Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q7eCCLR0VvDR5JyDNBxohWe28pc.roa
File:                     Q7eCCLR0VvDR5JyDNBxohWe28pc.roa (raw, json)
Hash identifier:          wbPcjgFh6PdDZnepAX77EyBmzhkEDflSzpHMMPr7ZUg=
Subject key identifier:   43:B7:82:08:B4:74:56:F0:D1:E4:9C:83:34:1C:68:85:67:B6:F2:97
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01942220164C1BBDDC3875B9B4E95CE35402
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q7eCCLR0VvDR5JyDNBxohWe28pc.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214320
IP address blocks:        5.83.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:16:4c:1b:bd:dc:38:75:b9:b4:e9:5c:e3:54:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43b78208b47456f0d1e49c83341c688567b6f297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:08:a3:3a:d2:c1:bd:7e:f2:c2:06:4b:31:2c:
                    db:00:12:16:83:87:b0:2e:36:7d:c1:9d:ac:14:66:
                    32:46:5c:1c:3e:e3:03:d6:65:ac:44:db:62:3b:8f:
                    6a:96:0a:6f:72:dd:18:30:40:38:5a:78:63:df:8b:
                    c6:43:c4:d2:3d:89:50:ec:8f:ee:e0:f6:65:91:8c:
                    34:02:f0:b6:06:86:24:07:4f:a4:12:aa:a2:ac:ef:
                    a1:52:ec:e7:dd:42:54:62:68:41:49:a3:35:f7:67:
                    58:50:65:77:7d:ff:1a:59:fb:e0:5c:e3:80:be:bf:
                    fb:84:7f:57:ee:de:41:c2:bf:34:b4:d7:d5:61:34:
                    5c:f5:1e:2e:05:33:ca:8a:51:da:76:ae:bc:02:37:
                    f1:22:a1:f8:a1:3d:55:26:72:44:55:b7:6b:1a:48:
                    eb:34:16:84:bf:6d:6c:fc:bd:1e:2d:8d:66:95:8b:
                    1c:4f:70:f7:92:e6:4c:91:cc:11:62:70:81:ab:49:
                    b0:52:58:07:b4:58:d4:52:dc:3e:61:35:a0:41:58:
                    dc:7d:de:00:6e:18:f2:37:77:3b:76:db:6e:4c:0b:
                    e1:72:84:70:81:ca:44:f2:d6:e6:d4:4e:a3:60:8a:
                    0b:b1:5e:17:a7:29:d6:79:2e:44:e7:20:d5:a3:62:
                    2d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B7:82:08:B4:74:56:F0:D1:E4:9C:83:34:1C:68:85:67:B6:F2:97
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q7eCCLR0VvDR5JyDNBxohWe28pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:d2:49:81:7c:24:fe:81:d8:02:19:c9:86:cc:46:44:54:32:
         82:39:91:d6:57:67:db:d5:a5:dd:38:05:86:24:89:2a:91:d9:
         39:e2:0c:98:0e:af:d8:03:04:e7:0d:26:62:07:62:11:56:5a:
         0d:eb:3a:fa:34:5d:cb:98:53:e6:17:d7:53:46:92:48:6f:95:
         49:bf:07:6f:89:39:1a:2d:63:3a:03:70:c9:43:08:74:d0:9e:
         d6:2a:dd:e9:a4:28:9e:c4:ef:77:f4:29:53:72:80:ab:01:32:
         5b:aa:56:45:07:45:cc:d6:37:c6:fb:8a:dd:9a:9b:ae:81:39:
         53:58:a0:d9:11:8d:6a:f8:b0:1c:31:31:2e:32:75:47:d0:7e:
         03:80:c8:03:8d:27:05:af:d6:e6:75:97:89:1d:76:0c:e8:39:
         43:fe:bb:3d:66:03:fc:94:50:c8:89:0c:f3:2e:58:b4:81:ea:
         7d:ef:01:3d:38:57:55:4b:a0:ba:8c:e2:1d:7f:6e:85:62:63:
         f9:a3:c1:18:5c:c5:1a:c7:73:69:15:ba:f7:05:a7:98:d5:72:
         fd:32:f0:bd:c9:46:cf:ed:92:38:ca:23:ae:aa:ea:91:a5:69:
         3b:99:45:4a:99:2f:5f:60:58:5b:fc:e0:72:50:f6:69:cf:3c:
         1a:52:8b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBZMG73cOHW5tOlc41QCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2I3ODIwOGI0NzQ1NmYwZDFlNDljODMzNDFjNjg4NTY3YjZmMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAijOtLBvX7ywgZLMSzbABIWg4ew
LjZ9wZ2sFGYyRlwcPuMD1mWsRNtiO49qlgpvct0YMEA4Wnhj34vGQ8TSPYlQ7I/u
4PZlkYw0AvC2BoYkB0+kEqqirO+hUuzn3UJUYmhBSaM192dYUGV3ff8aWfvgXOOA
vr/7hH9X7t5Bwr80tNfVYTRc9R4uBTPKilHadq68AjfxIqH4oT1VJnJEVbdrGkjr
NBaEv21s/L0eLY1mlYscT3D3kuZMkcwRYnCBq0mwUlgHtFjUUtw+YTWgQVjcfd4A
bhjyN3c7dttuTAvhcoRwgcpE8tbm1E6jYIoLsV4XpynWeS5E5yDVo2ItXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO3ggi0dFbw0eScgzQcaIVntvKXMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUTdlQ0NMUjBWdkRSNUp5RE5CeG9oV2UyOHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABVOMMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ0kmBfCT+gdgCGcmGzEZEVDKCOZHWV2fb1aXdOAWG
JIkqkdk54gyYDq/YAwTnDSZiB2IRVloN6zr6NF3LmFPmF9dTRpJIb5VJvwdviTka
LWM6A3DJQwh00J7WKt3ppCiexO939ClTcoCrATJbqlZFB0XM1jfG+4rdmpuugTlT
WKDZEY1q+LAcMTEuMnVH0H4DgMgDjScFr9bmdZeJHXYM6DlD/rs9ZgP8lFDIiQzz
Lli0gep97wE9OFdVS6C6jOIdf26FYmP5o8EYXMUax3NpFbr3BaeY1XL9MvC9yUbP
7ZI4yiOuquqRpWk7mUVKmS9fYFhb/OByUPZpzzwaUotu
-----END CERTIFICATE-----