Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/nGljitgno8Zg_3gTd1NL8ga4UlY.roa
File:                     nGljitgno8Zg_3gTd1NL8ga4UlY.roa (raw, json)
Hash identifier:          rg8O6DW4r5DhXeJAjPcwuhjgZqT37lpRRlPUN2MFmGk=
Subject key identifier:   9C:69:63:8A:D8:27:A3:C6:60:FF:78:13:77:53:4B:F2:06:B8:52:56
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F893DE8DFB9ACA0F18DA49F30260B
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/nGljitgno8Zg_3gTd1NL8ga4UlY.roa
Signing time:             Wed 01 Jan 2025 13:47:59 +0000
ROA not before:           Wed 01 Jan 2025 13:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39483
IP address blocks:        82.119.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:89:3d:e8:df:b9:ac:a0:f1:8d:a4:9f:30:26:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c69638ad827a3c660ff781377534bf206b85256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e5:ea:4a:7d:23:b6:81:fe:53:cd:e7:4b:ae:
                    4e:4a:9e:8e:12:42:a1:87:4a:57:85:23:9d:f5:e2:
                    f3:19:35:ab:3f:0e:d0:09:80:b9:a6:37:9e:3e:e7:
                    46:c7:59:64:fb:7b:4a:1f:47:1b:b8:ee:12:8a:0e:
                    22:00:4a:c6:f0:fb:cb:64:3e:ad:42:b8:3c:04:1a:
                    56:da:64:29:c2:89:34:2b:96:80:6a:a0:1d:25:60:
                    09:88:48:33:fe:6b:89:a5:2a:aa:ae:9a:8d:72:b4:
                    d9:0f:dd:d1:51:2a:e9:4d:7b:27:25:99:4a:17:07:
                    64:28:c9:ae:a9:76:db:2f:d4:40:25:c1:ff:41:fc:
                    c6:0c:b9:e1:1e:3f:e7:9b:86:a6:46:83:c9:77:06:
                    29:40:ac:1d:18:6f:bf:a4:d5:48:8c:d5:d5:00:f6:
                    58:b2:cc:94:00:b5:9d:01:d4:61:15:e0:3b:90:4f:
                    10:c5:68:5f:9a:10:c3:d9:a1:06:17:68:df:9e:20:
                    9a:7d:4d:eb:a3:4b:fb:ba:62:86:8c:ae:4d:49:de:
                    9c:10:26:73:29:24:ff:99:41:72:e4:ad:08:c0:27:
                    c9:1d:4d:77:b3:85:ee:f2:53:69:25:a3:18:b4:73:
                    cc:7a:ce:06:de:30:fa:0d:64:06:61:ca:19:3a:ce:
                    57:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:69:63:8A:D8:27:A3:C6:60:FF:78:13:77:53:4B:F2:06:B8:52:56
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/nGljitgno8Zg_3gTd1NL8ga4UlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:67:af:88:75:57:d4:e8:26:17:a2:af:41:5e:d5:25:99:f0:
         f7:b0:d5:cf:44:3f:d8:e4:cc:71:a5:eb:e7:e9:2c:a9:bc:b3:
         43:8f:9e:93:4a:81:61:ec:00:03:6d:e8:9f:42:14:ff:5e:1b:
         2d:19:af:27:e0:60:3b:b4:24:a0:ce:38:b3:73:c3:97:ca:43:
         de:68:3c:a3:47:7e:c1:21:b1:59:36:4b:a2:7c:13:1f:2b:5b:
         cf:1a:ef:f3:75:32:6d:5d:30:0b:08:bc:a6:a8:8f:70:88:e7:
         e8:45:35:02:6b:8e:ec:33:46:01:30:33:5a:99:6e:29:21:81:
         4a:6f:f3:31:97:8c:27:2a:8e:46:f1:1f:24:ba:6f:30:25:27:
         0e:86:fd:a4:26:38:c5:bd:b2:1e:18:f3:b4:7f:ce:43:d1:da:
         f6:25:c9:ea:81:08:6f:09:62:97:5a:c1:71:fe:d5:92:26:b3:
         f4:d2:09:c6:34:88:62:10:ac:01:6a:80:ba:0a:9a:f0:d4:05:
         e6:4a:20:56:db:36:59:b6:a0:fc:1f:68:57:b0:2c:87:e9:0e:
         df:c1:02:00:30:1c:a5:8e:3d:27:4d:94:d0:60:ee:08:5b:c2:
         01:56:97:79:44:97:2f:25:3c:04:22:af:d1:2e:b0:1f:7b:9f:
         cf:74:ef:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4k96N+5rKDxjaSfMCYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY5NjM4YWQ4MjdhM2M2NjBmZjc4MTM3NzUzNGJmMjA2Yjg1MjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOXqSn0jtoH+U83nS65OSp6OEkKh
h0pXhSOd9eLzGTWrPw7QCYC5pjeePudGx1lk+3tKH0cbuO4Sig4iAErG8PvLZD6t
Qrg8BBpW2mQpwok0K5aAaqAdJWAJiEgz/muJpSqqrpqNcrTZD93RUSrpTXsnJZlK
FwdkKMmuqXbbL9RAJcH/QfzGDLnhHj/nm4amRoPJdwYpQKwdGG+/pNVIjNXVAPZY
ssyUALWdAdRhFeA7kE8QxWhfmhDD2aEGF2jfniCafU3ro0v7umKGjK5NSd6cECZz
KST/mUFy5K0IwCfJHU13s4Xu8lNpJaMYtHPMes4G3jD6DWQGYcoZOs5XQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxpY4rYJ6PGYP94E3dTS/IGuFJWMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvbkdsaml0Z25vOFpnXzNnVGQxTkw4Z2E0VWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndSMA0G
CSqGSIb3DQEBCwUAA4IBAQCHZ6+IdVfU6CYXoq9BXtUlmfD3sNXPRD/Y5Mxxpevn
6SypvLNDj56TSoFh7AADbeifQhT/XhstGa8n4GA7tCSgzjizc8OXykPeaDyjR37B
IbFZNkuifBMfK1vPGu/zdTJtXTALCLymqI9wiOfoRTUCa47sM0YBMDNamW4pIYFK
b/Mxl4wnKo5G8R8kum8wJScOhv2kJjjFvbIeGPO0f85D0dr2JcnqgQhvCWKXWsFx
/tWSJrP00gnGNIhiEKwBaoC6Cprw1AXmSiBW2zZZtqD8H2hXsCyH6Q7fwQIAMByl
jj0nTZTQYO4IW8IBVpd5RJcvJTwEIq/RLrAfe5/PdO+6
-----END CERTIFICATE-----