Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/J_l_zy93qt1DSVPG0doUGTadnUI.roa
File:                     J_l_zy93qt1DSVPG0doUGTadnUI.roa (raw, json)
Hash identifier:          UqMuJb7bTdBE+zNiQ2/WKCoFaOYhYpwDUPCGWXpNxgw=
Subject key identifier:   27:F9:7F:CF:2F:77:AA:DD:43:49:53:C6:D1:DA:14:19:36:9D:9D:42
Certificate issuer:       /CN=3283151e838675754629260425bffce929d8a8ed
Certificate serial:       0194228E23E0FA2C5439857F70835AFE044D
Authority key identifier: 32:83:15:1E:83:86:75:75:46:29:26:04:25:BF:FC:E9:29:D8:A8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MoMVHoOGdXVGKSYEJb_86SnYqO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/J_l_zy93qt1DSVPG0doUGTadnUI.roa
Signing time:             Wed 01 Jan 2025 15:48:48 +0000
ROA not before:           Wed 01 Jan 2025 15:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12388
IP address blocks:        83.220.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/MoMVHoOGdXVGKSYEJb_86SnYqO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/MoMVHoOGdXVGKSYEJb_86SnYqO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MoMVHoOGdXVGKSYEJb_86SnYqO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:23:e0:fa:2c:54:39:85:7f:70:83:5a:fe:04:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3283151e838675754629260425bffce929d8a8ed
        Validity
            Not Before: Jan  1 15:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27f97fcf2f77aadd434953c6d1da1419369d9d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d1:e5:d2:19:e9:78:7a:a5:bd:7f:bc:98:2e:
                    ce:2a:ba:ce:0d:7f:b3:e3:dc:70:60:42:84:3e:50:
                    ad:75:3b:a3:ea:9f:c4:32:08:6e:f1:15:86:ad:88:
                    39:ce:18:9c:62:ad:4d:45:02:b4:c9:2c:a8:51:01:
                    ea:35:d6:b7:dd:04:53:2f:13:73:80:e3:c6:4d:75:
                    74:12:c7:af:03:35:d4:51:75:63:ac:8f:09:09:4e:
                    62:66:ff:f4:e3:bf:57:51:ce:f1:13:ff:d1:92:8c:
                    dc:53:a0:53:97:0f:f8:d6:60:4b:a0:1c:15:d3:20:
                    74:da:b3:4a:38:c8:af:17:09:b1:e0:68:a2:6d:6e:
                    86:5e:46:92:24:7d:17:a6:c1:4d:4e:b8:4a:00:c6:
                    36:97:7d:fe:31:89:03:31:7f:02:33:15:b1:c7:5b:
                    71:b8:99:b3:db:60:52:83:67:a2:93:e8:5e:0b:c2:
                    f4:e2:21:c3:7a:22:3a:5c:8e:e4:06:67:f9:3c:f7:
                    3a:c9:5c:b6:1c:91:9e:86:27:66:d4:f4:7b:ed:ec:
                    0f:c7:3c:8e:89:d2:91:14:5b:cb:68:78:f8:16:d0:
                    96:41:42:54:3e:28:60:01:34:3c:fd:4b:4a:db:6e:
                    20:59:f5:a5:f3:4b:04:a0:6d:1b:78:10:0a:cf:0b:
                    80:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F9:7F:CF:2F:77:AA:DD:43:49:53:C6:D1:DA:14:19:36:9D:9D:42
            X509v3 Authority Key Identifier:
                keyid:32:83:15:1E:83:86:75:75:46:29:26:04:25:BF:FC:E9:29:D8:A8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MoMVHoOGdXVGKSYEJb_86SnYqO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/J_l_zy93qt1DSVPG0doUGTadnUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/MoMVHoOGdXVGKSYEJb_86SnYqO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         bd:16:e6:7d:2c:af:dc:69:b1:2e:26:d3:2b:f1:c3:a4:f6:49:
         27:ca:c3:f5:fe:1d:09:31:76:ae:c8:0c:59:23:8d:70:5a:e0:
         9b:c0:e2:81:50:66:ff:95:40:f8:16:98:74:bc:f4:d4:62:9d:
         1e:b8:e6:f7:08:7d:2f:ce:91:26:73:fc:2b:7e:7c:d5:65:d0:
         52:01:64:10:98:f1:b0:6a:70:00:79:f0:a2:11:41:48:7e:25:
         51:57:33:23:65:76:ad:5b:ea:02:c5:2b:38:6e:11:b4:1f:49:
         06:93:99:b8:df:da:30:da:db:0b:70:05:92:7f:d0:74:66:59:
         da:c7:21:61:12:33:ce:3a:ad:06:8b:e3:a6:2b:31:12:b3:2c:
         d5:d3:0c:81:cd:b8:1a:55:54:b8:ae:b4:ee:1c:c2:b3:55:e9:
         2f:fe:11:47:76:f0:e5:0e:28:08:39:59:51:60:fa:ae:29:64:
         d4:a6:b3:92:45:74:7f:71:c9:f6:86:5f:02:1b:36:84:e5:30:
         a6:e2:b3:99:b0:f5:71:62:eb:e1:c7:03:98:8c:90:2c:41:d4:
         2e:44:23:01:7c:3a:1b:d2:21:cb:7b:2d:49:33:c4:eb:09:d1:
         c1:21:6c:bb:92:0f:aa:f7:c7:1a:13:d1:c9:08:9e:cf:49:ce:
         51:cb:1d:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijiPg+ixUOYV/cINa/gRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyODMxNTFlODM4Njc1NzU0NjI5MjYwNDI1YmZmY2U5Mjlk
OGE4ZWQwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y5N2ZjZjJmNzdhYWRkNDM0OTUzYzZkMWRhMTQxOTM2OWQ5ZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tHl0hnpeHqlvX+8mC7OKrrODX+z
49xwYEKEPlCtdTuj6p/EMghu8RWGrYg5zhicYq1NRQK0ySyoUQHqNda33QRTLxNz
gOPGTXV0EsevAzXUUXVjrI8JCU5iZv/0479XUc7xE//RkozcU6BTlw/41mBLoBwV
0yB02rNKOMivFwmx4GiibW6GXkaSJH0XpsFNTrhKAMY2l33+MYkDMX8CMxWxx1tx
uJmz22BSg2eik+heC8L04iHDeiI6XI7kBmf5PPc6yVy2HJGehidm1PR77ewPxzyO
idKRFFvLaHj4FtCWQUJUPihgATQ8/UtK224gWfWl80sEoG0beBAKzwuAgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf5f88vd6rdQ0lTxtHaFBk2nZ1CMB8GA1UdIwQY
MBaAFDKDFR6DhnV1RikmBCW//Okp2KjtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW9NVkhvT0dkWFZHS1NZRUpiXzg2U25ZcU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ZGY1MGEtMmQ4Ny00ZDA5LWI5YWMt
MDU4MjFkNDA5OWI4LzEvSl9sX3p5OTNxdDFEU1ZQRzBkb1VHVGFkblVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ZGY1MGEtMmQ4Ny00ZDA5LWI5YWMtMDU4MjFkNDA5OWI4
LzEvTW9NVkhvT0dkWFZHS1NZRUpiXzg2U25ZcU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFU9zAMA0G
CSqGSIb3DQEBCwUAA4IBAQC9FuZ9LK/cabEuJtMr8cOk9kknysP1/h0JMXauyAxZ
I41wWuCbwOKBUGb/lUD4Fph0vPTUYp0euOb3CH0vzpEmc/wrfnzVZdBSAWQQmPGw
anAAefCiEUFIfiVRVzMjZXatW+oCxSs4bhG0H0kGk5m439ow2tsLcAWSf9B0Zlna
xyFhEjPOOq0Gi+OmKzESsyzV0wyBzbgaVVS4rrTuHMKzVekv/hFHdvDlDigIOVlR
YPquKWTUprOSRXR/ccn2hl8CGzaE5TCm4rOZsPVxYuvhxwOYjJAsQdQuRCMBfDob
0iHLey1JM8TrCdHBIWy7kg+q98caE9HJCJ7PSc5Ryx0N
-----END CERTIFICATE-----