Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/hfTD3RSdVTwJiDU5IW35Y9GcrR8.roa
File:                     hfTD3RSdVTwJiDU5IW35Y9GcrR8.roa (raw, json)
Hash identifier:          5cNB1VxqtY5x74aWagSm/UmUf1T+t+fFw2+gts0tYOY=
Subject key identifier:   85:F4:C3:DD:14:9D:55:3C:09:88:35:39:21:6D:F9:63:D1:9C:AD:1F
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F52742D56531F668D641CA190D732
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/hfTD3RSdVTwJiDU5IW35Y9GcrR8.roa
Signing time:             Thu 02 Jan 2025 05:48:57 +0000
ROA not before:           Thu 02 Jan 2025 05:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394808
IP address blocks:        83.231.150.192/27 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:52:74:2d:56:53:1f:66:8d:64:1c:a1:90:d7:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85f4c3dd149d553c09883539216df963d19cad1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a9:8a:12:ec:98:68:99:a3:55:1b:f9:d9:52:
                    cf:55:60:65:47:af:b3:47:3e:d6:34:df:e8:b3:da:
                    fe:36:d0:f6:89:19:bf:74:8e:d2:e3:74:63:80:f5:
                    c3:1d:f2:c1:b5:fe:0f:2a:92:ad:89:2b:c1:b8:6c:
                    59:d5:05:4b:fe:80:c6:94:fd:dd:85:02:02:f7:af:
                    52:3b:5f:61:56:e7:37:74:13:b6:ec:e7:3c:21:ab:
                    c1:8d:a7:34:20:7b:c1:ba:9e:68:4c:65:3d:e2:cd:
                    26:ce:83:d6:bc:c4:f4:cc:da:12:35:e6:e0:ba:02:
                    b6:fe:d4:72:e1:46:90:bb:5a:c8:5a:92:26:76:de:
                    03:1e:76:6e:dc:17:08:f2:e5:65:e4:97:6a:fa:3c:
                    d1:fd:44:1b:5d:bf:09:9f:c7:34:e7:37:2b:a2:ae:
                    db:ed:ce:ac:9f:6a:53:ad:eb:df:7f:2c:f6:e5:4d:
                    6d:0d:7d:71:07:0f:3b:18:ad:44:cb:1e:10:fd:99:
                    c4:68:00:44:d7:62:04:75:d3:c0:a6:88:09:31:9a:
                    48:6b:70:6d:91:3c:d4:5e:1a:ed:a8:c3:85:08:0f:
                    a3:cd:1a:8f:59:22:0a:65:83:b4:cd:0a:56:ce:83:
                    a5:c0:f5:fa:86:b8:57:fa:44:93:4f:06:ef:b6:25:
                    26:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F4:C3:DD:14:9D:55:3C:09:88:35:39:21:6D:F9:63:D1:9C:AD:1F
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/hfTD3RSdVTwJiDU5IW35Y9GcrR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.231.150.192/27

    Signature Algorithm: sha256WithRSAEncryption
         a0:67:40:f8:81:15:da:44:01:b3:4b:1b:4c:ff:d8:eb:1f:e9:
         25:6b:58:26:f4:af:61:1a:ec:e9:16:91:b8:9a:1e:c2:f0:f1:
         d9:a1:ef:5e:19:be:90:b8:51:e5:62:42:d5:74:1e:80:a9:4a:
         e7:05:12:c4:58:d2:08:d9:7c:ef:38:af:8e:d4:f4:ca:61:52:
         f6:95:91:4b:1d:e0:9a:af:0e:47:ae:c6:02:76:91:7d:26:e3:
         23:59:a7:68:53:8e:0e:58:89:11:3f:be:25:28:56:ed:bd:00:
         b5:0f:40:37:6a:54:d9:88:0c:a8:e4:1b:80:03:62:c2:71:95:
         75:7a:6f:d6:48:40:1f:82:b3:47:d9:a4:5a:90:2c:42:9e:5e:
         b8:68:6e:f5:63:12:0a:6e:1f:a5:e5:56:26:cb:38:37:81:ca:
         e9:b2:e8:27:c1:e5:ce:27:75:20:06:86:93:25:92:e9:a6:2f:
         14:97:f4:94:25:c4:07:b0:37:93:2b:97:59:b9:c2:f9:46:66:
         09:30:a8:71:b0:09:1c:4a:21:b8:70:d5:2a:c3:ac:97:31:23:
         cb:4c:f6:41:f2:ab:de:c4:44:c7:66:26:72:67:fe:02:b7:9b:
         8d:00:2f:56:98:7b:d8:63:dc:00:be:06:a1:df:ff:0f:d1:72:
         95:6c:ae:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj1J0LVZTH2aNZByhkNcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWY0YzNkZDE0OWQ1NTNjMDk4ODM1MzkyMTZkZjk2M2QxOWNhZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKmKEuyYaJmjVRv52VLPVWBlR6+z
Rz7WNN/os9r+NtD2iRm/dI7S43RjgPXDHfLBtf4PKpKtiSvBuGxZ1QVL/oDGlP3d
hQIC969SO19hVuc3dBO27Oc8IavBjac0IHvBup5oTGU94s0mzoPWvMT0zNoSNebg
ugK2/tRy4UaQu1rIWpImdt4DHnZu3BcI8uVl5Jdq+jzR/UQbXb8Jn8c05zcroq7b
7c6sn2pTrevffyz25U1tDX1xBw87GK1Eyx4Q/ZnEaABE12IEddPApogJMZpIa3Bt
kTzUXhrtqMOFCA+jzRqPWSIKZYO0zQpWzoOlwPX6hrhX+kSTTwbvtiUmJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIX0w90UnVU8CYg1OSFt+WPRnK0fMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvaGZURDNSU2RWVHdKaURVNUlXMzVZOUdjclI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUFU+eWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAoGdA+IEV2kQBs0sbTP/Y6x/pJWtYJvSvYRrs6RaR
uJoewvDx2aHvXhm+kLhR5WJC1XQegKlK5wUSxFjSCNl87zivjtT0ymFS9pWRSx3g
mq8OR67GAnaRfSbjI1mnaFOODliJET++JShW7b0AtQ9AN2pU2YgMqOQbgANiwnGV
dXpv1khAH4KzR9mkWpAsQp5euGhu9WMSCm4fpeVWJss4N4HK6bLoJ8Hlzid1IAaG
kyWS6aYvFJf0lCXEB7A3kyuXWbnC+UZmCTCocbAJHEohuHDVKsOslzEjy0z2QfKr
3sREx2Ymcmf+ArebjQAvVph72GPcAL4God//D9FylWyu3A==
-----END CERTIFICATE-----