Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wbqg1f1zZ0J86LeUjqkg9ohjOhM.roa
File:                     Wbqg1f1zZ0J86LeUjqkg9ohjOhM.roa (raw, json)
Hash identifier:          w2ZZG+zlCydVVKHLyaKpzRXGuU4iAz3mVt946AFXJGc=
Subject key identifier:   59:BA:A0:D5:FD:73:67:42:7C:E8:B7:94:8E:A9:20:F6:88:63:3A:13
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01944167F47BE035EDA9DF93FD31E960CEFE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wbqg1f1zZ0J86LeUjqkg9ohjOhM.roa
Signing time:             Tue 07 Jan 2025 15:35:19 +0000
ROA not before:           Tue 07 Jan 2025 15:35:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47741
IP address blocks:        82.153.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:41:67:f4:7b:e0:35:ed:a9:df:93:fd:31:e9:60:ce:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  7 15:35:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59baa0d5fd7367427ce8b7948ea920f688633a13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d7:b6:b7:98:49:e0:87:18:cd:18:48:81:d6:
                    b1:54:d4:a6:69:65:4f:40:13:ac:a0:10:09:a3:3f:
                    3f:87:a6:ba:96:9a:55:f5:62:2a:0b:cd:1f:a5:d7:
                    4e:62:9e:5f:2e:03:10:fa:45:34:ad:20:36:dd:14:
                    15:10:00:28:9b:21:74:26:2a:21:60:86:72:2f:fa:
                    59:b4:26:9a:18:0f:3b:1d:b1:45:60:ab:c8:30:d9:
                    fa:79:b3:dd:eb:e3:47:fb:36:8b:f1:5f:4a:8a:01:
                    ff:d3:67:85:33:1b:a3:0b:b4:94:36:85:c9:6a:78:
                    83:09:7a:21:dc:56:55:dd:1e:1a:12:f3:c5:01:fe:
                    23:b6:86:54:7c:05:40:a7:88:a2:9c:70:d5:f0:ae:
                    d0:13:2e:75:f9:05:7e:24:cf:c4:8f:a5:4c:89:08:
                    dc:fd:2f:3a:9e:1d:40:8f:56:d8:66:e0:39:4c:99:
                    3f:76:5f:68:63:ab:ab:f6:3f:24:86:d6:2f:23:87:
                    ab:50:55:36:74:29:a7:71:35:51:7d:d6:f7:df:d9:
                    77:67:e3:eb:81:cd:51:a2:47:28:99:4a:6b:89:1c:
                    0e:31:4f:04:11:e0:c9:6f:5e:d5:19:fa:ec:4c:8d:
                    e2:d7:31:7a:94:c8:70:6f:d5:2d:0c:47:b3:f7:23:
                    5f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:BA:A0:D5:FD:73:67:42:7C:E8:B7:94:8E:A9:20:F6:88:63:3A:13
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wbqg1f1zZ0J86LeUjqkg9ohjOhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f8:67:35:cb:37:86:a4:1d:09:44:d6:cb:eb:9f:1e:1e:cc:
         d2:50:8b:41:5b:ae:68:e8:0e:84:4c:18:74:f6:00:01:25:9b:
         69:ca:12:5c:21:b9:41:fa:5c:c0:92:f8:be:eb:f2:be:84:9c:
         cb:39:82:70:ca:7f:0f:68:9b:17:d4:24:ac:40:84:ad:70:06:
         d6:c8:b7:1a:19:6e:d2:30:ec:b3:22:39:e7:24:fc:0a:0f:12:
         1e:71:d8:2e:c7:21:f4:2c:47:c2:12:ad:65:80:66:3f:db:45:
         2b:56:02:99:af:7d:4a:77:ed:85:98:f0:6b:09:ff:e1:9f:b8:
         e9:63:29:ef:b9:d5:1b:a1:23:be:70:4d:5a:48:b7:fe:c5:9f:
         ba:e4:84:08:39:1c:7b:1d:cc:d3:47:77:f7:85:c1:26:e1:0d:
         3a:c9:f1:12:4b:60:26:ad:f2:83:b7:72:55:ad:b0:3f:3c:4e:
         45:d1:6f:aa:e7:cd:66:19:ce:c3:89:34:c4:a5:c8:f8:25:75:
         94:12:21:4d:6b:dd:d8:5b:68:46:2d:10:97:fb:3f:0c:c8:86:
         b9:5d:34:3a:1b:66:d4:f6:cc:06:0a:b1:5b:93:b6:c4:6e:97:
         34:91:b2:99:41:4e:56:a4:ee:4c:7f:c5:21:b9:98:90:b3:28:
         8f:79:64:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRBZ/R74DXtqd+T/THpYM7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTA3MTUzNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWJhYTBkNWZkNzM2NzQyN2NlOGI3OTQ4ZWE5MjBmNjg4NjMzYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApde2t5hJ4IcYzRhIgdaxVNSmaWVP
QBOsoBAJoz8/h6a6lppV9WIqC80fpddOYp5fLgMQ+kU0rSA23RQVEAAomyF0Jioh
YIZyL/pZtCaaGA87HbFFYKvIMNn6ebPd6+NH+zaL8V9KigH/02eFMxujC7SUNoXJ
aniDCXoh3FZV3R4aEvPFAf4jtoZUfAVAp4iinHDV8K7QEy51+QV+JM/Ej6VMiQjc
/S86nh1Aj1bYZuA5TJk/dl9oY6ur9j8khtYvI4erUFU2dCmncTVRfdb339l3Z+Pr
gc1RokcomUpriRwOMU8EEeDJb17VGfrsTI3i1zF6lMhwb9UtDEez9yNf6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFm6oNX9c2dCfOi3lI6pIPaIYzoTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV2JxZzFmMXpaMEo4NkxlVWpxa2c5b2hqT2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpncMA0G
CSqGSIb3DQEBCwUAA4IBAQBV+Gc1yzeGpB0JRNbL658eHszSUItBW65o6A6ETBh0
9gABJZtpyhJcIblB+lzAkvi+6/K+hJzLOYJwyn8PaJsX1CSsQIStcAbWyLcaGW7S
MOyzIjnnJPwKDxIecdguxyH0LEfCEq1lgGY/20UrVgKZr31Kd+2FmPBrCf/hn7jp
YynvudUboSO+cE1aSLf+xZ+65IQIORx7HczTR3f3hcEm4Q06yfESS2AmrfKDt3JV
rbA/PE5F0W+q581mGc7DiTTEpcj4JXWUEiFNa93YW2hGLRCX+z8MyIa5XTQ6G2bU
9swGCrFbk7bEbpc0kbKZQU5WpO5Mf8UhuZiQsyiPeWRx
-----END CERTIFICATE-----