Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/JP3Vl-lYLTxhK2cfyuc1D88wL2g.roa
File:                     JP3Vl-lYLTxhK2cfyuc1D88wL2g.roa (raw, json)
Hash identifier:          x+3Nu998SmYw0fHqREPLgwdtGEVc6iaBVIfTxpobaGE=
Subject key identifier:   24:FD:D5:97:E9:58:2D:3C:61:2B:67:1F:CA:E7:35:0F:CF:30:2F:68
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       0194236A28C8C6F8BE4D8478DB95DAD7EA11
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/JP3Vl-lYLTxhK2cfyuc1D88wL2g.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34462
IP address blocks:        82.119.228.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:28:c8:c6:f8:be:4d:84:78:db:95:da:d7:ea:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24fdd597e9582d3c612b671fcae7350fcf302f68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fb:c9:ba:7f:19:45:81:39:df:4c:22:52:7f:
                    49:2e:4c:b0:17:66:29:3c:dd:a2:9b:98:0f:24:21:
                    4c:fb:67:5f:f5:4a:b9:64:ce:8b:6f:7d:20:a9:35:
                    ff:8b:15:1a:1f:27:4e:da:e0:ca:a8:b0:52:89:eb:
                    c8:90:79:79:1f:18:5d:f1:02:4b:ef:be:3e:fb:16:
                    bc:c3:81:00:37:b0:4f:fd:c3:a8:f8:34:23:8f:4c:
                    52:0d:64:a0:7a:81:d8:75:d0:62:74:7e:f2:2b:46:
                    0a:dd:a1:1d:2b:ff:ff:e8:23:4e:1f:a2:6d:6c:ef:
                    6a:ab:b7:5d:30:27:e3:03:25:f1:07:ff:4d:73:80:
                    42:38:e1:36:13:4b:b1:70:82:2f:a5:14:be:0c:38:
                    0c:34:bd:70:eb:1a:0f:d9:eb:da:0b:6a:2d:5e:9e:
                    ee:12:0d:04:f1:33:0a:db:92:33:5f:66:1c:fb:03:
                    3b:ff:d2:f2:d4:e5:dd:e9:b2:7f:fc:89:82:09:80:
                    db:4d:38:32:1e:d0:49:35:d7:f9:00:25:9c:e5:c4:
                    31:0d:8e:58:9c:b6:80:a8:ac:15:a5:dd:63:f1:4a:
                    12:be:98:ae:e1:c1:96:ea:cc:fe:24:59:97:e2:49:
                    07:bf:3d:10:e3:a1:b5:47:bc:d3:74:13:5c:56:e8:
                    39:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:FD:D5:97:E9:58:2D:3C:61:2B:67:1F:CA:E7:35:0F:CF:30:2F:68
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/JP3Vl-lYLTxhK2cfyuc1D88wL2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:b5:2c:d9:a6:51:4f:63:c5:eb:bb:5e:97:b8:ff:07:e2:b2:
         af:5b:a7:ba:13:fd:98:f4:fc:b7:96:87:05:78:0a:69:dc:fa:
         32:9b:78:fe:ee:17:38:56:b8:6f:d7:c5:2f:df:7a:17:13:2f:
         ce:3f:16:7e:78:76:20:74:fc:82:ed:0f:82:e6:6b:8a:99:a5:
         aa:32:d6:2f:df:a1:e2:e4:c4:13:de:02:52:96:6b:f3:6d:17:
         e4:57:fa:bb:f5:76:37:b3:a0:13:95:c1:11:31:cb:44:e5:bc:
         d4:a6:e5:27:74:f5:d7:e9:47:6c:1e:ab:37:91:86:b4:b9:27:
         c0:67:f8:24:00:59:6a:8a:8a:a4:9d:06:ef:92:63:0e:f5:a0:
         2b:00:d8:01:44:96:bc:04:61:28:d5:0e:9c:1e:d3:d5:c4:65:
         d9:1a:b9:8a:96:2b:01:20:a2:26:9c:03:a3:b7:e6:5a:df:f0:
         86:ef:23:57:0d:18:82:83:2f:fe:de:13:51:87:7f:35:84:f6:
         0a:fc:49:ec:ef:f6:88:66:45:f3:fc:05:44:26:00:40:7a:66:
         15:65:de:3d:5b:fe:b7:bb:a8:f6:48:a2:e7:9b:f4:45:ce:bb:
         05:f8:4d:a4:a1:e1:ff:1c:f7:5b:f6:04:dd:37:be:65:db:e5:
         3a:64:0f:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaijIxvi+TYR425Xa1+oRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGZkZDU5N2U5NTgyZDNjNjEyYjY3MWZjYWU3MzUwZmNmMzAyZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfvJun8ZRYE530wiUn9JLkywF2Yp
PN2im5gPJCFM+2df9Uq5ZM6Lb30gqTX/ixUaHydO2uDKqLBSievIkHl5Hxhd8QJL
774++xa8w4EAN7BP/cOo+DQjj0xSDWSgeoHYddBidH7yK0YK3aEdK///6CNOH6Jt
bO9qq7ddMCfjAyXxB/9Nc4BCOOE2E0uxcIIvpRS+DDgMNL1w6xoP2evaC2otXp7u
Eg0E8TMK25IzX2Yc+wM7/9Ly1OXd6bJ//ImCCYDbTTgyHtBJNdf5ACWc5cQxDY5Y
nLaAqKwVpd1j8UoSvpiu4cGW6sz+JFmX4kkHvz0Q46G1R7zTdBNcVug5AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCT91ZfpWC08YStnH8rnNQ/PMC9oMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvSlAzVmwtbFlMVHhoSzJjZnl1YzFEODh3TDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUnfkMA0G
CSqGSIb3DQEBCwUAA4IBAQCftSzZplFPY8Xru16XuP8H4rKvW6e6E/2Y9Py3locF
eApp3Poym3j+7hc4Vrhv18Uv33oXEy/OPxZ+eHYgdPyC7Q+C5muKmaWqMtYv36Hi
5MQT3gJSlmvzbRfkV/q79XY3s6ATlcERMctE5bzUpuUndPXX6UdsHqs3kYa0uSfA
Z/gkAFlqioqknQbvkmMO9aArANgBRJa8BGEo1Q6cHtPVxGXZGrmKlisBIKImnAOj
t+Za3/CG7yNXDRiCgy/+3hNRh381hPYK/Ens7/aIZkXz/AVEJgBAemYVZd49W/63
u6j2SKLnm/RFzrsF+E2koeH/HPdb9gTdN75l2+U6ZA8I
-----END CERTIFICATE-----