Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/_xWAPedssXFlGYbxy69dM8WUOfA.roa
File:                     _xWAPedssXFlGYbxy69dM8WUOfA.roa (raw, json)
Hash identifier:          IGISyUbmftMtDjk8LzbdgMKzzUflhFwFLCFq33EBoq0=
Subject key identifier:   FF:15:80:3D:E7:6C:B1:71:65:19:86:F1:CB:AF:5D:33:C5:94:39:F0
Certificate issuer:       /CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
Certificate serial:       018F2973BF76DDBC8344CDEA77C09EB06CFD
Authority key identifier: DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/_xWAPedssXFlGYbxy69dM8WUOfA.roa
Signing time:             Mon 29 Apr 2024 10:43:22 +0000
ROA not before:           Mon 29 Apr 2024 10:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272809
IP address blocks:        82.86.64.0/19 maxlen: 19
                          82.86.96.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:73:bf:76:dd:bc:83:44:cd:ea:77:c0:9e:b0:6c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
        Validity
            Not Before: Apr 29 10:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff15803de76cb171651986f1cbaf5d33c59439f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:39:b5:5e:38:36:af:08:80:a6:41:c3:c8:ef:
                    4b:0b:89:dc:a1:84:39:68:d7:55:8c:42:b8:4f:92:
                    f3:10:49:37:e7:ec:6c:58:30:23:ea:6e:89:7d:b7:
                    83:1e:95:12:89:93:9b:c3:ab:46:8f:4e:f4:f5:bc:
                    9a:90:1d:3d:50:c9:d6:92:0f:dd:e8:37:9f:be:c0:
                    41:95:9b:f5:e5:f9:ce:70:54:a4:b0:37:21:e7:fa:
                    31:90:a4:e8:b1:aa:04:70:eb:e0:15:25:55:21:c1:
                    41:25:36:16:67:2f:cb:ad:cf:82:48:f2:28:84:18:
                    e7:67:09:e5:d7:6e:ee:3e:fc:4e:69:4d:ff:f7:8d:
                    35:9e:91:00:08:3a:88:2e:3a:f5:98:48:06:24:a0:
                    56:54:1c:2e:67:64:3d:20:00:56:f4:d7:81:5c:9b:
                    d9:55:06:b1:73:be:db:e3:4e:c3:b1:3d:76:5f:40:
                    dd:5e:0a:4b:b8:b6:1b:a4:af:a2:dd:dc:8d:90:f6:
                    fa:da:52:13:7d:f0:96:1b:4c:41:f1:b9:e6:0a:f5:
                    5a:0e:3a:73:e5:dd:81:21:b5:de:79:11:f2:ac:44:
                    13:30:14:b1:ab:d6:51:af:16:74:cc:51:c3:d2:ba:
                    f8:5d:ec:f5:c1:03:76:38:11:0a:86:36:2a:8f:d4:
                    aa:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:15:80:3D:E7:6C:B1:71:65:19:86:F1:CB:AF:5D:33:C5:94:39:F0
            X509v3 Authority Key Identifier:
                keyid:DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/_xWAPedssXFlGYbxy69dM8WUOfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.86.64.0-82.86.103.255

    Signature Algorithm: sha256WithRSAEncryption
         32:8c:2e:e9:69:98:a5:c9:df:82:4e:39:65:fd:90:14:11:41:
         de:18:a7:c9:74:e9:58:3e:06:0d:91:26:fe:b4:30:77:f2:35:
         1d:e4:c3:74:47:19:39:70:5d:b6:19:3f:f8:8c:45:e0:98:7f:
         a7:e0:ab:e3:0a:e1:88:f6:10:61:81:cc:76:1c:74:a4:eb:15:
         bf:fa:03:8b:90:5d:78:99:c0:d0:85:f1:77:62:24:3e:36:c2:
         4b:af:31:4c:d8:14:09:b1:0b:38:c1:91:3c:2e:80:23:9e:5b:
         d7:8d:a7:b9:63:03:5f:d7:cf:c0:a8:d8:22:dc:38:d1:ed:f5:
         8e:ea:fc:49:3f:60:dd:e2:c4:27:8b:f9:c5:e4:0e:39:40:07:
         78:25:b5:54:2b:38:34:fe:2a:34:07:71:78:9a:66:88:3c:3c:
         0a:86:0c:d3:95:14:55:e5:35:46:55:3f:11:b9:d3:a4:69:35:
         24:99:d0:c5:cf:dc:be:8a:53:40:da:9f:24:11:b5:e3:38:56:
         fc:b6:6b:12:62:4e:b6:1b:96:1f:7b:7a:b0:95:51:66:eb:9b:
         f8:2b:15:ba:bb:07:c7:43:77:f6:78:30:13:ef:de:18:64:48:
         1a:cf:96:e2:0a:4e:51:c4:07:86:9c:68:e4:a7:ec:3f:b5:53:
         d1:65:46:6d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8pc7923byDRM3qd8CesGz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYmYzNzkwOWNlMTdiYTUzYWQ5MGE4NjMyMzc3YTVkOTM4
NzQzZTUwHhcNMjQwNDI5MTA0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE1ODAzZGU3NmNiMTcxNjUxOTg2ZjFjYmFmNWQzM2M1OTQzOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzm1Xjg2rwiApkHDyO9LC4ncoYQ5
aNdVjEK4T5LzEEk35+xsWDAj6m6JfbeDHpUSiZObw6tGj0709byakB09UMnWkg/d
6DefvsBBlZv15fnOcFSksDch5/oxkKTosaoEcOvgFSVVIcFBJTYWZy/Lrc+CSPIo
hBjnZwnl127uPvxOaU3/9401npEACDqILjr1mEgGJKBWVBwuZ2Q9IABW9NeBXJvZ
VQaxc77b407DsT12X0DdXgpLuLYbpK+i3dyNkPb62lITffCWG0xB8bnmCvVaDjpz
5d2BIbXeeRHyrEQTMBSxq9ZRrxZ0zFHD0rr4Xez1wQN2OBEKhjYqj9SqRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP8VgD3nbLFxZRmG8cuvXTPFlDnwMB8GA1UdIwQY
MBaAFNu/N5Cc4XulOtkKhjI3el2Th0PlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2Ut
ODIyZWE0M2RjMThkLzEvX3hXQVBlZHNzWEZsR1lieHk2OWRNOFdVT2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2UtODIyZWE0M2RjMThk
LzEvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAZSVkAD
BANSVmAwDQYJKoZIhvcNAQELBQADggEBADKMLulpmKXJ34JOOWX9kBQRQd4Yp8l0
6Vg+Bg2RJv60MHfyNR3kw3RHGTlwXbYZP/iMReCYf6fgq+MK4Yj2EGGBzHYcdKTr
Fb/6A4uQXXiZwNCF8XdiJD42wkuvMUzYFAmxCzjBkTwugCOeW9eNp7ljA1/Xz8Co
2CLcONHt9Y7q/Ek/YN3ixCeL+cXkDjlAB3gltVQrODT+KjQHcXiaZog8PAqGDNOV
FFXlNUZVPxG506RpNSSZ0MXP3L6KU0DanyQRteM4Vvy2axJiTrYblh97erCVUWbr
m/grFbq7B8dDd/Z4MBPv3hhkSBrPluIKTlHEB4acaOSn7D+1U9FlRm0=
-----END CERTIFICATE-----