Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/7SB8nDDMZU7OO5Lo5oo1pz75nMg.roa
File:                     7SB8nDDMZU7OO5Lo5oo1pz75nMg.roa (raw, json)
Hash identifier:          ikVowTdCipYiRqDvx8bxbflkp8Q2bUKsHoK16TAf7UU=
Subject key identifier:   ED:20:7C:9C:30:CC:65:4E:CE:3B:92:E8:E6:8A:35:A7:3E:F9:9C:C8
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019422201E0C287AD26D8F61D15DEF8791D5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/7SB8nDDMZU7OO5Lo5oo1pz75nMg.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216084
IP address blocks:        5.83.155.0/24 maxlen: 24
                          77.90.61.0/24 maxlen: 24
                          77.90.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1e:0c:28:7a:d2:6d:8f:61:d1:5d:ef:87:91:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed207c9c30cc654ece3b92e8e68a35a73ef99cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a7:5c:90:03:42:d1:d4:57:44:ea:01:27:30:
                    0c:d2:cc:d8:f0:35:8d:53:cf:5e:ee:03:13:39:32:
                    4f:ea:74:4e:4b:8c:c4:88:1c:bb:b2:22:da:79:d5:
                    75:23:c3:25:04:a5:47:93:2e:b2:60:37:02:07:a7:
                    2e:c7:42:a8:29:ef:26:4b:ab:22:33:94:f3:31:2f:
                    9d:49:2f:81:55:e0:2b:8a:73:c1:5f:4e:ec:d1:ab:
                    2e:bc:01:1a:94:2c:f7:dc:7d:4a:85:86:98:68:fa:
                    b4:e0:0e:86:6f:a1:08:16:19:3b:f7:35:37:fe:c9:
                    09:2b:c0:df:56:b5:25:c2:72:51:ee:70:a9:82:fd:
                    c0:1b:d4:d0:e8:ab:2d:89:18:b0:8f:9f:a6:52:30:
                    e4:db:47:61:26:cb:23:cc:f0:e7:83:ee:45:08:31:
                    01:67:58:a0:cd:c8:2f:c5:b6:d6:86:b3:48:4f:c4:
                    00:b9:e3:ac:72:f6:8b:a2:37:5c:0a:ac:66:88:03:
                    b6:63:b3:f4:32:09:1d:de:24:d6:0b:41:17:33:66:
                    07:a6:13:f9:3f:45:06:27:68:33:ff:07:48:1b:f8:
                    fe:46:8d:15:4f:21:91:ec:33:ec:80:f0:d2:88:fb:
                    10:55:00:7c:2e:cd:6f:15:2b:e5:32:28:c7:39:8a:
                    b3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:20:7C:9C:30:CC:65:4E:CE:3B:92:E8:E6:8A:35:A7:3E:F9:9C:C8
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/7SB8nDDMZU7OO5Lo5oo1pz75nMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.155.0/24
                  77.90.61.0-77.90.62.255

    Signature Algorithm: sha256WithRSAEncryption
         75:ac:35:fb:11:89:61:eb:ba:a1:ae:d3:3a:91:d1:23:4d:63:
         3b:e0:ec:99:32:e9:8b:e2:aa:74:52:dd:e0:0d:3a:fe:c1:bd:
         f9:68:b6:12:ba:43:b4:5f:75:aa:df:89:d3:5c:89:e3:e6:46:
         e8:1b:ac:1f:da:a6:c6:b5:9f:2c:ff:c7:9f:ac:3e:e6:4c:07:
         13:6b:bf:cf:b6:28:64:d1:a8:33:b4:d1:1b:2a:e8:af:b4:ef:
         f5:70:be:e7:54:1d:87:25:eb:f1:20:f7:30:c8:10:c6:46:69:
         45:bd:09:b5:31:c1:71:5e:e2:89:04:99:f3:b1:24:26:1a:cb:
         cb:f9:a8:7b:ab:e0:9c:b4:68:f5:f2:ba:d8:bd:a5:4c:f4:79:
         66:6d:48:fc:71:8e:f5:a0:9a:29:82:5d:60:3a:c2:9c:5b:1e:
         ad:1d:80:1f:b5:2b:39:5d:91:6b:b2:c1:4d:f4:a2:b2:6b:fb:
         80:00:24:44:5d:45:ef:f1:94:0b:ca:1a:53:77:60:88:94:18:
         04:84:4b:b9:ec:4c:10:72:b8:47:ef:79:a4:aa:e9:f9:cf:34:
         f5:17:5b:95:ba:4b:07:3f:e1:f3:4a:f5:4e:2c:c9:10:39:e3:
         d1:82:33:99:c6:70:51:6c:a3:4a:9b:d7:a3:2a:86:0a:1e:82:
         7d:31:65:fd
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQiIB4MKHrSbY9h0V3vh5HVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDIwN2M5YzMwY2M2NTRlY2UzYjkyZThlNjhhMzVhNzNlZjk5Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6dckANC0dRXROoBJzAM0szY8DWN
U89e7gMTOTJP6nROS4zEiBy7siLaedV1I8MlBKVHky6yYDcCB6cux0KoKe8mS6si
M5TzMS+dSS+BVeArinPBX07s0asuvAEalCz33H1KhYaYaPq04A6Gb6EIFhk79zU3
/skJK8DfVrUlwnJR7nCpgv3AG9TQ6KstiRiwj5+mUjDk20dhJssjzPDng+5FCDEB
Z1igzcgvxbbWhrNIT8QAueOscvaLojdcCqxmiAO2Y7P0Mgkd3iTWC0EXM2YHphP5
P0UGJ2gz/wdIG/j+Ro0VTyGR7DPsgPDSiPsQVQB8Ls1vFSvlMijHOYqzDwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFO0gfJwwzGVOzjuS6OaKNac++ZzIMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvN1NCOG5ERE1aVTdPTzVMbzVvbzFwejc1bk1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQABVObMAwD
BABNWj0DBABNWj4wDQYJKoZIhvcNAQELBQADggEBAHWsNfsRiWHruqGu0zqR0SNN
Yzvg7Jky6YviqnRS3eANOv7BvflothK6Q7RfdarfidNciePmRugbrB/apsa1nyz/
x5+sPuZMBxNrv8+2KGTRqDO00Rsq6K+07/VwvudUHYcl6/Eg9zDIEMZGaUW9CbUx
wXFe4okEmfOxJCYay8v5qHur4Jy0aPXyuti9pUz0eWZtSPxxjvWgmimCXWA6wpxb
Hq0dgB+1KzldkWuywU30orJr+4AAJERdRe/xlAvKGlN3YIiUGASES7nsTBByuEfv
eaSq6fnPNPUXW5W6Swc/4fNK9U4syRA549GCM5nGcFFso0qb16Mqhgoegn0xZf0=
-----END CERTIFICATE-----