Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/erPhDivZpsn-wBeQUe2sEqiOQmA.roa
File:                     erPhDivZpsn-wBeQUe2sEqiOQmA.roa (raw, json)
Hash identifier:          IEQfrA6yweY/EFz4JT9NKTYkLAZ78M9rvVekfWYIhx8=
Subject key identifier:   7A:B3:E1:0E:2B:D9:A6:C9:FE:C0:17:90:51:ED:AC:12:A8:8E:42:60
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B254F428B322A9A8A0BC64B7B8424F
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/erPhDivZpsn-wBeQUe2sEqiOQmA.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8409
IP address blocks:        83.149.250.0/24 maxlen: 24
                          188.93.104.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:54:f4:28:b3:22:a9:a8:a0:bc:64:b7:b8:42:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ab3e10e2bd9a6c9fec0179051edac12a88e4260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:50:7c:51:00:b2:aa:d0:7e:ba:e5:16:23:19:
                    08:e4:2c:71:bd:ab:02:52:63:d2:18:ad:88:c8:65:
                    44:25:0b:ea:cb:c2:e2:76:04:ce:25:d3:19:7c:1e:
                    bf:03:f7:d1:3e:75:4c:e5:68:93:66:e9:c9:5b:86:
                    13:a6:78:1c:cd:c0:b5:95:9e:63:74:8d:df:df:e4:
                    31:bb:3b:a4:54:4d:76:e5:95:b7:29:9e:eb:4e:5a:
                    c1:0e:c0:e6:1b:22:e6:33:61:04:7d:fd:ef:a4:71:
                    97:dd:43:16:4e:a1:ad:61:f4:eb:72:70:f6:dd:40:
                    d6:08:62:dc:94:f6:4c:18:23:d6:55:cc:59:c0:0e:
                    28:d0:b7:a1:29:7b:29:d3:65:e6:47:9b:82:18:2b:
                    ed:5b:c2:80:a2:e8:a6:8c:61:13:82:8e:5e:a8:c6:
                    d3:22:45:83:1a:54:75:d6:3f:fb:af:9a:a9:84:40:
                    a7:43:3d:66:43:24:c7:83:50:d6:dc:49:f2:47:39:
                    97:c0:13:3a:86:b0:c1:6e:37:53:71:85:93:bb:10:
                    f9:81:9a:47:93:07:51:76:5d:27:e2:2c:d6:b5:ef:
                    87:0e:9c:69:f4:84:40:9a:4d:58:15:40:70:74:a3:
                    69:34:58:56:8c:4c:b8:cc:8f:52:6d:54:d7:77:00:
                    e6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B3:E1:0E:2B:D9:A6:C9:FE:C0:17:90:51:ED:AC:12:A8:8E:42:60
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/erPhDivZpsn-wBeQUe2sEqiOQmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.149.250.0/24
                  188.93.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:51:3c:09:c4:8c:5e:0c:b8:d3:04:1a:04:02:74:a8:6c:b8:
         11:80:95:d6:4d:84:29:8e:41:48:f4:fd:ee:f8:82:de:86:4c:
         fa:7d:bc:b1:6c:85:a2:fd:42:b1:15:2e:ff:8f:7d:fc:11:4c:
         1e:b7:c9:3a:0e:52:8f:e3:85:df:3f:05:5f:da:33:0b:8d:57:
         79:20:27:e4:ac:f3:f2:33:d1:e2:20:65:8e:5d:7b:0c:15:a5:
         34:e7:bf:f7:09:5c:7b:e5:bc:bc:e8:c7:7b:8a:50:65:ef:52:
         54:7b:7d:00:39:1d:71:52:e2:d7:d0:b6:e9:4c:4b:d6:f7:b0:
         43:8d:f1:5a:fd:47:ab:3b:bb:a4:ba:d6:a7:89:1e:47:6c:f4:
         b1:7b:bb:04:3c:bb:df:eb:11:c8:8f:a1:16:c2:cb:a1:48:4e:
         82:25:6f:33:62:a5:4d:23:5c:ef:58:5b:de:c2:56:41:88:e0:
         32:94:12:85:c8:70:6d:39:29:ef:e3:c7:b5:aa:eb:a4:27:c6:
         cc:8e:a6:a2:66:e7:97:74:a2:a5:63:74:4f:e8:67:eb:e5:1e:
         60:90:13:7b:36:7f:cb:c6:b9:2b:f0:f9:6e:7d:1e:06:a2:0a:
         5b:87:88:8b:ee:90:53:b7:2e:89:5e:e9:b9:db:82:b6:c4:00:
         ec:98:85:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhslT0KLMiqaigvGS3uEJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWIzZTEwZTJiZDlhNmM5ZmVjMDE3OTA1MWVkYWMxMmE4OGU0MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1B8UQCyqtB+uuUWIxkI5CxxvasC
UmPSGK2IyGVEJQvqy8LidgTOJdMZfB6/A/fRPnVM5WiTZunJW4YTpngczcC1lZ5j
dI3f3+QxuzukVE125ZW3KZ7rTlrBDsDmGyLmM2EEff3vpHGX3UMWTqGtYfTrcnD2
3UDWCGLclPZMGCPWVcxZwA4o0LehKXsp02XmR5uCGCvtW8KAouimjGETgo5eqMbT
IkWDGlR11j/7r5qphECnQz1mQyTHg1DW3EnyRzmXwBM6hrDBbjdTcYWTuxD5gZpH
kwdRdl0n4izWte+HDpxp9IRAmk1YFUBwdKNpNFhWjEy4zI9SbVTXdwDmbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHqz4Q4r2abJ/sAXkFHtrBKojkJgMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvZXJQaERpdlpwc24td0JlUVVlMnNFcWlPUW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU5X6AwQB
vF1oMA0GCSqGSIb3DQEBCwUAA4IBAQAqUTwJxIxeDLjTBBoEAnSobLgRgJXWTYQp
jkFI9P3u+ILehkz6fbyxbIWi/UKxFS7/j338EUwet8k6DlKP44XfPwVf2jMLjVd5
ICfkrPPyM9HiIGWOXXsMFaU057/3CVx75by86Md7ilBl71JUe30AOR1xUuLX0Lbp
TEvW97BDjfFa/UerO7ukutaniR5HbPSxe7sEPLvf6xHIj6EWwsuhSE6CJW8zYqVN
I1zvWFvewlZBiOAylBKFyHBtOSnv48e1quukJ8bMjqaiZueXdKKlY3RP6Gfr5R5g
kBN7Nn/Lxrkr8PlufR4Gogpbh4iL7pBTty6JXum524K2xADsmIVw
-----END CERTIFICATE-----