Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/j_LLbTuht3On0Q33ab1ogBT6DjY.roa
File:                     j_LLbTuht3On0Q33ab1ogBT6DjY.roa (raw, json)
Hash identifier:          MPhnVd4jbFRWtdmrVD/f56ms+DYqsvj9r87Pt5T8xmQ=
Subject key identifier:   8F:F2:CB:6D:3B:A1:B7:73:A7:D1:0D:F7:69:BD:68:80:14:FA:0E:36
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5AE4E77338CDD6514595C236C7C63
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/j_LLbTuht3On0Q33ab1ogBT6DjY.roa
Signing time:             Wed 01 Jan 2025 07:47:42 +0000
ROA not before:           Wed 01 Jan 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35169
IP address blocks:        83.206.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ae:4e:77:33:8c:dd:65:14:59:5c:23:6c:7c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ff2cb6d3ba1b773a7d10df769bd688014fa0e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:25:cf:ba:5c:0b:97:f9:ef:20:95:4d:b7:1e:
                    71:e0:54:16:4b:5c:4d:1e:48:a8:f1:b0:c9:52:c5:
                    a9:ed:a0:42:21:b2:c2:90:e7:78:52:31:5b:e5:72:
                    c1:be:83:77:1f:ca:f5:1c:42:c6:09:58:1e:d4:1f:
                    3f:21:38:2e:ce:a5:21:dd:c4:7d:de:d5:82:ad:fa:
                    6b:fe:fd:9d:85:fa:fc:ed:3a:c0:84:c4:2d:c0:91:
                    24:61:d7:15:16:81:0b:26:56:aa:53:37:78:52:f7:
                    01:46:fd:9e:37:51:df:0c:c2:e7:68:1b:03:75:8f:
                    09:3f:c8:2c:3d:6b:d2:90:5f:6b:02:f9:fd:8d:c9:
                    b2:ee:dc:a3:82:2d:cd:fc:59:a8:77:d5:5e:88:d2:
                    90:28:62:43:45:72:d1:45:3b:0a:56:86:fa:37:69:
                    82:05:04:66:7a:c6:39:27:66:86:3c:27:e2:6e:e4:
                    60:37:89:df:6f:40:0e:ea:fe:55:33:3e:b0:d8:2a:
                    ff:52:1b:da:da:8e:27:08:4c:20:13:fb:a6:b3:0e:
                    67:c2:c0:1c:11:20:e4:80:4f:a6:37:0d:79:13:fd:
                    db:4b:d2:72:d7:50:e2:63:8c:1e:9e:61:10:38:5d:
                    d9:1c:25:de:72:b8:18:5a:99:2c:a7:78:be:c4:38:
                    fd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F2:CB:6D:3B:A1:B7:73:A7:D1:0D:F7:69:BD:68:80:14:FA:0E:36
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/j_LLbTuht3On0Q33ab1ogBT6DjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.206.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:4c:36:f0:9e:b3:b1:97:0b:d3:7d:1d:0f:12:b5:38:3c:b6:
         2b:3e:78:12:56:18:40:0f:64:8a:31:08:00:26:cb:96:05:ed:
         0a:56:71:48:2b:72:16:ed:dc:71:78:cd:30:e4:ba:25:63:7b:
         46:52:fc:39:31:69:3e:4c:27:06:30:8f:65:8c:4c:85:7a:80:
         f1:3b:b3:f2:16:76:ff:1f:26:b9:7a:bd:8a:b0:ab:6c:5b:63:
         cd:31:03:03:ef:4b:bc:73:77:ba:2c:fe:05:fd:0b:48:94:f1:
         3f:0a:54:2c:28:be:0f:1a:0d:c4:9c:6a:d5:6b:08:b1:b5:31:
         a4:8f:e0:03:3f:c1:77:f2:bf:e7:9a:cd:41:e0:22:1e:1d:80:
         7c:af:2a:c7:cb:16:a7:5b:8e:80:07:6c:a5:f3:27:41:f8:5e:
         81:99:32:eb:e7:a8:8f:ae:bd:63:53:d2:06:12:e8:40:83:f8:
         85:59:48:91:73:02:93:64:db:a5:90:e2:cf:e2:7f:a8:7f:4b:
         c6:59:b2:a3:75:77:d8:af:70:88:4e:ca:97:81:94:58:41:aa:
         43:6d:52:cc:ae:40:29:c8:85:a6:0e:4f:64:fe:63:a4:6c:be:
         85:53:6c:22:01:f4:c9:44:bf:b0:d4:0a:a4:f6:ff:e1:38:6a:
         3a:32:f6:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1a5OdzOM3WUUWVwjbHxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmYyY2I2ZDNiYTFiNzczYTdkMTBkZjc2OWJkNjg4MDE0ZmEwZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CXPulwLl/nvIJVNtx5x4FQWS1xN
Hkio8bDJUsWp7aBCIbLCkOd4UjFb5XLBvoN3H8r1HELGCVge1B8/ITguzqUh3cR9
3tWCrfpr/v2dhfr87TrAhMQtwJEkYdcVFoELJlaqUzd4UvcBRv2eN1HfDMLnaBsD
dY8JP8gsPWvSkF9rAvn9jcmy7tyjgi3N/Fmod9VeiNKQKGJDRXLRRTsKVob6N2mC
BQRmesY5J2aGPCfibuRgN4nfb0AO6v5VMz6w2Cr/Uhva2o4nCEwgE/umsw5nwsAc
ESDkgE+mNw15E/3bS9Jy11DiY4wenmEQOF3ZHCXecrgYWpksp3i+xDj9SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/yy207obdzp9EN92m9aIAU+g42MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEval9MTGJUdWh0M09uMFEzM2FiMW9nQlQ2RGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU85CMA0G
CSqGSIb3DQEBCwUAA4IBAQCGTDbwnrOxlwvTfR0PErU4PLYrPngSVhhAD2SKMQgA
JsuWBe0KVnFIK3IW7dxxeM0w5LolY3tGUvw5MWk+TCcGMI9ljEyFeoDxO7PyFnb/
Hya5er2KsKtsW2PNMQMD70u8c3e6LP4F/QtIlPE/ClQsKL4PGg3EnGrVawixtTGk
j+ADP8F38r/nms1B4CIeHYB8ryrHyxanW46AB2yl8ydB+F6BmTLr56iPrr1jU9IG
EuhAg/iFWUiRcwKTZNulkOLP4n+of0vGWbKjdXfYr3CITsqXgZRYQapDbVLMrkAp
yIWmDk9k/mOkbL6FU2wiAfTJRL+w1Aqk9v/hOGo6MvYs
-----END CERTIFICATE-----