Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/_nJ9O8gex-k4jRKrPQ4uRT_TRHE.roa
File:                     _nJ9O8gex-k4jRKrPQ4uRT_TRHE.roa (raw, json)
Hash identifier:          xdprRCuvio5Qk7tcufJ6EYezft5Nhw+umVpoknyKJgI=
Subject key identifier:   FE:72:7D:3B:C8:1E:C7:E9:38:8D:12:AB:3D:0E:2E:45:3F:D3:44:71
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B25B7E16FA798423AE1CB20167790B
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/_nJ9O8gex-k4jRKrPQ4uRT_TRHE.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29147
IP address blocks:        82.137.156.0/24 maxlen: 24
                          2001:b08:a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5b:7e:16:fa:79:84:23:ae:1c:b2:01:67:79:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe727d3bc81ec7e9388d12ab3d0e2e453fd34471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:eb:cc:b8:1e:3d:24:20:ac:cb:9b:67:a1:05:
                    12:db:0f:78:bc:b7:01:71:f6:f9:b2:8a:7a:4a:24:
                    40:41:52:83:38:15:21:2d:4b:ef:ac:c1:0a:1c:09:
                    13:d9:d7:8d:fa:6b:aa:c3:fc:98:17:a9:9d:c3:30:
                    b2:70:a7:21:ea:c6:e5:56:92:7c:e1:a8:d3:39:50:
                    0c:6d:e1:06:6e:cb:d6:18:c7:46:97:8e:11:b9:f6:
                    46:5c:0c:03:e6:b9:f7:b9:5f:3e:fb:d1:53:8e:e2:
                    72:78:ae:14:03:54:85:9b:77:18:20:07:e3:56:59:
                    76:75:11:96:31:63:ba:45:83:52:5a:c8:ad:5d:8e:
                    25:5b:12:6d:82:8e:ce:89:dc:75:26:47:60:21:a6:
                    24:53:a7:5d:d7:30:a9:4a:1f:7f:0b:0c:7b:13:06:
                    d2:a0:e7:7b:74:88:0c:2d:bf:b0:54:0d:d5:a5:ed:
                    17:7d:1b:84:c1:df:79:9a:ee:2c:51:c7:75:aa:69:
                    9f:23:e7:9c:a1:62:6c:a6:09:52:df:52:b9:ad:28:
                    45:d7:9e:8b:e1:3e:8c:bf:fb:b6:b3:6f:6b:8d:56:
                    b1:06:dc:7b:fe:ee:a2:d7:7d:99:e2:41:cd:53:a0:
                    92:83:c6:76:e9:c1:8f:64:f1:34:e3:4b:b9:62:89:
                    75:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:72:7D:3B:C8:1E:C7:E9:38:8D:12:AB:3D:0E:2E:45:3F:D3:44:71
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/_nJ9O8gex-k4jRKrPQ4uRT_TRHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.137.156.0/24
                IPv6:
                  2001:b08:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:cc:3b:ac:15:ff:f8:74:58:30:e5:93:28:a1:d0:35:91:f4:
         f6:99:30:79:2d:6f:17:46:2c:13:be:3f:a6:85:72:04:de:7f:
         d3:b8:93:a2:91:48:48:15:cb:18:fd:9b:0e:22:91:58:53:59:
         fc:3d:0b:4d:b1:87:4a:c7:7a:f9:5c:2f:38:e8:ce:44:36:a4:
         d4:5a:8c:1b:42:c4:a4:a6:d5:d5:75:d3:20:28:ad:d6:a6:51:
         a9:7c:a0:ec:93:9c:01:d6:53:1f:df:4b:a9:ee:74:0f:e5:52:
         a1:51:84:73:a2:1b:6f:63:65:e6:3a:b6:39:83:05:32:b3:dd:
         f4:44:2e:e4:dc:5d:64:c5:bd:89:85:3d:b3:7d:12:5c:50:73:
         41:73:b7:d8:be:85:1a:37:f7:e9:83:9b:be:40:7c:62:7d:d5:
         38:d6:90:cd:ca:ff:eb:2b:bc:bd:ac:28:6f:41:b0:ea:4a:0f:
         3b:c3:75:58:7c:43:21:7a:2e:28:bd:4b:ef:0d:cb:42:07:31:
         1b:2f:e0:66:09:70:04:9a:f2:06:ad:0e:42:8b:fa:f9:77:22:
         ef:20:37:f8:b2:e2:11:a1:c6:b9:8e:c1:91:c9:67:ea:79:5a:
         11:bb:dd:4f:ad:58:64:96:12:51:90:77:8d:32:30:e4:8f:68:
         c5:02:14:d6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhslt+Fvp5hCOuHLIBZ3kLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTcyN2QzYmM4MWVjN2U5Mzg4ZDEyYWIzZDBlMmU0NTNmZDM0NDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOvMuB49JCCsy5tnoQUS2w94vLcB
cfb5sop6SiRAQVKDOBUhLUvvrMEKHAkT2deN+muqw/yYF6mdwzCycKch6sblVpJ8
4ajTOVAMbeEGbsvWGMdGl44RufZGXAwD5rn3uV8++9FTjuJyeK4UA1SFm3cYIAfj
Vll2dRGWMWO6RYNSWsitXY4lWxJtgo7Oidx1JkdgIaYkU6dd1zCpSh9/Cwx7EwbS
oOd7dIgMLb+wVA3Vpe0XfRuEwd95mu4sUcd1qmmfI+ecoWJspglS31K5rShF156L
4T6Mv/u2s29rjVaxBtx7/u6i132Z4kHNU6CSg8Z26cGPZPE040u5Yol1UwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP5yfTvIHsfpOI0Sqz0OLkU/00RxMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvX25KOU84Z2V4LWs0alJLclBRNHVSVF9UUkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUomcMA8E
AgACMAkDBwAgAQsIAAowDQYJKoZIhvcNAQELBQADggEBAB3MO6wV//h0WDDlkyih
0DWR9PaZMHktbxdGLBO+P6aFcgTef9O4k6KRSEgVyxj9mw4ikVhTWfw9C02xh0rH
evlcLzjozkQ2pNRajBtCxKSm1dV10yAordamUal8oOyTnAHWUx/fS6nudA/lUqFR
hHOiG29jZeY6tjmDBTKz3fRELuTcXWTFvYmFPbN9ElxQc0Fzt9i+hRo39+mDm75A
fGJ91TjWkM3K/+srvL2sKG9BsOpKDzvDdVh8QyF6Lii9S+8Ny0IHMRsv4GYJcASa
8gatDkKL+vl3Iu8gN/iy4hGhxrmOwZHJZ+p5WhG73U+tWGSWElGQd40yMOSPaMUC
FNY=
-----END CERTIFICATE-----