Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/L0_jQJT5Qclln0Oyg58IDEsvUEY.roa
File:                     L0_jQJT5Qclln0Oyg58IDEsvUEY.roa (raw, json)
Hash identifier:          O4ru/bejek+UTjQtcEf3F24KaS3s+lQbPWX4dTGtcIg=
Subject key identifier:   2F:4F:E3:40:94:F9:41:C9:65:9F:43:B2:83:9F:08:0C:4B:2F:50:46
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D77F7FF1A6EE496F5E4164C421DF
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/L0_jQJT5Qclln0Oyg58IDEsvUEY.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211639
IP address blocks:        185.13.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d7:7f:7f:f1:a6:ee:49:6f:5e:41:64:c4:21:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f4fe34094f941c9659f43b2839f080c4b2f5046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ed:75:b3:0f:99:89:3c:26:98:19:ab:76:a7:
                    2a:c8:f4:bc:05:a2:10:91:b7:ef:18:53:d9:6a:47:
                    05:50:9a:aa:ec:a9:0d:34:c8:44:e9:d5:42:3d:d1:
                    0a:7c:67:cc:cb:d5:81:bc:92:1b:57:f0:b4:e2:d5:
                    12:cb:4d:c0:26:37:86:a9:17:4b:47:c3:e1:ea:8b:
                    eb:73:2c:19:93:db:f8:91:db:a8:af:bc:1f:0e:b0:
                    5d:b4:33:9c:f3:ce:75:b9:4d:d6:05:94:e8:d7:6a:
                    98:e9:22:f8:00:46:7f:38:04:09:b8:e2:6d:b2:84:
                    0e:b7:30:fa:fc:d2:63:12:0b:7e:f1:04:ad:6e:90:
                    16:26:18:71:af:3f:b2:31:44:4a:57:85:93:91:4b:
                    be:e5:40:19:74:de:b0:35:55:a3:10:6b:32:f8:47:
                    14:e3:7e:95:4c:43:41:4b:f2:ee:ff:24:8e:ec:8a:
                    1f:56:64:f5:c7:cc:32:c9:50:11:80:f8:8e:2d:7b:
                    83:e3:ed:3e:10:28:49:56:71:d2:70:07:55:00:9b:
                    d9:c4:1a:ee:75:0e:33:62:03:e7:06:bb:21:e0:f1:
                    ef:93:95:4f:7f:e6:44:9d:bf:7e:53:cd:e0:7e:ed:
                    aa:60:d0:28:da:78:a4:d4:e1:3a:50:a8:06:ac:4c:
                    33:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:4F:E3:40:94:F9:41:C9:65:9F:43:B2:83:9F:08:0C:4B:2F:50:46
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/L0_jQJT5Qclln0Oyg58IDEsvUEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:e1:ff:90:3b:1e:4d:64:35:d5:ad:15:25:0d:68:b8:73:d0:
         63:d0:83:f6:e2:34:7f:47:10:6d:4c:83:e1:e3:24:9f:1d:93:
         69:1b:d4:4c:04:5c:29:a5:11:56:04:87:14:19:75:eb:d4:0d:
         44:b6:c5:f5:27:e6:1f:cd:00:d9:cf:3c:1d:67:b9:e1:f8:17:
         02:e3:8e:3a:43:34:fe:e1:e1:bf:cb:ba:be:5c:a3:e5:28:29:
         75:c6:d8:69:93:b9:c2:f0:8e:9c:39:a0:de:7c:c5:b9:6b:2f:
         c3:e4:61:f0:06:f8:1d:d6:d1:34:99:08:5e:b5:37:d6:6e:d7:
         b4:63:51:d9:0b:5d:5a:3c:69:ab:33:67:43:78:76:ee:f0:04:
         82:71:13:e0:b7:29:ef:67:11:f1:f2:75:e1:73:16:cc:66:18:
         a2:02:7f:54:a8:33:7d:f6:76:f8:fd:f0:42:1f:3b:9e:2d:89:
         ef:cd:0b:13:30:39:4b:c1:61:d8:cb:49:b6:9b:18:8c:00:0a:
         11:6a:46:fc:2a:8a:56:47:08:12:1a:98:ed:42:15:c4:5f:06:
         84:bf:3c:54:60:cd:f4:04:c0:ba:dc:a6:d5:b7:09:39:cc:c2:
         bb:25:b4:a4:ae:7c:7b:64:92:9a:d7:5a:93:dc:6d:1a:03:1f:
         2c:a2:7d:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdd/f/Gm7klvXkFkxCHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjRmZTM0MDk0Zjk0MWM5NjU5ZjQzYjI4MzlmMDgwYzRiMmY1MDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAku11sw+ZiTwmmBmrdqcqyPS8BaIQ
kbfvGFPZakcFUJqq7KkNNMhE6dVCPdEKfGfMy9WBvJIbV/C04tUSy03AJjeGqRdL
R8Ph6ovrcywZk9v4kduor7wfDrBdtDOc8851uU3WBZTo12qY6SL4AEZ/OAQJuOJt
soQOtzD6/NJjEgt+8QStbpAWJhhxrz+yMURKV4WTkUu+5UAZdN6wNVWjEGsy+EcU
436VTENBS/Lu/ySO7IofVmT1x8wyyVARgPiOLXuD4+0+EChJVnHScAdVAJvZxBru
dQ4zYgPnBrsh4PHvk5VPf+ZEnb9+U83gfu2qYNAo2nik1OE6UKgGrEwziwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9P40CU+UHJZZ9DsoOfCAxLL1BGMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvTDBfalFKVDVRY2xsbjBPeWc1OElERXN2VUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ0hMA0G
CSqGSIb3DQEBCwUAA4IBAQBn4f+QOx5NZDXVrRUlDWi4c9Bj0IP24jR/RxBtTIPh
4ySfHZNpG9RMBFwppRFWBIcUGXXr1A1EtsX1J+YfzQDZzzwdZ7nh+BcC4446QzT+
4eG/y7q+XKPlKCl1xthpk7nC8I6cOaDefMW5ay/D5GHwBvgd1tE0mQhetTfWbte0
Y1HZC11aPGmrM2dDeHbu8ASCcRPgtynvZxHx8nXhcxbMZhiiAn9UqDN99nb4/fBC
HzueLYnvzQsTMDlLwWHYy0m2mxiMAAoRakb8KopWRwgSGpjtQhXEXwaEvzxUYM30
BMC63KbVtwk5zMK7JbSkrnx7ZJKa11qT3G0aAx8son3v
-----END CERTIFICATE-----