Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/SowjmeTDIHzf-OhpbvfIY6JQlok.roa
File:                     SowjmeTDIHzf-OhpbvfIY6JQlok.roa (raw, json)
Hash identifier:          QwcwlrDysXsFU8lXg0XxBIyxHMy+lV45NChtUSwTuiI=
Subject key identifier:   4A:8C:23:99:E4:C3:20:7C:DF:F8:E8:69:6E:F7:C8:63:A2:50:96:89
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2549018E18735BF501322A0EBF4CE
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/SowjmeTDIHzf-OhpbvfIY6JQlok.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8398
IP address blocks:        82.179.128.0/21 maxlen: 21
                          82.179.136.0/22 maxlen: 23
                          82.179.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:54:90:18:e1:87:35:bf:50:13:22:a0:eb:f4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a8c2399e4c3207cdff8e8696ef7c863a2509689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:97:f8:58:87:6a:75:56:67:c4:26:0a:82:fa:
                    77:5b:4f:83:db:7b:0f:57:be:ce:ab:ae:86:1d:29:
                    56:ad:66:cf:4e:5d:c4:46:45:4f:02:43:41:3a:c9:
                    0e:db:30:8e:98:7b:f3:7b:61:85:bd:de:3c:57:70:
                    e2:74:ed:93:a2:dc:b7:a9:b4:17:46:c2:d3:5f:0d:
                    4f:b2:ef:80:b6:57:16:8e:c6:9e:19:22:07:89:a4:
                    db:15:11:c2:5f:5e:47:e5:77:a8:ae:f3:3f:4a:50:
                    d1:7b:7f:b0:44:e8:62:f8:72:02:96:d4:99:31:63:
                    a6:8e:25:bd:88:1d:8e:04:b2:d0:4b:54:54:b0:4b:
                    de:e0:ba:0a:6d:11:6b:53:f3:f2:fc:a5:3b:bd:4f:
                    b8:2b:26:ac:e7:89:ae:a9:2b:bd:ae:00:c5:a9:4a:
                    86:2a:21:15:ea:11:a0:94:8d:fd:0b:12:1f:56:ab:
                    55:aa:06:a8:86:53:af:54:6a:14:46:06:28:ff:b1:
                    cf:dd:3c:8b:d1:93:a5:1a:9f:c9:12:b7:8b:c5:df:
                    7e:00:3a:c7:04:12:ef:f5:ab:1e:ee:e7:f1:dd:45:
                    64:50:56:9c:46:68:a5:91:c4:ba:23:ac:b5:9f:ce:
                    d7:55:82:0e:0f:a7:59:dd:8e:3a:a2:ab:6e:ee:0f:
                    e1:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8C:23:99:E4:C3:20:7C:DF:F8:E8:69:6E:F7:C8:63:A2:50:96:89
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/SowjmeTDIHzf-OhpbvfIY6JQlok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.128.0-82.179.139.255
                  82.179.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:45:b9:99:1c:a6:2e:44:fe:29:33:2c:e4:0a:af:16:c7:d2:
         fe:d8:29:fb:c8:9b:4b:e7:32:05:b7:88:b9:67:d9:d7:d9:c9:
         f8:e6:d5:c4:c5:2e:3a:ea:67:b4:ae:b4:fb:d6:e6:29:fe:3d:
         5e:36:60:98:5c:a7:9f:8a:5d:12:89:56:f3:a2:06:8f:03:83:
         c8:17:75:e3:39:fc:f6:14:7b:ab:c1:b7:b7:c9:bc:5a:da:8c:
         99:aa:41:4d:28:af:cc:ff:76:43:6a:b8:dc:55:4c:39:95:45:
         b1:13:d9:db:e9:a2:53:62:f4:79:96:5f:bb:a2:ab:1b:70:1c:
         db:d6:55:b1:7d:d1:be:80:64:99:62:7c:cd:f8:b7:79:03:22:
         e4:02:46:9d:d8:b3:8a:46:59:19:a8:42:c9:2b:1d:c5:4e:d9:
         0e:94:93:72:ee:29:e8:de:79:b2:a4:c7:98:11:41:ae:1f:f2:
         10:a9:92:04:d7:54:91:64:39:c5:ca:ef:e8:71:46:6f:7f:78:
         f1:1e:9a:8b:ad:1c:63:c5:b2:f0:8e:93:b9:58:22:d0:61:d7:
         71:ea:74:6a:e6:6b:25:40:df:72:83:92:ca:8b:81:8a:69:cc:
         ad:56:32:0c:1c:e8:39:93:dd:a2:5a:30:0f:e2:f4:f7:50:2e:
         e5:82:da:a2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhslSQGOGHNb9QEyKg6/TOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YThjMjM5OWU0YzMyMDdjZGZmOGU4Njk2ZWY3Yzg2M2EyNTA5Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Zf4WIdqdVZnxCYKgvp3W0+D23sP
V77Oq66GHSlWrWbPTl3ERkVPAkNBOskO2zCOmHvze2GFvd48V3DidO2Toty3qbQX
RsLTXw1Psu+AtlcWjsaeGSIHiaTbFRHCX15H5XeorvM/SlDRe3+wROhi+HICltSZ
MWOmjiW9iB2OBLLQS1RUsEve4LoKbRFrU/Py/KU7vU+4Kyas54muqSu9rgDFqUqG
KiEV6hGglI39CxIfVqtVqgaohlOvVGoURgYo/7HP3TyL0ZOlGp/JEreLxd9+ADrH
BBLv9ase7ufx3UVkUFacRmilkcS6I6y1n87XVYIOD6dZ3Y46oqtu7g/hLwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEqMI5nkwyB83/joaW73yGOiUJaJMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvU293am1lVERJSHpmLU9ocGJ2ZklZNkpRbG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAdSs4AD
BAJSs4gDBAFSs44wDQYJKoZIhvcNAQELBQADggEBAGNFuZkcpi5E/ikzLOQKrxbH
0v7YKfvIm0vnMgW3iLln2dfZyfjm1cTFLjrqZ7SutPvW5in+PV42YJhcp5+KXRKJ
VvOiBo8Dg8gXdeM5/PYUe6vBt7fJvFrajJmqQU0or8z/dkNquNxVTDmVRbET2dvp
olNi9HmWX7uiqxtwHNvWVbF90b6AZJlifM34t3kDIuQCRp3Ys4pGWRmoQskrHcVO
2Q6Uk3LuKejeebKkx5gRQa4f8hCpkgTXVJFkOcXK7+hxRm9/ePEemoutHGPFsvCO
k7lYItBh13HqdGrmayVA33KDksqLgYppzK1WMgwc6DmT3aJaMA/i9PdQLuWC2qI=
-----END CERTIFICATE-----