Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/eROjgmVbGqsDWuymBuBEgN-cW1c.roa
File:                     eROjgmVbGqsDWuymBuBEgN-cW1c.roa (raw, json)
Hash identifier:          Nk/PV4BV8DFqqsIG1LdGBfrY7RxQ3vvbjaRR9bGCKck=
Subject key identifier:   79:13:A3:82:65:5B:1A:AB:03:5A:EC:A6:06:E0:44:80:DF:9C:5B:57
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B25D0C9D4A27186B6F517AF4F6CF82
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/eROjgmVbGqsDWuymBuBEgN-cW1c.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34707
IP address blocks:        82.179.0.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5d:0c:9d:4a:27:18:6b:6f:51:7a:f4:f6:cf:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7913a382655b1aab035aeca606e04480df9c5b57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:2a:c4:15:f1:18:a9:7a:30:88:af:87:76:
                    61:11:12:19:58:50:f4:30:ba:98:35:6c:0e:b8:16:
                    2a:6e:db:6e:2e:16:5c:b0:8b:ee:01:87:64:c9:3e:
                    ed:47:fa:99:49:96:4b:a1:d0:e0:59:ec:4d:e0:dc:
                    2a:20:87:32:31:1e:18:b4:f8:7c:e2:40:cb:bc:ad:
                    bb:cb:41:be:17:cb:fe:9a:e2:af:f2:fc:78:15:51:
                    eb:4b:5b:55:36:a1:48:6e:8c:b5:ef:2e:09:d9:cf:
                    ce:19:48:17:5e:6b:5b:47:bc:26:73:c7:a8:49:75:
                    73:fa:d4:f3:c5:46:bd:43:41:ba:b8:7c:35:cf:d3:
                    8b:91:07:f2:c5:bc:7f:08:a0:61:1f:13:76:dd:19:
                    16:05:74:a4:97:ae:ef:cb:0e:e4:67:71:08:b5:67:
                    f1:d9:da:db:28:40:52:32:f8:0f:bf:70:06:96:60:
                    5b:8e:74:2c:c0:4b:21:f6:53:e0:0d:bf:d0:2a:25:
                    b1:28:36:5c:cb:d0:dc:46:7f:33:cc:03:f0:b2:62:
                    f1:7f:dd:5e:d0:df:4b:04:15:c5:ff:a4:a2:9c:c8:
                    99:2e:7b:2f:9a:80:a4:d7:78:d8:1d:36:74:a1:15:
                    4e:a8:20:ba:2d:3a:a3:ea:b7:5e:63:d6:cd:23:75:
                    e6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:13:A3:82:65:5B:1A:AB:03:5A:EC:A6:06:E0:44:80:DF:9C:5B:57
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/eROjgmVbGqsDWuymBuBEgN-cW1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         05:0b:13:19:77:73:3a:cc:c6:ce:cc:d3:1b:69:fa:cf:b1:52:
         07:49:ca:06:93:1d:a6:19:62:85:51:26:a8:e4:b6:f2:6f:1a:
         3e:b8:5d:56:11:79:a3:3b:aa:e8:21:7f:6f:0f:8e:09:5b:cc:
         dc:cf:81:b4:fb:6a:3f:38:76:bb:ff:93:5d:90:b0:49:56:01:
         20:20:95:e2:7e:41:5c:ba:1b:d6:01:75:bc:17:14:56:36:1e:
         f3:aa:a4:e8:40:b4:0f:eb:91:4c:37:30:b3:21:3f:91:67:4d:
         af:d0:d5:e5:ce:6b:58:4b:30:ec:0a:6c:00:54:db:8d:d1:2b:
         6d:60:63:5d:04:db:f0:95:e8:80:81:fd:f0:c8:1c:09:4a:e5:
         ec:f9:15:56:a3:59:46:e5:52:67:e0:ed:54:20:e3:e5:a1:b0:
         c7:b1:6e:f8:41:c1:e6:41:f5:63:3f:a9:d8:6c:d6:53:f1:59:
         2d:bb:52:e4:2e:87:74:c1:01:f4:3b:7b:94:1a:6f:fc:59:02:
         98:6e:98:55:fe:3e:a0:71:57:20:1d:30:97:81:a7:52:73:36:
         1c:74:03:0b:a2:52:80:6f:48:0d:91:cc:e0:df:b6:02:21:48:
         6b:78:07:8d:66:65:80:f6:9b:0f:a7:d1:20:5b:f0:70:5c:91:
         96:ff:f1:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsl0MnUonGGtvUXr09s+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTEzYTM4MjY1NWIxYWFiMDM1YWVjYTYwNmUwNDQ4MGRmOWM1YjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIMqxBXxGKl6MIivh3ZhERIZWFD0
MLqYNWwOuBYqbttuLhZcsIvuAYdkyT7tR/qZSZZLodDgWexN4NwqIIcyMR4YtPh8
4kDLvK27y0G+F8v+muKv8vx4FVHrS1tVNqFIboy17y4J2c/OGUgXXmtbR7wmc8eo
SXVz+tTzxUa9Q0G6uHw1z9OLkQfyxbx/CKBhHxN23RkWBXSkl67vyw7kZ3EItWfx
2drbKEBSMvgPv3AGlmBbjnQswEsh9lPgDb/QKiWxKDZcy9DcRn8zzAPwsmLxf91e
0N9LBBXF/6SinMiZLnsvmoCk13jYHTZ0oRVOqCC6LTqj6rdeY9bNI3Xm2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkTo4JlWxqrA1rspgbgRIDfnFtXMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvZVJPamdtVmJHcXNEV3V5bUJ1QkVnTi1jVzFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUrMAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFCxMZd3M6zMbOzNMbafrPsVIHScoGkx2mGWKFUSao
5Lbybxo+uF1WEXmjO6roIX9vD44JW8zcz4G0+2o/OHa7/5NdkLBJVgEgIJXifkFc
uhvWAXW8FxRWNh7zqqToQLQP65FMNzCzIT+RZ02v0NXlzmtYSzDsCmwAVNuN0Stt
YGNdBNvwleiAgf3wyBwJSuXs+RVWo1lG5VJn4O1UIOPlobDHsW74QcHmQfVjP6nY
bNZT8Vktu1LkLod0wQH0O3uUGm/8WQKYbphV/j6gcVcgHTCXgadSczYcdAMLolKA
b0gNkczg37YCIUhreAeNZmWA9psPp9EgW/BwXJGW//GD
-----END CERTIFICATE-----