Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/9DWEiMvtiL1gmRRHsHRphS7346k.roa
File:                     9DWEiMvtiL1gmRRHsHRphS7346k.roa (raw, json)
Hash identifier:          7SkARLd/6O+lg677F/DjxRMESqiAhYSUjLnPHU66g7k=
Subject key identifier:   F4:35:84:88:CB:ED:88:BD:60:99:14:47:B0:74:69:85:2E:F7:E3:A9
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B265C9B25B5E9D0D91C5919989B304
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/9DWEiMvtiL1gmRRHsHRphS7346k.roa
Signing time:             Wed 01 Jan 2025 11:48:47 +0000
ROA not before:           Wed 01 Jan 2025 11:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60722
IP address blocks:        82.137.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:65:c9:b2:5b:5e:9d:0d:91:c5:91:99:89:b3:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4358488cbed88bd60991447b07469852ef7e3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f7:d9:a8:f7:75:ad:94:d7:1b:85:a8:9d:8e:
                    1c:4b:73:e7:bf:0f:e7:30:f3:e4:48:04:1c:8d:1a:
                    8b:05:a1:7d:63:d2:23:f3:92:9a:e5:42:16:b2:61:
                    00:08:08:5a:54:a7:b7:db:9b:2b:6a:39:1b:40:68:
                    7c:2d:4e:f7:4f:cc:77:e9:56:f4:65:54:9d:20:c8:
                    45:1f:c0:33:d8:6e:3d:9e:74:fe:e6:cc:01:fd:2c:
                    a6:56:0f:a1:46:5a:42:8d:6f:3b:cb:0e:c3:34:6f:
                    b6:46:0c:41:23:aa:06:e1:b8:9c:77:67:9d:e4:9f:
                    07:52:14:4f:e3:21:a7:77:4c:93:ed:b7:04:ed:88:
                    6c:ba:97:73:c4:5f:68:73:5e:80:59:27:4d:e2:b8:
                    6c:cb:af:3f:07:e8:77:22:65:61:d4:cd:3e:0a:63:
                    03:8e:af:30:f9:df:00:f2:53:60:ac:1a:9a:fa:e0:
                    08:c0:9c:e3:fb:0d:2f:5c:fc:99:9c:89:64:96:19:
                    68:e2:48:f6:e3:94:be:52:91:1d:93:a5:e2:36:18:
                    ed:a0:91:bd:4e:16:6e:5b:c3:62:e3:79:6a:e7:8a:
                    a6:36:34:57:98:96:ef:d8:9a:ff:b8:5b:28:57:d0:
                    19:ce:6f:d1:3e:85:8b:0b:29:93:e9:1a:93:d9:de:
                    68:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:35:84:88:CB:ED:88:BD:60:99:14:47:B0:74:69:85:2E:F7:E3:A9
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/9DWEiMvtiL1gmRRHsHRphS7346k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.137.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:78:d5:17:33:0f:0c:2d:64:5e:4a:b8:6f:4f:18:59:d6:c7:
         c2:be:89:83:08:02:f2:a7:e1:0d:07:31:f7:aa:62:07:2b:e6:
         b3:c5:5f:0e:a2:9f:34:d7:ec:82:a4:b9:f5:f0:a5:c4:e1:1a:
         de:2a:9d:b8:2b:6f:c7:09:82:c1:26:4a:66:26:34:13:13:9c:
         22:b4:21:2a:62:1a:5c:2f:9d:05:2e:a3:a6:5c:7b:88:37:47:
         41:0b:94:c2:0c:da:e5:47:4f:8c:2e:82:e3:e4:df:3d:0e:d4:
         53:3b:1d:63:39:c9:37:02:f7:73:c5:dc:aa:11:12:11:90:52:
         6b:8a:80:2f:43:c9:0b:9c:84:e5:59:ba:38:0c:0a:34:f2:a6:
         0a:14:52:28:e6:01:0b:77:8b:22:e9:e2:6d:df:fb:78:4a:20:
         19:af:77:02:00:cb:41:b3:8c:66:65:da:08:fc:d7:1c:f3:f2:
         d0:28:70:61:4f:7a:2e:64:58:7a:2e:43:d8:1f:4d:a1:7e:5e:
         bf:40:44:d7:4b:28:41:bf:74:d3:34:21:fa:3d:17:b9:54:d3:
         03:bb:80:7d:5e:96:f5:d7:d9:da:bc:d3:13:d3:dd:b3:f8:db:
         f8:9d:ee:85:48:83:19:f0:48:94:b8:59:6d:ed:dc:db:c4:59:
         f1:ba:f0:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmXJsltenQ2RxZGZibMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDM1ODQ4OGNiZWQ4OGJkNjA5OTE0NDdiMDc0Njk4NTJlZjdlM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPfZqPd1rZTXG4WonY4cS3Pnvw/n
MPPkSAQcjRqLBaF9Y9Ij85Ka5UIWsmEACAhaVKe325srajkbQGh8LU73T8x36Vb0
ZVSdIMhFH8Az2G49nnT+5swB/SymVg+hRlpCjW87yw7DNG+2RgxBI6oG4bicd2ed
5J8HUhRP4yGnd0yT7bcE7YhsupdzxF9oc16AWSdN4rhsy68/B+h3ImVh1M0+CmMD
jq8w+d8A8lNgrBqa+uAIwJzj+w0vXPyZnIlklhlo4kj245S+UpEdk6XiNhjtoJG9
ThZuW8Ni43lq54qmNjRXmJbv2Jr/uFsoV9AZzm/RPoWLCymT6RqT2d5oaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQ1hIjL7Yi9YJkUR7B0aYUu9+OpMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvOURXRWlNdnRpTDFnbVJSSHNIUnBoUzczNDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUomjMA0G
CSqGSIb3DQEBCwUAA4IBAQBGeNUXMw8MLWReSrhvTxhZ1sfCvomDCALyp+ENBzH3
qmIHK+azxV8Oop801+yCpLn18KXE4RreKp24K2/HCYLBJkpmJjQTE5witCEqYhpc
L50FLqOmXHuIN0dBC5TCDNrlR0+MLoLj5N89DtRTOx1jOck3AvdzxdyqERIRkFJr
ioAvQ8kLnITlWbo4DAo08qYKFFIo5gELd4si6eJt3/t4SiAZr3cCAMtBs4xmZdoI
/Ncc8/LQKHBhT3ouZFh6LkPYH02hfl6/QETXSyhBv3TTNCH6PRe5VNMDu4B9Xpb1
19navNMT092z+Nv4ne6FSIMZ8EiUuFlt7dzbxFnxuvA0
-----END CERTIFICATE-----