Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jZYs0dzIvS25J4lteuVc561ZAY4.roa
File:                     jZYs0dzIvS25J4lteuVc561ZAY4.roa (raw, json)
Hash identifier:          rfSaNujzpLss3LyIOfVGL5ba21k4OmOMHbD7Qk5vT8Y=
Subject key identifier:   8D:96:2C:D1:DC:C8:BD:2D:B9:27:89:6D:7A:E5:5C:E7:AD:59:01:8E
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0194B0EAD1235494F53F79A4AE9F6BE6F19D
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jZYs0dzIvS25J4lteuVc561ZAY4.roa
Signing time:             Wed 29 Jan 2025 07:16:06 +0000
ROA not before:           Wed 29 Jan 2025 07:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        82.163.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b0:ea:d1:23:54:94:f5:3f:79:a4:ae:9f:6b:e6:f1:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan 29 07:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d962cd1dcc8bd2db927896d7ae55ce7ad59018e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d6:9c:3b:92:68:ec:ae:17:3a:eb:5e:c4:af:
                    36:92:a5:29:7a:40:52:79:ce:91:9a:93:0a:af:3e:
                    63:fc:be:48:53:f6:7d:12:aa:9a:63:bc:31:1d:48:
                    9f:96:df:17:83:d3:6b:f5:82:fb:e3:83:80:11:06:
                    27:48:5e:11:be:18:23:ae:2e:19:e4:c0:61:af:cd:
                    60:3d:38:03:46:ff:fa:b8:c0:2e:28:7a:cf:a5:34:
                    eb:4e:71:a7:4f:f0:44:99:ac:97:1a:51:48:6d:c1:
                    3b:5e:e8:cf:6f:a6:ae:15:46:be:94:3f:dd:37:50:
                    64:1a:a2:8f:d8:6b:0a:78:0c:8d:36:23:d4:1b:f1:
                    e4:91:10:c2:f1:3e:c8:1d:3e:a7:d2:0d:b6:e3:57:
                    e1:67:f4:59:61:31:14:a3:fb:33:d3:04:ea:f9:0d:
                    ad:2b:2e:4a:0d:fd:3a:01:00:0d:dd:dc:38:b3:2b:
                    ce:53:97:7f:27:17:4a:bf:93:b6:e2:1d:ce:0b:39:
                    f1:12:c4:1f:35:c6:b2:7c:b0:3e:50:a0:0b:91:67:
                    fd:1b:a6:57:5c:a2:ce:dd:c0:fa:6d:e3:c5:22:65:
                    65:ea:fd:30:8e:88:8a:7a:e2:23:c6:49:52:55:41:
                    20:78:47:3f:67:75:5d:62:3a:22:1d:f5:9b:39:71:
                    72:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:96:2C:D1:DC:C8:BD:2D:B9:27:89:6D:7A:E5:5C:E7:AD:59:01:8E
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jZYs0dzIvS25J4lteuVc561ZAY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:dc:34:ca:39:cd:f6:00:6d:01:c4:93:92:f4:bc:87:8e:1e:
         64:5f:f6:48:4d:7c:f2:e0:49:21:ed:3a:c1:ca:96:40:db:fb:
         a2:e2:ae:c3:0d:6c:7e:08:41:c6:82:23:22:20:a8:7a:e4:44:
         d6:4d:44:88:d3:0d:47:d2:0d:54:a7:ef:b8:88:2a:c3:4a:6e:
         62:5c:f2:b6:e5:30:c2:93:71:7c:20:b4:ec:35:83:67:d5:57:
         a9:fb:ad:76:08:d3:ca:77:3d:36:1a:f3:e6:13:7e:62:0b:d7:
         9a:8d:c7:cb:63:1c:4b:f6:d2:5c:fa:a2:16:39:d9:50:bc:8d:
         ea:c0:a7:63:96:5e:00:fb:ba:11:3d:a1:37:b0:a5:fc:70:39:
         f6:1c:1b:a2:73:dc:92:61:0f:b2:ca:20:f8:3f:17:5a:18:dd:
         7b:c6:fe:2d:ea:74:ac:ae:64:d3:59:80:2d:b6:50:88:f7:e7:
         79:cb:79:10:9c:96:5d:ae:01:47:5a:4d:53:30:ff:4f:52:76:
         c6:ad:b4:d5:4e:2f:91:ac:5d:18:45:33:24:c8:e7:83:06:bc:
         9a:96:e1:86:68:e1:01:b7:ce:5f:29:1e:a3:7a:c7:eb:90:d8:
         51:fc:c6:a7:24:c8:d9:a9:b8:73:a3:0f:a6:3d:5f:83:53:26:
         00:e0:8e:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSw6tEjVJT1P3mkrp9r5vGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTI5MDcxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDk2MmNkMWRjYzhiZDJkYjkyNzg5NmQ3YWU1NWNlN2FkNTkwMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6NacO5Jo7K4XOutexK82kqUpekBS
ec6RmpMKrz5j/L5IU/Z9EqqaY7wxHUiflt8Xg9Nr9YL744OAEQYnSF4Rvhgjri4Z
5MBhr81gPTgDRv/6uMAuKHrPpTTrTnGnT/BEmayXGlFIbcE7XujPb6auFUa+lD/d
N1BkGqKP2GsKeAyNNiPUG/HkkRDC8T7IHT6n0g2241fhZ/RZYTEUo/sz0wTq+Q2t
Ky5KDf06AQAN3dw4syvOU5d/JxdKv5O24h3OCznxEsQfNcayfLA+UKALkWf9G6ZX
XKLO3cD6bePFImVl6v0wjoiKeuIjxklSVUEgeEc/Z3VdYjoiHfWbOXFyAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2WLNHcyL0tuSeJbXrlXOetWQGOMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvalpZczBkekl2UzI1SjRsdGV1VmM1NjFaQVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqNEMA0G
CSqGSIb3DQEBCwUAA4IBAQAv3DTKOc32AG0BxJOS9LyHjh5kX/ZITXzy4Ekh7TrB
ypZA2/ui4q7DDWx+CEHGgiMiIKh65ETWTUSI0w1H0g1Up++4iCrDSm5iXPK25TDC
k3F8ILTsNYNn1Vep+612CNPKdz02GvPmE35iC9eajcfLYxxL9tJc+qIWOdlQvI3q
wKdjll4A+7oRPaE3sKX8cDn2HBuic9ySYQ+yyiD4PxdaGN17xv4t6nSsrmTTWYAt
tlCI9+d5y3kQnJZdrgFHWk1TMP9PUnbGrbTVTi+RrF0YRTMkyOeDBryaluGGaOEB
t85fKR6jesfrkNhR/ManJMjZqbhzow+mPV+DUyYA4I4t
-----END CERTIFICATE-----