Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/k3kU5aAomwikuRNdsT68Tqjcik4.roa
File:                     k3kU5aAomwikuRNdsT68Tqjcik4.roa (raw, json)
Hash identifier:          wCPtZXM9gkCUtgXFEirTaWeSRaiZvXJy0sUEtKPb0ls=
Subject key identifier:   93:79:14:E5:A0:28:9B:08:A4:B9:13:5D:B1:3E:BC:4E:A8:DC:8A:4E
Certificate issuer:       /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial:       01944A0F871A8D5FDB9651DD126A079AC6D4
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/k3kU5aAomwikuRNdsT68Tqjcik4.roa
Signing time:             Thu 09 Jan 2025 07:55:18 +0000
ROA not before:           Thu 09 Jan 2025 07:55:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197731
IP address blocks:        83.137.192.0/22 maxlen: 24
                          83.137.196.0/24 maxlen: 24
                          2a00:a0c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 01:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:0f:87:1a:8d:5f:db:96:51:dd:12:6a:07:9a:c6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
        Validity
            Not Before: Jan  9 07:55:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=937914e5a0289b08a4b9135db13ebc4ea8dc8a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ff:ae:0f:ca:67:13:83:d1:96:16:2d:26:6d:
                    24:cb:7a:fd:a2:b1:84:d0:0b:a6:c4:eb:f2:c7:24:
                    3a:00:68:e0:13:ab:37:95:72:d1:43:a2:c5:fe:54:
                    49:33:d7:b0:1b:f6:05:c1:4a:8f:6d:6e:cc:9c:d8:
                    d0:46:f6:d0:8f:82:ee:00:a3:a5:9a:d5:44:12:41:
                    39:6c:25:a7:46:87:42:7f:d8:e2:fd:6d:f8:b3:1b:
                    f9:0c:e3:a5:fe:bb:bf:71:e6:73:e7:02:16:1a:0c:
                    d7:33:1d:e8:82:fc:94:24:e0:5e:94:86:98:47:93:
                    1f:54:b7:9a:08:da:3b:87:17:4c:95:ff:e0:ad:a1:
                    fa:f3:ca:8a:97:1f:70:d8:4e:0b:5a:46:82:0a:e5:
                    dc:d3:e0:32:1a:84:5b:42:a1:98:9f:46:ee:8b:fd:
                    5a:41:6c:86:e6:0b:c0:9e:f2:56:28:38:7d:82:4f:
                    7f:02:13:db:98:2c:12:5c:12:74:30:a4:6d:a6:26:
                    30:15:d4:8b:62:0b:68:f2:1b:21:2e:3e:c7:cb:2b:
                    15:69:68:a8:20:3b:ba:26:13:97:4a:02:0d:92:07:
                    11:1c:cb:d3:73:27:c1:31:22:2f:2d:50:0e:6d:cd:
                    93:1f:5d:ee:1f:23:54:21:7d:f6:90:2c:b7:7b:5c:
                    c6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:79:14:E5:A0:28:9B:08:A4:B9:13:5D:B1:3E:BC:4E:A8:DC:8A:4E
            X509v3 Authority Key Identifier:
                keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/k3kU5aAomwikuRNdsT68Tqjcik4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.192.0-83.137.196.255
                IPv6:
                  2a00:a0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:38:17:af:aa:09:79:50:88:bc:74:a9:dd:f4:c8:aa:07:8d:
         df:57:1c:fc:ba:be:c7:89:18:64:38:8f:1b:6f:44:6f:fb:c3:
         52:32:2e:e5:65:df:20:f6:a5:42:4e:ec:c6:10:dc:74:f8:8a:
         53:f9:26:2c:46:b8:fe:02:0c:62:6f:3c:34:fd:b3:f3:b0:86:
         aa:d0:bf:13:df:88:06:4a:fa:a9:e5:b2:c9:8e:99:df:30:c9:
         11:b1:22:66:e2:3d:87:71:0a:dd:27:7d:63:e8:93:c7:78:af:
         69:c7:0c:04:4a:c9:d7:04:d4:61:20:5c:50:7b:3c:ab:7c:22:
         82:6a:e3:54:27:63:67:4c:8b:9a:e3:9e:63:b5:ae:77:43:0e:
         b2:2f:63:dc:c4:52:6f:f7:a4:6d:ef:c8:a3:14:e8:69:64:7e:
         f9:c8:f3:51:d0:70:81:cf:3b:5a:5d:00:55:1e:44:d0:ff:94:
         fc:1e:ad:43:bb:f2:cd:19:af:3d:3e:05:58:b0:a3:1c:a5:74:
         be:52:3c:5d:30:f6:d5:cc:85:15:bc:26:76:39:13:d8:e5:eb:
         a8:c4:6d:af:18:2c:02:82:0b:c3:0b:49:61:c6:32:48:57:25:
         c7:39:09:8d:3b:0e:61:47:46:d5:e3:9f:fe:0a:82:55:e2:fb:
         c4:53:30:39
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZRKD4cajV/bllHdEmoHmsbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjUwMTA5MDc1NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc5MTRlNWEwMjg5YjA4YTRiOTEzNWRiMTNlYmM0ZWE4ZGM4YTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP+uD8pnE4PRlhYtJm0ky3r9orGE
0AumxOvyxyQ6AGjgE6s3lXLRQ6LF/lRJM9ewG/YFwUqPbW7MnNjQRvbQj4LuAKOl
mtVEEkE5bCWnRodCf9ji/W34sxv5DOOl/ru/ceZz5wIWGgzXMx3ogvyUJOBelIaY
R5MfVLeaCNo7hxdMlf/graH688qKlx9w2E4LWkaCCuXc0+AyGoRbQqGYn0bui/1a
QWyG5gvAnvJWKDh9gk9/AhPbmCwSXBJ0MKRtpiYwFdSLYgto8hshLj7HyysVaWio
IDu6JhOXSgINkgcRHMvTcyfBMSIvLVAObc2TH13uHyNUIX32kCy3e1zG+QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJN5FOWgKJsIpLkTXbE+vE6o3IpOMB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvazNrVTVhQW9td2lrdVJOZHNUNjhUcWpjaWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAZTicAD
BABTicQwDQQCAAIwBwMFACoAoMAwDQYJKoZIhvcNAQELBQADggEBADY4F6+qCXlQ
iLx0qd30yKoHjd9XHPy6vseJGGQ4jxtvRG/7w1IyLuVl3yD2pUJO7MYQ3HT4ilP5
JixGuP4CDGJvPDT9s/OwhqrQvxPfiAZK+qnlssmOmd8wyRGxImbiPYdxCt0nfWPo
k8d4r2nHDARKydcE1GEgXFB7PKt8IoJq41QnY2dMi5rjnmO1rndDDrIvY9zEUm/3
pG3vyKMU6GlkfvnI81HQcIHPO1pdAFUeRND/lPwerUO78s0Zrz0+BViwoxyldL5S
PF0w9tXMhRW8JnY5E9jl66jEba8YLAKCC8MLSWHGMkhXJcc5CY07DmFHRtXjn/4K
glXi+8RTMDk=
-----END CERTIFICATE-----