Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/DIg21dc1dVm_1EL8Uz7ZqrMj12U.roa
File:                     DIg21dc1dVm_1EL8Uz7ZqrMj12U.roa (raw, json)
Hash identifier:          j71JN0QzxLq1nQDYGrddtXWmn2JSxcJYC6OlLCXnmhY=
Subject key identifier:   0C:88:36:D5:D7:35:75:59:BF:D4:42:FC:53:3E:D9:AA:B3:23:D7:65
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       019427B591A630A3D1FBF88B43798CD6F284
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/DIg21dc1dVm_1EL8Uz7ZqrMj12U.roa
Signing time:             Thu 02 Jan 2025 15:49:58 +0000
ROA not before:           Thu 02 Jan 2025 15:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49203
IP address blocks:        194.32.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:91:a6:30:a3:d1:fb:f8:8b:43:79:8c:d6:f2:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  2 15:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c8836d5d7357559bfd442fc533ed9aab323d765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b7:e4:7d:05:71:87:72:a7:bb:ae:89:3c:b5:
                    eb:5d:9f:45:69:63:7d:ff:24:f9:69:f4:95:71:7c:
                    2c:ae:9d:c5:65:85:ad:e5:cf:58:92:68:42:db:78:
                    a1:a0:39:d5:42:40:70:0e:7e:c1:5f:a7:de:56:8b:
                    58:d6:a5:b4:c7:3f:3c:6c:a4:e6:dd:46:35:21:47:
                    1f:75:c4:c2:4e:32:93:fa:2b:6f:f2:02:9f:d0:8a:
                    e0:9f:75:04:09:17:3d:49:5a:5f:5d:a7:4e:e4:15:
                    ad:8a:17:5c:fb:a6:4a:10:24:86:fc:2e:fd:69:db:
                    3f:3c:70:dd:9f:b4:e2:80:b2:b3:bc:09:4f:54:72:
                    6c:a6:1b:2b:58:93:70:3e:a7:b6:ce:fd:89:0f:2e:
                    9b:4b:f6:e5:e6:e0:76:e0:03:1e:31:12:4f:10:12:
                    35:c0:30:7a:1f:1d:88:f9:ee:13:fa:24:57:08:f3:
                    d3:22:b6:df:90:79:a5:b7:b8:81:65:15:e5:b6:bd:
                    c4:d2:0c:f2:bd:ad:ca:ae:ae:6e:c4:a9:46:bd:bb:
                    7e:67:27:b5:bc:39:1b:d2:53:19:6b:9f:5b:8a:0c:
                    6b:65:7d:2f:e9:8b:46:98:23:07:c9:3e:f5:e3:08:
                    a5:b9:07:99:33:79:5e:38:b0:2e:c7:12:f7:77:24:
                    0e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:88:36:D5:D7:35:75:59:BF:D4:42:FC:53:3E:D9:AA:B3:23:D7:65
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/DIg21dc1dVm_1EL8Uz7ZqrMj12U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:c6:c7:a5:b9:13:45:c8:15:d9:dd:66:14:0f:37:97:e9:a5:
         6c:1c:b3:ba:63:45:00:a5:f4:e0:f3:1f:17:59:e0:f1:d3:42:
         af:33:22:4b:2e:e5:ab:0a:e3:2d:28:6f:82:94:87:d3:a6:1b:
         d7:44:a5:b0:30:1b:49:49:5f:57:2f:c8:26:9c:16:4b:5e:ab:
         04:c2:eb:0f:77:92:04:f3:6c:0e:1e:6a:f0:21:32:08:09:47:
         50:b3:a7:27:26:74:56:4b:da:eb:26:1b:aa:69:02:e1:82:7d:
         9e:3d:f9:d5:5b:54:70:a7:88:37:fa:69:f8:5c:b5:15:0d:6d:
         cb:aa:dc:ee:91:16:3f:66:6e:c5:d3:ea:f1:83:d3:8f:59:01:
         f4:c9:54:a8:67:a6:fb:69:13:f7:ff:1e:3c:dd:37:67:1d:6a:
         82:a7:57:19:18:51:45:70:09:bc:48:9a:eb:68:9c:79:aa:55:
         2d:a5:2f:a3:dc:f8:ed:5b:fd:eb:40:89:76:5c:fa:3f:5a:81:
         ad:bd:50:b4:4d:8c:a5:7c:98:88:13:7d:c6:a8:7f:f0:e7:9c:
         ba:36:46:81:5e:df:9c:15:93:0a:77:14:38:69:05:f5:34:c7:
         30:bc:61:a7:75:ac:4e:c7:17:15:d8:92:fd:0c:21:66:40:09:
         72:b7:c7:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZGmMKPR+/iLQ3mM1vKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzg4MzZkNWQ3MzU3NTU5YmZkNDQyZmM1MzNlZDlhYWIzMjNkNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7fkfQVxh3Knu66JPLXrXZ9FaWN9
/yT5afSVcXwsrp3FZYWt5c9YkmhC23ihoDnVQkBwDn7BX6feVotY1qW0xz88bKTm
3UY1IUcfdcTCTjKT+itv8gKf0Irgn3UECRc9SVpfXadO5BWtihdc+6ZKECSG/C79
ads/PHDdn7TigLKzvAlPVHJsphsrWJNwPqe2zv2JDy6bS/bl5uB24AMeMRJPEBI1
wDB6Hx2I+e4T+iRXCPPTIrbfkHmlt7iBZRXltr3E0gzyva3Krq5uxKlGvbt+Zye1
vDkb0lMZa59bigxrZX0v6YtGmCMHyT714wiluQeZM3leOLAuxxL3dyQOdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyINtXXNXVZv9RC/FM+2aqzI9dlMB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEvRElnMjFkYzFkVm1fMUVMOFV6N1pxck1qMTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiBSMA0G
CSqGSIb3DQEBCwUAA4IBAQBmxseluRNFyBXZ3WYUDzeX6aVsHLO6Y0UApfTg8x8X
WeDx00KvMyJLLuWrCuMtKG+ClIfTphvXRKWwMBtJSV9XL8gmnBZLXqsEwusPd5IE
82wOHmrwITIICUdQs6cnJnRWS9rrJhuqaQLhgn2ePfnVW1Rwp4g3+mn4XLUVDW3L
qtzukRY/Zm7F0+rxg9OPWQH0yVSoZ6b7aRP3/x483TdnHWqCp1cZGFFFcAm8SJrr
aJx5qlUtpS+j3PjtW/3rQIl2XPo/WoGtvVC0TYylfJiIE33GqH/w55y6NkaBXt+c
FZMKdxQ4aQX1NMcwvGGndaxOxxcV2JL9DCFmQAlyt8eE
-----END CERTIFICATE-----