXDxcG1G8g53MNbNFvzY
sZxcZ2yGoiKJnAhkdeqsqC6eXCLkOroWX39ApV12OZClOMNJdslkouXVgWk/1ABz
K3/gsNyYaq28pm2An7sNeTsCmhjds3SvT2tXUIR95tuPKQkOpYBnT8egEfNV/gxU
OALcqTg5DrP0+jx3a7pXHFzwn3NP2mHLmJtQrRQ4zIlEJqmXeYf61WaiJPvsFY4r
YVLDkI0wwHCrfbuA3H+41ItihUK4BMKnPdLCywUT/fd5L/1Zu2QWO5wUy5VN
-----END CERTIFICATE-----