Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ORMfVTwPs1g4XJUABRwPxcI2TlM.roa
File:                     ORMfVTwPs1g4XJUABRwPxcI2TlM.roa (raw, json)
Hash identifier:          9SsDOeofewDgil5pBAt7LCSquVuRcpzseNGmRukWM3E=
Subject key identifier:   39:13:1F:55:3C:0F:B3:58:38:5C:95:00:05:1C:0F:C5:C2:36:4E:53
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA00D7293261A0FBC8B87BF21EB112
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ORMfVTwPs1g4XJUABRwPxcI2TlM.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        83.171.241.0/24 maxlen: 24
                          83.171.242.0/24 maxlen: 24
                          83.171.243.0/24 maxlen: 24
                          84.54.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:00:d7:29:32:61:a0:fb:c8:b8:7b:f2:1e:b1:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39131f553c0fb358385c9500051c0fc5c2364e53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:ea:72:af:51:3b:d3:3f:3c:75:aa:e3:54:72:
                    b4:ec:73:03:09:2c:ee:3d:b5:c8:e4:65:74:97:ce:
                    c4:5e:6c:ff:90:a0:10:51:b8:4b:88:30:bf:66:fa:
                    b9:cb:b3:86:85:8b:c0:66:79:ff:8a:a0:a3:e9:a7:
                    4f:b3:7d:a5:16:06:98:f8:c3:40:a4:65:bc:52:43:
                    87:99:b7:01:6d:ac:9a:bd:33:69:a5:3d:dd:c8:df:
                    70:8d:78:65:e6:00:01:aa:78:1c:df:de:5d:4e:0d:
                    f0:18:48:da:89:09:18:4a:a4:52:4e:e2:ac:7e:99:
                    31:16:c4:3f:4b:88:9a:c0:4c:bd:80:ac:22:01:23:
                    93:06:53:20:6d:93:fb:14:e7:63:12:6e:1e:24:25:
                    60:54:03:72:81:d4:9c:24:53:15:7c:95:6b:9b:cd:
                    d3:da:7a:fe:f1:95:ac:72:78:81:ce:17:2f:37:f4:
                    7a:0c:61:03:7b:b7:e9:0e:b5:d9:f3:10:08:4b:ac:
                    fe:28:48:48:00:ed:64:a0:99:af:e6:62:f7:9e:03:
                    60:a0:34:77:d5:de:77:62:03:89:50:86:86:78:60:
                    ac:88:9c:b2:66:ba:90:b2:2e:e3:bb:1c:af:2c:60:
                    11:c0:79:7d:fe:0f:e1:e2:ee:3e:28:ec:ae:3c:40:
                    31:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:13:1F:55:3C:0F:B3:58:38:5C:95:00:05:1C:0F:C5:C2:36:4E:53
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ORMfVTwPs1g4XJUABRwPxcI2TlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.241.0-83.171.243.255
                  84.54.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:ec:68:b6:32:7e:18:72:b7:02:b7:ce:46:bc:9c:5e:04:fc:
         28:af:83:77:88:50:10:52:9d:4d:02:8a:5a:d2:4b:7a:bd:70:
         88:0e:2d:c1:8d:a1:f3:5a:b7:13:9b:81:01:76:70:03:ed:1d:
         2b:2f:be:72:06:dc:b0:99:da:fc:6f:26:78:4d:e3:e9:f4:92:
         14:31:59:aa:c1:d4:ec:7f:5b:45:6d:8a:52:58:c6:61:ae:2c:
         0e:2d:63:e6:37:a5:2b:38:a5:bb:9c:79:59:53:c6:de:08:25:
         65:fc:d9:ea:62:6d:92:49:f1:a0:d9:ee:0d:50:9f:0c:eb:f4:
         c8:27:e7:9d:c3:b2:59:b8:b0:e1:5f:d6:06:bf:56:4a:e4:ab:
         c9:88:2b:ce:cf:fb:d0:8e:95:5d:6e:90:a1:a7:0a:51:02:7a:
         ea:43:69:23:1c:a5:71:16:88:64:7c:f5:38:67:bb:e5:f0:34:
         86:b2:75:65:c9:b7:14:f6:ce:44:ad:b3:71:b3:ff:98:bc:d4:
         ba:e2:61:9e:79:ed:01:ec:d7:70:d0:a2:69:bd:f0:5f:58:ab:
         59:8c:ab:40:52:51:d0:71:5e:be:95:10:cb:83:8b:24:19:d1:
         21:27:0c:cd:0a:26:d8:26:77:af:db:55:d1:4b:4a:e1:42:bd:
         a3:be:a4:27
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQf+gDXKTJhoPvIuHvyHrESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTEzMWY1NTNjMGZiMzU4Mzg1Yzk1MDAwNTFjMGZjNWMyMzY0ZTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8upyr1E70z88darjVHK07HMDCSzu
PbXI5GV0l87EXmz/kKAQUbhLiDC/Zvq5y7OGhYvAZnn/iqCj6adPs32lFgaY+MNA
pGW8UkOHmbcBbayavTNppT3dyN9wjXhl5gABqngc395dTg3wGEjaiQkYSqRSTuKs
fpkxFsQ/S4iawEy9gKwiASOTBlMgbZP7FOdjEm4eJCVgVANygdScJFMVfJVrm83T
2nr+8ZWscniBzhcvN/R6DGEDe7fpDrXZ8xAIS6z+KEhIAO1koJmv5mL3ngNgoDR3
1d53YgOJUIaGeGCsiJyyZrqQsi7juxyvLGARwHl9/g/h4u4+KOyuPEAxpwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDkTH1U8D7NYOFyVAAUcD8XCNk5TMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvT1JNZlZUd1BzMWc0WEpVQUJSd1B4Y0kyVGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABTq/ED
BAJTq/ADBABUNiYwDQYJKoZIhvcNAQELBQADggEBALDsaLYyfhhytwK3zka8nF4E
/Civg3eIUBBSnU0CilrSS3q9cIgOLcGNofNatxObgQF2cAPtHSsvvnIG3LCZ2vxv
JnhN4+n0khQxWarB1Ox/W0VtilJYxmGuLA4tY+Y3pSs4pbuceVlTxt4IJWX82epi
bZJJ8aDZ7g1Qnwzr9Mgn553Dslm4sOFf1ga/Vkrkq8mIK87P+9COlV1ukKGnClEC
eupDaSMcpXEWiGR89Thnu+XwNIaydWXJtxT2zkSts3Gz/5i81LriYZ557QHs13DQ
omm98F9Yq1mMq0BSUdBxXr6VEMuDiyQZ0SEnDM0KJtgmd6/bVdFLSuFCvaO+pCc=
-----END CERTIFICATE-----