Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/TWaOIXjPFRZqVkPQo1OccG_3Rik.roa
File:                     TWaOIXjPFRZqVkPQo1OccG_3Rik.roa (raw, json)
Hash identifier:          DVTfkoHz02FotrquY3dvBMX+HX2XhfkjZcURnTdUH6E=
Subject key identifier:   4D:66:8E:21:78:CF:15:16:6A:56:43:D0:A3:53:9C:70:6F:F7:46:29
Certificate issuer:       /CN=0a41a5a2a18339629cc1303e6dec8bb605ddca65
Certificate serial:       018FEBEC605BA7D0D5AE5D05E18662B08320
Authority key identifier: 0A:41:A5:A2:A1:83:39:62:9C:C1:30:3E:6D:EC:8B:B6:05:DD:CA:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/TWaOIXjPFRZqVkPQo1OccG_3Rik.roa
Signing time:             Thu 06 Jun 2024 05:01:27 +0000
ROA not before:           Thu 06 Jun 2024 05:01:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62200
IP address blocks:        82.202.164.0/24 maxlen: 24
                          2a09:f907::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:eb:ec:60:5b:a7:d0:d5:ae:5d:05:e1:86:62:b0:83:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a41a5a2a18339629cc1303e6dec8bb605ddca65
        Validity
            Not Before: Jun  6 05:01:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d668e2178cf15166a5643d0a3539c706ff74629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:92:72:11:f9:21:5b:f3:4b:43:a0:03:15:77:
                    19:5c:a9:56:14:ca:c1:c5:9a:4c:a8:6d:c6:61:3d:
                    ef:0f:c4:79:f5:e9:af:01:96:5e:5d:cf:c1:72:4b:
                    48:76:9d:0b:54:52:a0:40:a5:e3:e7:5f:6d:02:2a:
                    e1:5f:e6:4d:35:6b:c7:20:64:dd:7d:fb:99:6f:3d:
                    57:2f:03:4d:1e:6b:ff:34:bd:ef:fa:e5:8f:e5:d7:
                    b7:9a:d4:72:a1:6e:5f:32:c7:1b:77:5e:c3:ab:41:
                    94:54:59:63:af:76:53:a3:14:cb:58:30:6d:df:fe:
                    78:c8:09:52:74:00:7c:50:54:2f:37:27:68:06:da:
                    cd:51:57:05:fc:c4:14:af:05:4e:ff:52:23:0b:ed:
                    5f:7f:4b:bc:f0:ba:97:f7:51:e6:3e:b5:2d:a6:83:
                    dc:19:66:11:17:15:e2:14:4f:8e:10:31:9a:7c:40:
                    89:b8:86:3f:31:ca:fb:a7:7f:90:8e:69:1a:f9:e9:
                    71:75:34:b5:27:52:de:d0:99:0f:bb:eb:ab:23:f9:
                    59:f1:86:aa:2d:a0:56:5e:77:15:91:f7:c0:fd:f7:
                    64:97:b6:dd:1f:3c:98:73:94:7d:b1:a3:e2:31:2a:
                    43:89:48:79:d1:a6:65:35:b9:3f:76:04:0a:d0:41:
                    b6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:66:8E:21:78:CF:15:16:6A:56:43:D0:A3:53:9C:70:6F:F7:46:29
            X509v3 Authority Key Identifier:
                keyid:0A:41:A5:A2:A1:83:39:62:9C:C1:30:3E:6D:EC:8B:B6:05:DD:CA:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGloqGDOWKcwTA-beyLtgXdymU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/TWaOIXjPFRZqVkPQo1OccG_3Rik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/d43c2c-74e9-47d4-bf62-80f7fd6ea9c9/1/CkGloqGDOWKcwTA-beyLtgXdymU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.202.164.0/24
                IPv6:
                  2a09:f907::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:06:f4:05:2a:22:fc:d4:24:1c:18:d1:25:a4:21:27:57:de:
         ee:68:cc:eb:d8:89:cb:7c:30:28:44:6f:dd:36:eb:da:f3:63:
         78:1a:40:39:b5:45:1e:0a:b1:06:13:58:db:13:43:5f:f9:e1:
         65:d2:4e:27:b5:99:dd:10:ca:47:6e:9d:bc:cc:76:5c:4d:6a:
         96:98:4b:5d:38:1a:8c:de:78:dd:99:e2:a4:b4:5e:47:a6:e7:
         a2:bc:02:89:cf:f4:42:24:c9:60:1c:cd:b9:69:60:da:32:51:
         8e:37:7b:86:a3:01:37:67:00:7f:2f:99:e0:da:14:9d:62:e5:
         7c:7a:e9:00:c1:8a:ed:bb:ba:7f:73:6b:a6:a9:bb:5f:00:59:
         d4:20:32:f6:fa:ce:41:e4:43:07:5e:7f:01:6a:9e:2b:39:f6:
         ff:12:b5:09:3e:8e:ab:b8:09:cc:6f:57:a5:df:91:b3:ae:ab:
         1d:34:07:6a:19:35:fe:12:7f:a5:82:a1:f9:c9:86:fe:63:21:
         03:92:d3:a8:4b:2f:c9:ec:3f:bb:b2:62:22:43:27:a8:28:97:
         07:73:3f:c4:69:32:44:6e:83:63:3f:d1:a4:55:96:fe:94:5d:
         d3:b8:21:c4:f4:3a:e3:5d:c1:70:a9:8f:0f:c6:c1:18:e9:a2:
         05:bc:15:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/r7GBbp9DVrl0F4YZisIMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDFhNWEyYTE4MzM5NjI5Y2MxMzAzZTZkZWM4YmI2MDVk
ZGNhNjUwHhcNMjQwNjA2MDUwMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDY2OGUyMTc4Y2YxNTE2NmE1NjQzZDBhMzUzOWM3MDZmZjc0NjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZJyEfkhW/NLQ6ADFXcZXKlWFMrB
xZpMqG3GYT3vD8R59emvAZZeXc/BcktIdp0LVFKgQKXj519tAirhX+ZNNWvHIGTd
ffuZbz1XLwNNHmv/NL3v+uWP5de3mtRyoW5fMscbd17Dq0GUVFljr3ZToxTLWDBt
3/54yAlSdAB8UFQvNydoBtrNUVcF/MQUrwVO/1IjC+1ff0u88LqX91HmPrUtpoPc
GWYRFxXiFE+OEDGafECJuIY/Mcr7p3+Qjmka+elxdTS1J1Le0JkPu+urI/lZ8Yaq
LaBWXncVkffA/fdkl7bdHzyYc5R9saPiMSpDiUh50aZlNbk/dgQK0EG20QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE1mjiF4zxUWalZD0KNTnHBv90YpMB8GA1UdIwQY
MBaAFApBpaKhgzlinMEwPm3si7YF3cplMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tHbG9xR0RPV0tjd1RBLWJleUx0Z1hkeW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kNDNjMmMtNzRlOS00N2Q0LWJmNjIt
ODBmN2ZkNmVhOWM5LzEvVFdhT0lYalBGUlpxVmtQUW8xT2NjR18zUmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kNDNjMmMtNzRlOS00N2Q0LWJmNjItODBmN2ZkNmVhOWM5
LzEvQ2tHbG9xR0RPV0tjd1RBLWJleUx0Z1hkeW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUsqkMA0E
AgACMAcDBQAqCfkHMA0GCSqGSIb3DQEBCwUAA4IBAQBfBvQFKiL81CQcGNElpCEn
V97uaMzr2InLfDAoRG/dNuva82N4GkA5tUUeCrEGE1jbE0Nf+eFl0k4ntZndEMpH
bp28zHZcTWqWmEtdOBqM3njdmeKktF5HpueivAKJz/RCJMlgHM25aWDaMlGON3uG
owE3ZwB/L5ng2hSdYuV8eukAwYrtu7p/c2umqbtfAFnUIDL2+s5B5EMHXn8Bap4r
Ofb/ErUJPo6ruAnMb1el35GzrqsdNAdqGTX+En+lgqH5yYb+YyEDktOoSy/J7D+7
smIiQyeoKJcHcz/EaTJEboNjP9GkVZb+lF3TuCHE9DrjXcFwqY8PxsEY6aIFvBW1
-----END CERTIFICATE-----