Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l65fOer3x7UdjOzIEQXFj6uh_Ns.roa
File:                     l65fOer3x7UdjOzIEQXFj6uh_Ns.roa (raw, json)
Hash identifier:          jPgyyqoZ5S3J7DPoZ7yZ15WVGFeY6+PC6ca7bqJqHig=
Subject key identifier:   97:AE:5F:39:EA:F7:C7:B5:1D:8C:EC:C8:11:05:C5:8F:AB:A1:FC:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143D0D17988FCD0D43E2136F601CF88
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l65fOer3x7UdjOzIEQXFj6uh_Ns.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        82.153.231.0/24 maxlen: 24
                          109.176.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d0:d1:79:88:fc:d0:d4:3e:21:36:f6:01:cf:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97ae5f39eaf7c7b51d8cecc81105c58faba1fcdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3a:4f:39:46:87:ee:bb:8c:ed:9a:2d:ba:3d:
                    8f:30:31:9b:c6:eb:a7:4d:9d:ae:d0:be:9d:9f:01:
                    a0:09:15:ce:fc:ce:c6:72:27:50:a0:5b:ff:99:4c:
                    4e:10:43:ca:02:00:bd:23:4d:77:86:e8:9b:e5:73:
                    f4:52:9c:38:c3:3d:76:b2:42:a8:b2:eb:f1:cf:07:
                    54:0b:b4:e7:82:5d:b4:90:70:e3:aa:83:98:c6:78:
                    b9:13:2d:54:64:31:a3:63:aa:35:e8:86:11:f8:31:
                    2f:f0:f9:09:75:b7:db:82:7f:c2:ef:dc:24:a9:4a:
                    55:74:d3:78:d8:d0:a7:13:90:24:83:93:d6:7d:b3:
                    46:8a:f1:8d:70:3d:97:7f:6d:03:3a:0d:9f:ad:98:
                    07:bd:de:57:4a:1c:e7:6d:52:05:d0:53:36:cf:07:
                    aa:8f:50:1a:dc:ec:ce:88:6a:af:85:bb:bd:04:33:
                    ed:55:7d:df:45:cb:3c:72:71:a3:be:78:0e:77:62:
                    0e:5e:46:94:20:83:89:45:96:d0:1e:d0:3f:b4:83:
                    2c:9e:ef:d3:f7:3c:ba:13:8b:22:a3:ce:f3:d0:81:
                    49:d5:3a:92:11:41:eb:97:9b:90:47:36:34:10:62:
                    ea:3c:34:3f:e2:9e:cf:ff:bd:31:de:60:78:a0:84:
                    c0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AE:5F:39:EA:F7:C7:B5:1D:8C:EC:C8:11:05:C5:8F:AB:A1:FC:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/l65fOer3x7UdjOzIEQXFj6uh_Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.231.0/24
                  109.176.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:12:fe:43:2b:3d:aa:e7:3a:44:60:96:ab:63:75:7f:f4:89:
         01:ab:4b:ef:c9:6d:24:84:b4:d6:46:b6:0d:ec:0b:26:8a:1f:
         94:1a:51:fe:66:97:54:6b:a6:ab:44:db:81:67:21:57:c6:eb:
         04:b2:d1:a6:96:e9:7d:91:d5:a5:51:16:54:2a:48:de:a8:01:
         7e:46:c3:a9:34:e3:1f:a3:21:6f:5e:ef:26:82:a9:59:00:69:
         98:ce:93:f3:41:50:38:e2:88:3f:54:d0:2e:74:90:04:5b:90:
         4e:55:1f:65:19:15:a6:cf:34:0d:8d:fb:49:5d:0e:e1:4b:d4:
         33:ad:95:5a:2a:ee:1e:c2:d6:f7:c9:ad:7f:99:63:c9:7e:e4:
         33:7a:ca:f6:9f:5f:9c:5b:0d:ee:da:c7:23:f8:cb:67:7e:58:
         aa:11:55:a1:96:b4:22:76:26:f0:4d:7c:0d:36:9b:10:ab:6a:
         88:48:ae:43:5c:ca:08:90:69:ea:9b:eb:04:bf:99:53:a5:7f:
         bc:f9:62:f2:c8:fd:c2:46:f4:19:6e:51:e6:19:53:76:4e:0c:
         e5:3b:02:7c:a7:66:12:09:69:9c:ca:5b:d7:71:1e:1a:56:2e:
         84:bd:77:47:08:1c:e7:99:1a:4f:a8:e4:5b:bc:2b:88:5b:26:
         1b:d8:b4:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ9DReYj80NQ+ITb2Ac+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2FlNWYzOWVhZjdjN2I1MWQ4Y2VjYzgxMTA1YzU4ZmFiYTFmY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjpPOUaH7ruM7Zotuj2PMDGbxuun
TZ2u0L6dnwGgCRXO/M7GcidQoFv/mUxOEEPKAgC9I013huib5XP0Upw4wz12skKo
suvxzwdUC7Tngl20kHDjqoOYxni5Ey1UZDGjY6o16IYR+DEv8PkJdbfbgn/C79wk
qUpVdNN42NCnE5Akg5PWfbNGivGNcD2Xf20DOg2frZgHvd5XShznbVIF0FM2zweq
j1Aa3OzOiGqvhbu9BDPtVX3fRcs8cnGjvngOd2IOXkaUIIOJRZbQHtA/tIMsnu/T
9zy6E4sio87z0IFJ1TqSEUHrl5uQRzY0EGLqPDQ/4p7P/70x3mB4oITAgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJeuXznq98e1HYzsyBEFxY+rofzbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbDY1Zk9lcjN4N1Vkak96SUVRWEZqNnVoX05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpnnAwQA
bbAPMA0GCSqGSIb3DQEBCwUAA4IBAQCSEv5DKz2q5zpEYJarY3V/9IkBq0vvyW0k
hLTWRrYN7Asmih+UGlH+ZpdUa6arRNuBZyFXxusEstGmlul9kdWlURZUKkjeqAF+
RsOpNOMfoyFvXu8mgqlZAGmYzpPzQVA44og/VNAudJAEW5BOVR9lGRWmzzQNjftJ
XQ7hS9QzrZVaKu4ewtb3ya1/mWPJfuQzesr2n1+cWw3u2scj+MtnfliqEVWhlrQi
dibwTXwNNpsQq2qISK5DXMoIkGnqm+sEv5lTpX+8+WLyyP3CRvQZblHmGVN2Tgzl
OwJ8p2YSCWmcylvXcR4aVi6EvXdHCBznmRpPqORbvCuIWyYb2LQb
-----END CERTIFICATE-----