Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/UUl9tjMfoZ7A5klfeBDKB274xTs.roa
File:                     UUl9tjMfoZ7A5klfeBDKB274xTs.roa (raw, json)
Hash identifier:          SBvHQQieYmwuldne0ESh4KLqZuA1XSHveZCrpCqrHvQ=
Subject key identifier:   51:49:7D:B6:33:1F:A1:9E:C0:E6:49:5F:78:10:CA:07:6E:F8:C5:3B
Certificate issuer:       /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial:       01944A0F861F38A4074DE5D525F1BB6566BA
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/UUl9tjMfoZ7A5klfeBDKB274xTs.roa
Signing time:             Thu 09 Jan 2025 07:55:18 +0000
ROA not before:           Thu 09 Jan 2025 07:55:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34233
IP address blocks:        83.137.192.0/22 maxlen: 22
                          83.137.196.0/24 maxlen: 24
                          2a00:a0c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:0f:86:1f:38:a4:07:4d:e5:d5:25:f1:bb:65:66:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
        Validity
            Not Before: Jan  9 07:55:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51497db6331fa19ec0e6495f7810ca076ef8c53b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9f:22:62:06:89:58:09:d6:84:64:57:f3:c3:
                    c2:a6:f5:81:f0:6c:8a:1a:c7:a7:44:69:02:4b:24:
                    03:96:00:f7:3a:a1:62:02:9b:8c:6b:f6:52:aa:b7:
                    d9:29:f0:7f:c0:8b:4c:0d:77:59:4c:95:13:5e:9f:
                    6e:cd:ee:7d:d2:4c:fb:af:34:1b:b3:7d:e4:3c:ce:
                    b0:6e:bb:48:89:77:fd:15:22:ad:2b:a2:58:6d:7a:
                    5e:c5:a6:a4:df:3e:df:d2:fe:84:d2:40:d5:6f:54:
                    56:b9:01:15:55:1e:ea:39:da:3a:73:36:0b:99:f6:
                    c7:cf:cb:71:8e:2c:10:08:9a:86:6d:ec:a8:f8:82:
                    bb:8f:75:2e:de:c9:1b:d6:32:43:a4:a5:6a:d0:dd:
                    d7:77:7a:70:60:08:5c:1c:27:e8:e8:27:2e:60:c1:
                    82:eb:48:74:2c:fd:3f:8a:8d:9f:40:43:58:b9:3a:
                    b7:39:be:8a:14:37:f9:04:b1:a6:15:1b:5f:a6:e6:
                    95:76:61:55:54:19:d0:04:f2:3c:9d:3e:3d:68:11:
                    42:e9:49:aa:82:0c:00:43:a3:ef:d1:dd:ba:eb:40:
                    be:3f:c5:e3:39:6a:ae:21:4a:1d:f5:1d:e2:ea:e8:
                    dc:8d:55:d3:bd:ea:2e:84:ed:e7:17:17:a7:50:be:
                    78:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:49:7D:B6:33:1F:A1:9E:C0:E6:49:5F:78:10:CA:07:6E:F8:C5:3B
            X509v3 Authority Key Identifier:
                keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/UUl9tjMfoZ7A5klfeBDKB274xTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.192.0-83.137.196.255
                IPv6:
                  2a00:a0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:f4:e1:25:ca:e6:d0:e5:e8:b5:21:1e:19:45:c7:55:f7:89:
         b8:ae:6a:a0:56:9f:c4:2e:f2:75:4f:d2:80:aa:2e:4a:f5:66:
         43:4f:92:60:b3:66:64:34:7a:ff:fb:76:b4:7b:57:51:b7:41:
         d6:db:25:66:5e:0f:a6:1d:80:9a:d2:b0:a7:48:d7:c7:b6:ec:
         f1:a3:ce:b2:c4:b8:ce:c1:b9:41:9d:b3:60:08:71:45:c4:52:
         22:52:c6:0d:17:bb:47:48:5e:8d:7f:5f:0f:3a:fd:e2:f0:cc:
         02:fc:b1:d4:d0:ae:a6:26:2d:ac:b9:77:44:2a:83:78:5b:05:
         ac:ad:39:db:a7:1d:a6:be:42:3f:70:4d:a8:c5:d1:41:3e:4c:
         a0:62:7c:44:29:87:87:8d:78:ca:3e:b5:11:6c:b8:90:5d:f1:
         06:a6:ff:35:4f:ab:20:2a:6b:99:73:6a:87:97:72:70:a4:be:
         d7:07:e8:33:90:56:f4:5f:df:cc:28:20:5e:61:29:0a:e9:bb:
         ed:03:67:af:e7:99:ff:85:13:3f:95:7d:e6:d7:70:c0:95:3d:
         d6:c5:99:fb:cb:c6:ae:04:96:58:40:bf:e3:14:c8:2a:82:8a:
         fe:92:4b:03:69:dc:88:77:b9:72:61:f6:5d:9a:b9:9c:0f:52:
         c9:db:04:0e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZRKD4YfOKQHTeXVJfG7ZWa6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjUwMTA5MDc1NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTQ5N2RiNjMzMWZhMTllYzBlNjQ5NWY3ODEwY2EwNzZlZjhjNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt58iYgaJWAnWhGRX88PCpvWB8GyK
GsenRGkCSyQDlgD3OqFiApuMa/ZSqrfZKfB/wItMDXdZTJUTXp9uze590kz7rzQb
s33kPM6wbrtIiXf9FSKtK6JYbXpexaak3z7f0v6E0kDVb1RWuQEVVR7qOdo6czYL
mfbHz8txjiwQCJqGbeyo+IK7j3Uu3skb1jJDpKVq0N3Xd3pwYAhcHCfo6CcuYMGC
60h0LP0/io2fQENYuTq3Ob6KFDf5BLGmFRtfpuaVdmFVVBnQBPI8nT49aBFC6Umq
ggwAQ6Pv0d2660C+P8XjOWquIUod9R3i6ujcjVXTveouhO3nFxenUL54rQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFFJfbYzH6GewOZJX3gQygdu+MU7MB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvVVVsOXRqTWZvWjdBNWtsZmVCREtCMjc0eFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAZTicAD
BABTicQwDQQCAAIwBwMFACoAoMAwDQYJKoZIhvcNAQELBQADggEBAAH04SXK5tDl
6LUhHhlFx1X3ibiuaqBWn8Qu8nVP0oCqLkr1ZkNPkmCzZmQ0ev/7drR7V1G3Qdbb
JWZeD6YdgJrSsKdI18e27PGjzrLEuM7BuUGds2AIcUXEUiJSxg0Xu0dIXo1/Xw86
/eLwzAL8sdTQrqYmLay5d0Qqg3hbBaytOdunHaa+Qj9wTajF0UE+TKBifEQph4eN
eMo+tRFsuJBd8Qam/zVPqyAqa5lzaoeXcnCkvtcH6DOQVvRf38woIF5hKQrpu+0D
Z6/nmf+FEz+VfebXcMCVPdbFmfvLxq4EllhAv+MUyCqCiv6SSwNp3Ih3uXJh9l2a
uZwPUsnbBA4=
-----END CERTIFICATE-----