Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/dCGcZg2F9Ea5zPZKvzxM5matRyQ.roa
File:                     dCGcZg2F9Ea5zPZKvzxM5matRyQ.roa (raw, json)
Hash identifier:          CVLQb8zE8ujxwsspK1MH+reOHlP+NQATO7Xjq1jEaUs=
Subject key identifier:   74:21:9C:66:0D:85:F4:46:B9:CC:F6:4A:BF:3C:4C:E6:66:AD:47:24
Certificate issuer:       /CN=b541558181f7863119bf4a1554c75dab1f6c5292
Certificate serial:       0194228E1F8534F2F79B96186F2FB535EBE8
Authority key identifier: B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/dCGcZg2F9Ea5zPZKvzxM5matRyQ.roa
Signing time:             Wed 01 Jan 2025 15:48:46 +0000
ROA not before:           Wed 01 Jan 2025 15:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215826
IP address blocks:        83.217.208.0/23 maxlen: 24
                          83.217.208.0/24 maxlen: 24
                          83.217.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:1f:85:34:f2:f7:9b:96:18:6f:2f:b5:35:eb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b541558181f7863119bf4a1554c75dab1f6c5292
        Validity
            Not Before: Jan  1 15:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74219c660d85f446b9ccf64abf3c4ce666ad4724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:bd:17:d6:68:47:44:d4:c3:91:72:8b:7b:
                    4f:da:99:60:27:d8:45:e1:6b:48:ec:bb:bf:59:33:
                    e8:b1:26:d2:50:77:8e:4d:54:73:bc:cf:37:eb:00:
                    b7:0b:3c:92:17:5f:97:7d:e2:c5:b6:f9:06:82:32:
                    62:fd:e4:1a:ec:47:27:0c:99:e7:00:94:fc:0a:17:
                    9b:83:32:48:e1:07:9b:e5:8d:db:22:7f:57:22:a4:
                    a8:97:46:8a:71:f6:1f:c5:a1:92:81:10:14:a5:bf:
                    7d:74:3b:34:1d:a6:56:92:22:a2:77:eb:80:d5:32:
                    40:c1:73:73:36:d3:8d:9e:d2:b5:91:7d:7f:07:d8:
                    7e:0d:9e:4c:bf:4f:88:0e:be:b2:13:61:bb:79:01:
                    20:7e:0e:c3:79:71:f4:93:13:2e:60:06:93:4c:87:
                    de:fb:65:07:59:9b:47:1e:50:7a:85:a3:f1:e4:9d:
                    65:21:e7:68:67:3e:ee:bb:c3:1d:f1:bf:d5:28:e5:
                    3b:f1:5b:e1:3e:81:6c:2b:fc:e6:bb:50:c0:c6:fe:
                    3f:4c:13:03:21:c9:6b:cd:2c:c9:e3:21:56:86:1f:
                    11:10:49:c2:87:a6:9f:da:fa:bf:ce:b4:d5:37:f9:
                    98:57:bd:b1:f8:35:0a:ea:ff:07:d5:e0:74:68:a8:
                    ad:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:21:9C:66:0D:85:F4:46:B9:CC:F6:4A:BF:3C:4C:E6:66:AD:47:24
            X509v3 Authority Key Identifier:
                keyid:B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/dCGcZg2F9Ea5zPZKvzxM5matRyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:2f:d4:80:87:84:97:57:22:94:6f:38:55:6f:4b:e5:81:94:
         eb:4d:e8:86:7c:f8:1b:32:76:4a:94:c7:67:e1:d7:22:04:e0:
         7b:bb:af:de:42:ce:19:b6:df:8c:73:29:6d:5e:f7:76:ce:c5:
         ef:84:ee:3a:41:01:31:1a:14:a4:c4:ab:65:4d:34:a0:e2:f3:
         e4:e8:77:17:df:63:b8:af:12:5a:23:f0:2a:5e:da:5b:65:2b:
         37:cf:8c:12:d4:48:27:13:6c:3b:8c:b7:76:53:9f:06:3a:f8:
         e6:ec:ab:06:2b:22:a6:0a:f3:8d:da:09:f8:6b:63:d6:10:94:
         22:ff:c0:9e:08:61:ad:f9:34:45:f3:8f:e2:b1:a8:38:0c:7c:
         73:2a:2e:51:78:11:a3:24:cf:53:e6:57:9a:62:04:61:54:fe:
         24:b6:4b:a0:8a:a5:26:24:5e:35:80:d1:31:32:f4:26:78:1d:
         7a:b0:a3:53:9c:1e:85:a3:c4:7c:be:a8:78:c6:7e:e0:d6:db:
         45:e4:f0:a5:a1:b8:f8:90:ad:96:01:f5:57:64:d4:a6:6c:61:
         41:3e:ad:bd:d8:5e:67:3a:0e:9b:a3:25:f5:0d:fd:e1:c8:12:
         c3:3c:e3:4c:d9:cd:81:47:7b:6a:81:29:18:1e:06:cc:07:d3:
         0c:5c:9c:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijh+FNPL3m5YYby+1NevoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDE1NTgxODFmNzg2MzExOWJmNGExNTU0Yzc1ZGFiMWY2
YzUyOTIwHhcNMjUwMTAxMTU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIxOWM2NjBkODVmNDQ2YjljY2Y2NGFiZjNjNGNlNjY2YWQ0NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4S9F9ZoR0TUw5Fyi3tP2plgJ9hF
4WtI7Lu/WTPosSbSUHeOTVRzvM836wC3CzySF1+XfeLFtvkGgjJi/eQa7EcnDJnn
AJT8ChebgzJI4Qeb5Y3bIn9XIqSol0aKcfYfxaGSgRAUpb99dDs0HaZWkiKid+uA
1TJAwXNzNtONntK1kX1/B9h+DZ5Mv0+IDr6yE2G7eQEgfg7DeXH0kxMuYAaTTIfe
+2UHWZtHHlB6haPx5J1lIedoZz7uu8Md8b/VKOU78VvhPoFsK/zmu1DAxv4/TBMD
IclrzSzJ4yFWhh8REEnCh6af2vq/zrTVN/mYV72x+DUK6v8H1eB0aKitCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQhnGYNhfRGucz2Sr88TOZmrUckMB8GA1UdIwQY
MBaAFLVBVYGB94YxGb9KFVTHXasfbFKSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMt
NTcxYjZjNjEyYmVjLzEvZENHY1pnMkY5RWE1elBaS3Z6eE01bWF0UnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMtNTcxYjZjNjEyYmVj
LzEvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU9nQMA0G
CSqGSIb3DQEBCwUAA4IBAQAOL9SAh4SXVyKUbzhVb0vlgZTrTeiGfPgbMnZKlMdn
4dciBOB7u6/eQs4Ztt+McyltXvd2zsXvhO46QQExGhSkxKtlTTSg4vPk6HcX32O4
rxJaI/AqXtpbZSs3z4wS1EgnE2w7jLd2U58GOvjm7KsGKyKmCvON2gn4a2PWEJQi
/8CeCGGt+TRF84/isag4DHxzKi5ReBGjJM9T5leaYgRhVP4ktkugiqUmJF41gNEx
MvQmeB16sKNTnB6Fo8R8vqh4xn7g1ttF5PClobj4kK2WAfVXZNSmbGFBPq292F5n
Og6boyX1Df3hyBLDPONM2c2BR3tqgSkYHgbMB9MMXJwl
-----END CERTIFICATE-----