Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/82Unafdgx0Il8L1dG4wMr0aQRkI.roa
File:                     82Unafdgx0Il8L1dG4wMr0aQRkI.roa (raw, json)
Hash identifier:          MMmxa0SVhGbhILMW/VbE1eaf8jfw8B4sf54NlK+osg4=
Subject key identifier:   F3:65:27:69:F7:60:C7:42:25:F0:BD:5D:1B:8C:0C:AF:46:90:46:42
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3496837AF0990CF72B732B028041954
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/82Unafdgx0Il8L1dG4wMr0aQRkI.roa
Signing time:             Mon 01 Jan 2024 04:30:17 +0000
ROA not before:           Mon 01 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393427
IP address blocks:        82.152.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:68:37:af:09:90:cf:72:b7:32:b0:28:04:19:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3652769f760c74225f0bd5d1b8c0caf46904642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:df:42:80:8d:25:49:66:c6:0b:a3:ef:0d:88:
                    54:6e:fb:c7:a1:f1:af:d3:5e:d0:69:9f:d0:20:63:
                    ca:bc:55:97:99:14:16:70:56:8a:0b:20:b9:e7:55:
                    f7:d5:00:4c:f9:04:7d:cf:1d:24:b0:17:13:9b:5d:
                    88:55:03:76:51:cb:8e:b6:81:d3:a2:16:95:cd:0f:
                    d3:bc:75:22:ca:a1:d9:c2:eb:4c:a3:64:42:1b:b4:
                    42:04:67:e5:ab:3e:db:69:d1:e5:7c:84:ad:ec:ea:
                    d7:47:64:61:8a:ae:da:a8:3c:56:a5:8d:d9:25:a9:
                    75:67:52:73:44:95:f4:b4:f2:35:43:e4:f3:eb:16:
                    41:52:fc:e9:cf:96:79:cb:3c:1f:db:50:4f:e4:7d:
                    44:dd:86:a7:ad:1f:ff:0f:27:93:13:eb:85:c4:90:
                    65:fe:2c:63:e3:1f:c2:93:33:30:e9:23:a1:a9:8e:
                    bb:85:e3:29:e0:d2:67:32:69:ac:84:d8:4f:d2:9b:
                    3f:cd:88:2f:fc:ff:8a:ec:6d:ea:62:e4:55:17:ba:
                    b4:2c:2b:75:a8:1e:8d:a2:38:6c:cd:44:c2:fc:4a:
                    82:87:a7:4e:79:a1:43:91:54:92:b6:88:ee:6a:35:
                    ea:18:04:c8:b8:7d:48:d3:9f:31:7d:3d:d6:ca:75:
                    ea:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:65:27:69:F7:60:C7:42:25:F0:BD:5D:1B:8C:0C:AF:46:90:46:42
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/82Unafdgx0Il8L1dG4wMr0aQRkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:13:1e:de:f0:55:c0:c4:0d:56:f8:e6:2f:15:d1:43:91:bd:
         25:00:1d:da:ce:ff:95:9e:d4:cf:ff:3f:14:0d:7f:e0:52:f8:
         f6:09:fb:b7:a8:d1:fc:1a:9c:04:25:18:2c:f6:5c:12:8f:36:
         df:bd:62:34:55:85:0f:32:84:20:f8:bb:4e:50:ee:b0:28:83:
         b4:e4:9f:0e:cd:ab:a2:82:71:1c:b5:86:33:9b:69:65:69:67:
         97:1f:1f:fa:21:79:b4:4a:fd:a1:39:e1:68:39:1c:3f:e2:12:
         df:19:bd:c3:47:b1:11:18:76:8d:1c:01:a5:19:95:6f:db:2f:
         93:90:fd:ea:31:8c:d1:22:bb:b7:32:12:8e:4b:53:77:a9:6c:
         1a:b9:f0:c2:fc:bd:b7:47:ae:da:f0:15:26:ac:44:48:d8:b1:
         23:b0:9a:62:cf:2b:44:d0:0e:34:65:94:e8:01:de:31:77:18:
         8c:8b:d8:aa:81:8d:0f:88:e8:4d:12:20:c7:73:ef:dd:15:17:
         46:4d:df:ae:12:f3:58:82:f5:e8:b8:38:a7:3b:33:05:19:df:
         42:f3:dc:33:5f:a0:3f:56:27:18:f0:e4:38:d2:4d:60:99:3a:
         c1:fb:8d:bf:09:03:a4:2f:6e:72:a3:46:e6:8b:d8:4e:55:b3:
         70:82:e4:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWg3rwmQz3K3MrAoBBlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzY1Mjc2OWY3NjBjNzQyMjVmMGJkNWQxYjhjMGNhZjQ2OTA0NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst9CgI0lSWbGC6PvDYhUbvvHofGv
017QaZ/QIGPKvFWXmRQWcFaKCyC551X31QBM+QR9zx0ksBcTm12IVQN2UcuOtoHT
ohaVzQ/TvHUiyqHZwutMo2RCG7RCBGflqz7badHlfISt7OrXR2Rhiq7aqDxWpY3Z
Jal1Z1JzRJX0tPI1Q+Tz6xZBUvzpz5Z5yzwf21BP5H1E3YanrR//DyeTE+uFxJBl
/ixj4x/CkzMw6SOhqY67heMp4NJnMmmshNhP0ps/zYgv/P+K7G3qYuRVF7q0LCt1
qB6NojhszUTC/EqCh6dOeaFDkVSStojuajXqGATIuH1I058xfT3WynXq7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNlJ2n3YMdCJfC9XRuMDK9GkEZCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvODJVbmFmZGd4MElsOEwxZEc0d01yMGFRUmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpiyMA0G
CSqGSIb3DQEBCwUAA4IBAQBeEx7e8FXAxA1W+OYvFdFDkb0lAB3azv+VntTP/z8U
DX/gUvj2Cfu3qNH8GpwEJRgs9lwSjzbfvWI0VYUPMoQg+LtOUO6wKIO05J8Ozaui
gnEctYYzm2llaWeXHx/6IXm0Sv2hOeFoORw/4hLfGb3DR7ERGHaNHAGlGZVv2y+T
kP3qMYzRIru3MhKOS1N3qWwaufDC/L23R67a8BUmrERI2LEjsJpizytE0A40ZZTo
Ad4xdxiMi9iqgY0PiOhNEiDHc+/dFRdGTd+uEvNYgvXouDinOzMFGd9C89wzX6A/
VicY8OQ40k1gmTrB+42/CQOkL25yo0bmi9hOVbNwguTt
-----END CERTIFICATE-----