Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/6a3bb7-7067-42e8-8097-89620c25150e/1/83Pa1Fny_wQGf-aBjmuuxzW1qe8.roa
File:                     83Pa1Fny_wQGf-aBjmuuxzW1qe8.roa (raw, json)
Hash identifier:          BUZf5O8+Scwp5tYQEgr26uQX4AHjB4ej9Ew9RQ9oFhg=
Subject key identifier:   F3:73:DA:D4:59:F2:FF:04:06:7F:E6:81:8E:6B:AE:C7:35:B5:A9:EF
Certificate issuer:       /CN=4b0cde4c4f93299963680d6c4fc0604f7c84243b
Certificate serial:       019423699763CD706421EE2F072A296087EE
Authority key identifier: 4B:0C:DE:4C:4F:93:29:99:63:68:0D:6C:4F:C0:60:4F:7C:84:24:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SwzeTE-TKZljaA1sT8BgT3yEJDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/6a3bb7-7067-42e8-8097-89620c25150e/1/83Pa1Fny_wQGf-aBjmuuxzW1qe8.roa
Signing time:             Wed 01 Jan 2025 19:48:30 +0000
ROA not before:           Wed 01 Jan 2025 19:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.43.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/6a3bb7-7067-42e8-8097-89620c25150e/1/SwzeTE-TKZljaA1sT8BgT3yEJDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/6a3bb7-7067-42e8-8097-89620c25150e/1/SwzeTE-TKZljaA1sT8BgT3yEJDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SwzeTE-TKZljaA1sT8BgT3yEJDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:97:63:cd:70:64:21:ee:2f:07:2a:29:60:87:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b0cde4c4f93299963680d6c4fc0604f7c84243b
        Validity
            Not Before: Jan  1 19:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f373dad459f2ff04067fe6818e6baec735b5a9ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:68:dc:79:97:de:ce:57:e3:20:aa:4c:fb:d6:
                    0d:7b:a6:d6:c3:bc:fe:19:72:5a:2e:75:32:06:80:
                    c6:33:86:c2:62:be:05:56:a8:5f:ff:f8:d5:b4:e3:
                    b7:6b:95:fd:e1:ab:f5:e7:ba:42:11:f4:27:30:99:
                    f5:79:d0:2e:d4:98:0f:a7:fe:86:76:8e:00:8e:ba:
                    bc:a3:14:a9:ee:2a:f4:f2:d6:d3:0c:99:c1:60:87:
                    af:8d:7d:52:49:f3:46:e1:36:2a:b7:85:4c:8c:e3:
                    b9:50:83:38:f2:6d:73:99:1f:49:30:61:d8:25:7f:
                    b9:4c:2b:90:56:52:7a:88:88:b1:22:c5:d5:cb:40:
                    63:6c:4e:83:2c:de:f4:7d:17:df:4a:de:c8:aa:9e:
                    9a:ad:59:14:18:2f:6c:bd:43:77:69:73:15:34:ad:
                    e6:af:8f:22:b9:49:9f:cf:ef:33:b8:59:28:29:c7:
                    e6:a0:66:08:ea:c2:13:aa:94:14:be:97:a8:3b:4b:
                    29:80:9f:76:57:73:c4:42:4d:77:12:2f:e8:2f:2f:
                    3b:25:f1:77:94:74:e7:49:90:8b:da:8f:51:ec:fc:
                    05:12:73:a6:27:98:45:55:46:2e:40:fd:54:0c:f1:
                    dc:af:96:bc:de:f0:0e:c7:c1:cb:2e:77:29:6f:64:
                    47:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:73:DA:D4:59:F2:FF:04:06:7F:E6:81:8E:6B:AE:C7:35:B5:A9:EF
            X509v3 Authority Key Identifier:
                keyid:4B:0C:DE:4C:4F:93:29:99:63:68:0D:6C:4F:C0:60:4F:7C:84:24:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SwzeTE-TKZljaA1sT8BgT3yEJDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/6a3bb7-7067-42e8-8097-89620c25150e/1/83Pa1Fny_wQGf-aBjmuuxzW1qe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/6a3bb7-7067-42e8-8097-89620c25150e/1/SwzeTE-TKZljaA1sT8BgT3yEJDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         86:f3:c6:23:5d:8d:21:5e:a4:be:43:5a:16:4b:93:67:94:cf:
         f9:58:05:e9:e4:50:44:9e:3b:cf:3e:d4:54:9f:84:b1:6c:3b:
         8e:92:7c:e0:4c:ce:1a:fe:c5:85:09:a3:e0:b4:78:9e:e4:b9:
         5b:03:7a:87:ad:08:a9:31:59:ac:c7:87:8c:96:e4:4b:66:df:
         2f:c7:7c:ec:2a:00:36:1c:d7:cd:14:70:af:36:6b:05:63:4b:
         a8:40:ca:db:f0:f2:43:74:a2:89:ef:f1:7b:85:31:54:7a:e3:
         30:dd:c9:59:43:dc:e5:a6:af:65:a9:d8:ce:16:62:b6:78:88:
         dc:be:20:be:d2:eb:c3:9f:38:78:ff:12:69:37:06:70:02:26:
         88:3c:b6:79:76:ea:9e:15:ca:53:bf:6e:25:bd:fd:fe:53:62:
         f7:6f:26:fd:c9:43:fb:57:19:a4:74:b6:6e:88:85:0b:22:ed:
         48:16:26:84:fd:49:ba:e3:3b:17:30:16:ee:cc:d5:8f:d2:ea:
         d4:79:2a:79:a0:3f:c4:56:87:05:fd:8c:0f:f3:b4:6b:ed:03:
         73:b4:6e:6f:62:60:a9:b1:04:f3:13:7b:7a:60:2c:dc:b1:92:
         c1:14:33:74:2a:d2:6f:b4:37:8d:9d:d4:bc:89:aa:32:33:7a:
         f7:36:28:be
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjaZdjzXBkIe4vByopYIfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMGNkZTRjNGY5MzI5OTk2MzY4MGQ2YzRmYzA2MDRmN2M4
NDI0M2IwHhcNMjUwMTAxMTk0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzczZGFkNDU5ZjJmZjA0MDY3ZmU2ODE4ZTZiYWVjNzM1YjVhOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2jceZfezlfjIKpM+9YNe6bWw7z+
GXJaLnUyBoDGM4bCYr4FVqhf//jVtOO3a5X94av157pCEfQnMJn1edAu1JgPp/6G
do4Ajrq8oxSp7ir08tbTDJnBYIevjX1SSfNG4TYqt4VMjOO5UIM48m1zmR9JMGHY
JX+5TCuQVlJ6iIixIsXVy0BjbE6DLN70fRffSt7Iqp6arVkUGC9svUN3aXMVNK3m
r48iuUmfz+8zuFkoKcfmoGYI6sITqpQUvpeoO0spgJ92V3PEQk13Ei/oLy87JfF3
lHTnSZCL2o9R7PwFEnOmJ5hFVUYuQP1UDPHcr5a83vAOx8HLLncpb2RHfQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPNz2tRZ8v8EBn/mgY5rrsc1tanvMB8GA1UdIwQY
MBaAFEsM3kxPkymZY2gNbE/AYE98hCQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3d6ZVRFLVRLWmxqYUExc1Q4QmdUM3lFSkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi82YTNiYjctNzA2Ny00MmU4LTgwOTct
ODk2MjBjMjUxNTBlLzEvODNQYTFGbnlfd1FHZi1hQmptdXV4elcxcWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi82YTNiYjctNzA2Ny00MmU4LTgwOTctODk2MjBjMjUxNTBl
LzEvU3d6ZVRFLVRLWmxqYUExc1Q4QmdUM3lFSkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSswDQYJ
KoZIhvcNAQELBQADggEBAIbzxiNdjSFepL5DWhZLk2eUz/lYBenkUESeO88+1FSf
hLFsO46SfOBMzhr+xYUJo+C0eJ7kuVsDeoetCKkxWazHh4yW5Etm3y/HfOwqADYc
180UcK82awVjS6hAytvw8kN0oonv8XuFMVR64zDdyVlD3OWmr2Wp2M4WYrZ4iNy+
IL7S68OfOHj/Emk3BnACJog8tnl26p4VylO/biW9/f5TYvdvJv3JQ/tXGaR0tm6I
hQsi7UgWJoT9SbrjOxcwFu7M1Y/S6tR5KnmgP8RWhwX9jA/ztGvtA3O0bm9iYKmx
BPMTe3pgLNyxksEUM3Qq0m+0N42d1LyJqjIzevc2KL4=
-----END CERTIFICATE-----