Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IZRKBo25prot30cJLmFcAyDtchM.roa
File:                     IZRKBo25prot30cJLmFcAyDtchM.roa (raw, json)
Hash identifier:          nDTnCbw/3+ryyn8eII1bIcC2WKPOudbeVhAO5TBmqEE=
Subject key identifier:   21:94:4A:06:8D:B9:A6:BA:2D:DF:47:09:2E:61:5C:03:20:ED:72:13
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495814C252CB68D018D009E9C16120
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IZRKBo25prot30cJLmFcAyDtchM.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62816
IP address blocks:        82.153.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:58:14:c2:52:cb:68:d0:18:d0:09:e9:c1:61:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21944a068db9a6ba2ddf47092e615c0320ed7213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:29:3a:01:e5:72:e3:94:0e:d4:e8:62:8b:0b:
                    92:3b:3c:8d:44:02:a6:3e:04:bb:14:fe:fb:7c:04:
                    d5:b6:2d:bc:69:16:fa:e8:40:62:ee:85:3e:91:a4:
                    1e:41:79:90:b8:c6:ed:70:fc:62:d0:e5:85:10:0b:
                    f3:4d:5b:c5:3f:38:6a:8f:8e:eb:b8:9f:41:55:43:
                    52:51:86:a8:ec:94:9e:dc:37:06:25:a9:0e:8d:88:
                    7d:28:96:97:15:e9:69:eb:fd:18:e3:b2:05:6f:e1:
                    b3:05:fd:85:fb:dc:7f:3c:eb:14:23:e8:5a:03:df:
                    8c:71:f4:e2:90:a8:5e:59:1a:f7:fe:18:c8:bd:8d:
                    50:0b:d9:05:1b:b6:20:5d:2e:bb:cb:bb:33:c6:09:
                    f8:77:9a:e6:71:fe:36:e4:4c:42:65:ea:35:9a:29:
                    da:45:46:df:54:55:94:fd:e5:64:ea:3d:1c:20:45:
                    dd:ab:d1:03:b0:6d:28:13:43:0c:82:d6:80:af:db:
                    7b:56:1b:93:08:e4:b4:e5:a0:75:86:7f:0c:0b:e5:
                    da:f6:20:c9:80:2d:2b:60:0c:37:49:a6:b1:96:2b:
                    e3:c0:b2:b4:4f:a1:e8:16:b0:df:3b:20:9b:e3:e2:
                    ed:0e:6c:e6:10:4d:97:32:8d:b4:5a:c3:93:9b:c2:
                    2b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:94:4A:06:8D:B9:A6:BA:2D:DF:47:09:2E:61:5C:03:20:ED:72:13
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IZRKBo25prot30cJLmFcAyDtchM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e7:c4:1f:2e:11:3a:2b:ee:e7:47:ad:7a:8d:31:03:d5:36:
         15:bb:3c:29:a6:dc:44:25:3f:f8:7c:e7:af:3c:cf:44:28:dc:
         83:47:2f:69:d3:a0:5c:0e:d9:7c:b0:a1:57:a4:e1:62:71:2e:
         ca:07:49:34:45:60:e5:1b:1d:c1:66:98:aa:a3:95:a1:a2:c3:
         02:ad:8d:11:df:f6:cd:08:6c:ae:d0:64:fe:c1:0a:05:42:2d:
         cb:6e:d7:4c:15:63:45:10:f1:d2:83:5e:fd:4c:98:a1:ab:f2:
         ff:65:f8:0c:5e:4d:e4:59:a9:91:22:bd:a0:51:5d:b6:1a:b4:
         dd:77:83:a5:7c:8e:92:57:95:8d:36:34:f2:82:39:14:9d:a4:
         b7:42:a6:57:cc:c6:60:35:59:ab:6b:9d:fa:bb:0c:09:d3:4c:
         f0:34:59:f0:a3:a6:3c:97:37:a7:a0:b0:92:cf:b4:5b:7d:8d:
         64:b2:a5:02:00:ce:87:36:aa:45:8e:ef:9e:e7:ce:cb:bd:7e:
         d7:4a:9b:4d:5a:ed:28:21:74:7b:b2:45:d6:21:54:e8:3a:b0:
         b9:2f:9c:b8:3f:a8:9c:d1:3c:07:5c:51:a5:93:38:5e:3d:e5:
         fc:40:1c:a0:f5:c8:d1:24:9f:19:ac:63:de:ad:92:7f:24:6b:
         8a:3a:e9:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVgUwlLLaNAY0AnpwWEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk0NGEwNjhkYjlhNmJhMmRkZjQ3MDkyZTYxNWMwMzIwZWQ3MjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCk6AeVy45QO1OhiiwuSOzyNRAKm
PgS7FP77fATVti28aRb66EBi7oU+kaQeQXmQuMbtcPxi0OWFEAvzTVvFPzhqj47r
uJ9BVUNSUYao7JSe3DcGJakOjYh9KJaXFelp6/0Y47IFb+GzBf2F+9x/POsUI+ha
A9+McfTikKheWRr3/hjIvY1QC9kFG7YgXS67y7szxgn4d5rmcf425ExCZeo1mina
RUbfVFWU/eVk6j0cIEXdq9EDsG0oE0MMgtaAr9t7VhuTCOS05aB1hn8MC+Xa9iDJ
gC0rYAw3SaaxlivjwLK0T6HoFrDfOyCb4+LtDmzmEE2XMo20WsOTm8IrZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGUSgaNuaa6Ld9HCS5hXAMg7XITMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSVpSS0JvMjVwcm90MzBjSkxtRmNBeUR0Y2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnjMA0G
CSqGSIb3DQEBCwUAA4IBAQBd58QfLhE6K+7nR616jTED1TYVuzwpptxEJT/4fOev
PM9EKNyDRy9p06BcDtl8sKFXpOFicS7KB0k0RWDlGx3BZpiqo5WhosMCrY0R3/bN
CGyu0GT+wQoFQi3LbtdMFWNFEPHSg179TJihq/L/ZfgMXk3kWamRIr2gUV22GrTd
d4OlfI6SV5WNNjTygjkUnaS3QqZXzMZgNVmra536uwwJ00zwNFnwo6Y8lzenoLCS
z7RbfY1ksqUCAM6HNqpFju+e587LvX7XSptNWu0oIXR7skXWIVToOrC5L5y4P6ic
0TwHXFGlkzhePeX8QByg9cjRJJ8ZrGPerZJ/JGuKOukd
-----END CERTIFICATE-----