Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/I82qrfJi5ye6x5czSSE5l8SNL4o.roa
File:                     I82qrfJi5ye6x5czSSE5l8SNL4o.roa (raw, json)
Hash identifier:          GukMkDqForyADi7rN0NyIjZDbppVe0RPrM2V4kiprp0=
Subject key identifier:   23:CD:AA:AD:F2:62:E7:27:BA:C7:97:33:49:21:39:97:C4:8D:2F:8A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0193336001E21673C518A0C271C88329B3F0
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/I82qrfJi5ye6x5czSSE5l8SNL4o.roa
Signing time:             Sat 16 Nov 2024 05:09:10 +0000
ROA not before:           Sat 16 Nov 2024 05:09:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214347
IP address blocks:        5.83.138.0/24 maxlen: 24
                          77.90.29.0/24 maxlen: 24
                          77.90.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:33:60:01:e2:16:73:c5:18:a0:c2:71:c8:83:29:b3:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 16 05:09:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23cdaaadf262e727bac7973349213997c48d2f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:28:f1:83:d7:1e:29:a1:35:e7:97:ac:dc:1e:
                    c7:f5:d3:fb:59:9a:b9:81:36:d0:cb:98:1d:df:56:
                    aa:67:5d:49:de:49:86:81:af:b5:17:6f:54:9a:9e:
                    e7:82:e3:6e:51:95:96:8d:4a:c1:36:b6:6e:18:94:
                    c7:1a:7b:ed:7a:19:72:25:11:a8:e2:bd:4b:d8:e9:
                    af:76:2e:53:99:37:68:53:28:f5:1e:57:ae:2f:3e:
                    32:b4:08:bc:a9:da:95:56:f4:d2:a9:14:30:e8:e2:
                    eb:36:f3:d7:5e:f2:94:e1:2a:c8:92:c8:9d:09:4c:
                    17:b0:11:30:23:9b:7c:0b:dd:8b:bf:ea:bc:1b:b8:
                    e9:92:a7:31:73:ec:2a:2c:1d:49:c5:92:77:2d:d7:
                    96:b5:f6:ad:b6:60:a8:4a:d0:f1:dd:63:29:bf:6a:
                    eb:c3:8c:d2:43:79:30:4f:01:00:72:47:55:83:1d:
                    7d:fc:08:87:38:e2:6e:1a:e7:cd:88:66:21:02:a0:
                    16:76:34:ad:23:e6:01:a9:df:04:f7:c4:51:1b:d6:
                    13:92:75:1a:12:11:18:d0:fd:31:38:8d:24:6f:99:
                    00:83:e1:8f:4e:32:f2:e2:eb:6a:64:09:f6:47:2f:
                    69:e8:5e:7d:4a:9e:a8:1c:0c:8f:31:fc:a1:c4:06:
                    6a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CD:AA:AD:F2:62:E7:27:BA:C7:97:33:49:21:39:97:C4:8D:2F:8A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/I82qrfJi5ye6x5czSSE5l8SNL4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.138.0/24
                  77.90.29.0/24
                  77.90.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:1e:d4:a6:84:f4:52:88:18:45:1d:18:2b:c1:83:2c:6c:2a:
         a0:2c:d2:4d:a6:b7:4d:3d:27:b1:57:9b:67:a0:00:05:12:21:
         8a:4f:06:21:cd:c8:ad:ce:a4:53:59:45:1d:b7:f1:14:1c:67:
         54:18:45:d8:22:bf:28:df:65:eb:4a:ac:92:8c:ba:08:0c:2e:
         09:b6:2c:66:9f:35:99:72:5b:4a:64:c9:8a:6e:7a:3f:d0:64:
         25:4a:b9:ac:78:cc:be:6d:cc:e2:db:b6:3f:96:b9:00:fe:23:
         d7:0a:73:f3:67:75:c9:ba:db:ca:78:23:f7:09:5f:68:8c:d1:
         d6:85:63:39:56:8f:6e:db:b4:4e:30:4a:4f:a7:74:9c:15:42:
         d2:70:44:de:05:62:30:f5:8b:86:d4:6b:2e:16:56:7a:d4:ef:
         e2:2e:65:cb:cf:bf:60:37:2e:8b:c5:ab:46:f7:8a:ef:7e:15:
         eb:ba:0a:b8:64:62:50:f2:81:41:2a:df:10:98:35:9d:ab:13:
         01:6f:35:89:0d:84:65:eb:25:a6:f6:cd:c8:dd:cb:b9:ba:9a:
         d9:b5:60:52:ca:7f:74:2c:00:86:0e:d5:43:d0:2b:71:b5:4f:
         6b:6f:59:ec:40:6e:4b:69:9c:37:eb:6d:bb:9a:40:89:44:a0:
         55:2d:82:73
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMzYAHiFnPFGKDCcciDKbPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTE2MDUwOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NkYWFhZGYyNjJlNzI3YmFjNzk3MzM0OTIxMzk5N2M0OGQyZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCjxg9ceKaE155es3B7H9dP7WZq5
gTbQy5gd31aqZ11J3kmGga+1F29Ump7nguNuUZWWjUrBNrZuGJTHGnvtehlyJRGo
4r1L2Omvdi5TmTdoUyj1HleuLz4ytAi8qdqVVvTSqRQw6OLrNvPXXvKU4SrIksid
CUwXsBEwI5t8C92Lv+q8G7jpkqcxc+wqLB1JxZJ3LdeWtfattmCoStDx3WMpv2rr
w4zSQ3kwTwEAckdVgx19/AiHOOJuGufNiGYhAqAWdjStI+YBqd8E98RRG9YTknUa
EhEY0P0xOI0kb5kAg+GPTjLy4utqZAn2Ry9p6F59Sp6oHAyPMfyhxAZq7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCPNqq3yYucnuseXM0khOZfEjS+KMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvSTgycXJmSmk1eWU2eDVjelNTRTVsOFNOTDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABVOKAwQA
TVodAwQATVosMA0GCSqGSIb3DQEBCwUAA4IBAQAlHtSmhPRSiBhFHRgrwYMsbCqg
LNJNprdNPSexV5tnoAAFEiGKTwYhzcitzqRTWUUdt/EUHGdUGEXYIr8o32XrSqyS
jLoIDC4JtixmnzWZcltKZMmKbno/0GQlSrmseMy+bczi27Y/lrkA/iPXCnPzZ3XJ
utvKeCP3CV9ojNHWhWM5Vo9u27ROMEpPp3ScFULScETeBWIw9YuG1GsuFlZ61O/i
LmXLz79gNy6LxatG94rvfhXrugq4ZGJQ8oFBKt8QmDWdqxMBbzWJDYRl6yWm9s3I
3cu5uprZtWBSyn90LACGDtVD0CtxtU9rb1nsQG5LaZw36227mkCJRKBVLYJz
-----END CERTIFICATE-----