Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199124.roa
File:                     AS199124.roa (raw, json)
Hash identifier:          rf8seIpJ+DdMW3YV4571aYv3b1WaQl3mLLAhjqxs0wQ=
Subject key identifier:   3A:92:BA:43:8B:71:AD:3B:E7:49:BC:0D:09:29:D8:94:FB:58:CC:EE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6004F5CAEBCFA97FFD6B19823C21B638643FCC8E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199124.roa
Signing time:             Tue 14 Jan 2025 21:25:07 +0000
ROA not before:           Tue 14 Jan 2025 21:20:07 +0000
ROA not after:            Tue 13 Jan 2026 21:25:07 +0000
asID:                     199124
IP address blocks:        82.29.200.0/24 maxlen: 24
                          82.29.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:04:f5:ca:eb:cf:a9:7f:fd:6b:19:82:3c:21:b6:38:64:3f:cc:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 14 21:20:07 2025 GMT
            Not After : Jan 13 21:25:07 2026 GMT
        Subject: CN=3A92BA438B71AD3BE749BC0D0929D894FB58CCEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:16:23:13:54:47:c9:6f:28:46:19:9b:17:
                    d7:63:f4:5b:88:5e:12:af:ef:16:5d:3d:f7:07:04:
                    bb:b9:16:a9:4c:18:8a:8f:88:34:fa:58:eb:4c:9e:
                    58:e2:91:0b:ce:31:63:44:79:93:49:50:af:b5:d3:
                    e9:b4:ad:28:f2:ac:fd:e8:76:8f:7c:b9:34:ee:99:
                    32:0a:f2:a6:bb:ce:a5:17:a9:29:ae:71:53:e2:b1:
                    00:ce:a9:55:e7:4e:59:e4:94:83:69:2c:0a:75:d9:
                    d8:bf:90:44:7f:62:8e:5d:6c:79:8e:df:bf:d7:13:
                    ef:4e:cb:a4:1a:86:ea:9e:ef:3a:9c:24:f1:a2:70:
                    7c:cb:c6:f9:49:48:28:b3:42:10:31:2f:f9:82:8c:
                    2b:97:f8:6e:71:58:b3:ae:76:22:b9:05:6f:66:b5:
                    af:d1:6b:e6:05:36:07:72:df:4c:09:6e:4b:80:51:
                    d8:38:b1:ae:fe:ba:70:88:1e:a8:aa:03:89:f9:a2:
                    df:d0:05:d7:98:c6:b7:66:33:a4:cd:f1:d8:76:9b:
                    37:4f:d7:7a:e0:63:c8:04:59:69:a3:7a:fc:a6:92:
                    a7:ab:3b:c4:1c:15:6b:94:1a:da:e4:32:15:88:f4:
                    1f:62:34:0d:07:19:04:cb:94:ff:c3:c4:f6:8d:34:
                    79:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:92:BA:43:8B:71:AD:3B:E7:49:BC:0D:09:29:D8:94:FB:58:CC:EE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS199124.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:9b:b0:ac:d8:f0:e8:c0:5a:cf:d2:30:5d:cb:0f:56:02:ad:
         d7:0b:99:aa:29:a3:ea:bc:11:88:3c:29:b9:05:d8:63:d0:58:
         fb:09:fb:2d:5b:4a:d4:fe:2c:ec:49:88:8e:87:2c:df:89:d5:
         b2:55:1c:56:ba:67:0a:a7:e8:a3:05:96:0b:5b:7d:09:6a:cd:
         93:bb:a9:79:3d:05:77:a5:e3:fe:b0:c7:ad:78:3f:65:b0:f6:
         b9:22:38:77:fe:41:6e:90:e5:8f:01:6b:2f:53:ad:0e:08:00:
         23:57:26:c1:fd:7b:e2:58:61:36:39:35:8b:a5:05:ca:c0:7b:
         35:e5:5c:46:2f:b5:1f:5b:29:c8:a5:37:c1:c4:74:43:83:6a:
         01:e9:4e:d3:24:2c:75:1d:0c:7d:d6:2e:91:a3:a2:2d:35:61:
         53:e7:1d:b5:02:5a:82:e7:ab:95:05:d7:da:64:06:10:7b:17:
         e2:c4:b3:65:ff:1f:2f:53:bd:59:42:e5:b1:bd:66:57:bc:60:
         55:39:a6:08:f5:6b:f4:09:cd:cb:52:5a:1a:31:ee:49:b3:bf:
         53:c5:25:cf:b8:2d:33:34:a2:a5:5f:47:59:37:1b:dd:61:47:
         5e:ba:33:49:e7:8d:72:cb:39:bb:2f:05:52:06:fe:c2:2c:2a:
         78:b1:0e:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYAT1yuvPqX/9axmCPCG2OGQ/zI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTQyMTIwMDdaFw0yNjAxMTMyMTI1MDdaMDMxMTAvBgNV
BAMTKDNBOTJCQTQzOEI3MUFEM0JFNzQ5QkMwRDA5MjlEODk0RkI1OENDRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCujRYjE1RHyW8oRhmbF9dj9FuI
XhKv7xZdPfcHBLu5FqlMGIqPiDT6WOtMnljikQvOMWNEeZNJUK+10+m0rSjyrP3o
do98uTTumTIK8qa7zqUXqSmucVPisQDOqVXnTlnklINpLAp12di/kER/Yo5dbHmO
37/XE+9Oy6Qahuqe7zqcJPGicHzLxvlJSCizQhAxL/mCjCuX+G5xWLOudiK5BW9m
ta/Ra+YFNgdy30wJbkuAUdg4sa7+unCIHqiqA4n5ot/QBdeYxrdmM6TN8dh2mzdP
13rgY8gEWWmjevymkqerO8QcFWuUGtrkMhWI9B9iNA0HGQTLlP/DxPaNNHldAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOpK6Q4txrTvnSbwNCSnYlPtYzO4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTk5MTI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUh3I
MA0GCSqGSIb3DQEBCwUAA4IBAQAam7Cs2PDowFrP0jBdyw9WAq3XC5mqKaPqvBGI
PCm5Bdhj0Fj7CfstW0rU/izsSYiOhyzfidWyVRxWumcKp+ijBZYLW30Jas2Tu6l5
PQV3peP+sMeteD9lsPa5Ijh3/kFukOWPAWsvU60OCAAjVybB/XviWGE2OTWLpQXK
wHs15VxGL7UfWynIpTfBxHRDg2oB6U7TJCx1HQx91i6Ro6ItNWFT5x21AlqC56uV
BdfaZAYQexfixLNl/x8vU71ZQuWxvWZXvGBVOaYI9Wv0Cc3LUloaMe5Js79TxSXP
uC0zNKKlX0dZNxvdYUdeujNJ541yyzm7LwVSBv7CLCp4sQ74
-----END CERTIFICATE-----