Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/jZbn980Z5jgwyD8nYDhBM2SUZzY.roa
File:                     jZbn980Z5jgwyD8nYDhBM2SUZzY.roa (raw, json)
Hash identifier:          ymD5LIB41wZwfLK0/6vvmvDygxNTSIULPrinVKIlw5k=
Subject key identifier:   8D:96:E7:F7:CD:19:E6:38:30:C8:3F:27:60:38:41:33:64:94:67:36
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B2685D7ED769D953BCA2DAF936F976
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/jZbn980Z5jgwyD8nYDhBM2SUZzY.roa
Signing time:             Wed 01 Jan 2025 11:48:47 +0000
ROA not before:           Wed 01 Jan 2025 11:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202689
IP address blocks:        82.179.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:68:5d:7e:d7:69:d9:53:bc:a2:da:f9:36:f9:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d96e7f7cd19e63830c83f276038413364946736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f2:fe:13:88:47:73:84:1e:e7:97:e5:8e:a7:
                    84:39:32:b3:2a:b4:97:d4:5c:bb:01:59:2b:75:30:
                    8c:35:79:ae:9c:e0:2d:20:8d:9b:33:3f:f7:09:3d:
                    2e:4c:bc:2c:4a:69:d8:f5:23:57:ec:68:ba:f7:8a:
                    70:ad:c2:6c:4c:0e:78:da:97:a3:12:71:6c:9c:34:
                    da:0b:53:3b:30:22:fc:a7:b8:d8:7a:5a:80:b8:31:
                    0e:97:c2:0e:dc:46:a6:d6:35:02:5d:31:a0:ce:2d:
                    ec:1d:04:dd:e0:8d:a3:af:cd:96:35:3b:2d:bf:60:
                    f2:c5:4d:22:37:68:bc:17:60:ec:e2:5b:bd:56:98:
                    bf:b2:e0:56:0e:90:33:c1:3b:f4:fe:52:78:3f:fc:
                    5d:d7:1a:bc:54:c7:73:0f:d6:11:bd:d5:32:26:bb:
                    17:da:57:11:52:44:7b:a4:60:be:26:b0:ff:4d:82:
                    b0:31:19:be:54:1e:9a:d4:6d:99:b6:16:24:68:35:
                    cc:d3:30:35:5a:32:8e:41:0f:65:51:1c:1c:64:6a:
                    bc:b3:37:76:b2:f8:06:9c:2f:69:75:6b:9f:c4:6b:
                    9a:d7:e3:1f:9a:b4:39:64:53:c9:ce:36:9c:6a:33:
                    a1:87:57:17:56:f7:37:6a:a5:50:43:1f:5a:b6:57:
                    41:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:96:E7:F7:CD:19:E6:38:30:C8:3F:27:60:38:41:33:64:94:67:36
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/jZbn980Z5jgwyD8nYDhBM2SUZzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:5b:25:88:e7:aa:2f:f7:43:49:cd:29:75:e8:0e:a1:46:9f:
         f9:20:ab:f9:a3:4a:a6:bf:f2:6e:15:22:c5:c8:c0:b3:ef:84:
         cf:a5:e1:1c:99:a3:62:6d:30:a8:b1:a6:f9:42:42:1d:23:87:
         24:cb:6b:19:1f:de:5c:cb:4d:7d:5f:ca:59:15:14:2d:18:30:
         02:6b:a9:c7:91:fd:f7:57:01:6c:3e:4f:96:bf:aa:8b:8a:34:
         28:a1:f5:70:57:8a:05:2f:76:2c:bb:a7:e6:ae:dc:a6:2d:b2:
         d5:28:c1:c0:e5:cd:d7:b7:91:66:e6:b4:66:1e:2e:b8:f0:88:
         0f:b9:46:b6:07:86:13:65:ae:01:dc:50:0f:c7:32:73:54:7d:
         5b:2e:4b:9d:64:e4:08:22:c4:b2:12:bc:b0:7b:1e:48:13:e9:
         5d:9a:b3:75:33:c7:cd:23:30:7f:e3:22:47:73:96:9e:59:35:
         d0:ff:86:7b:a4:4e:88:88:47:ba:e1:29:99:d6:dc:8f:9b:87:
         dd:09:ef:0a:08:62:0a:88:15:c5:d7:e9:35:5d:25:e8:91:3e:
         4d:4c:85:7d:b1:c1:56:d5:99:5b:ee:56:c4:be:05:91:98:0d:
         fc:ae:7a:d0:03:43:b4:00:c0:50:d5:23:93:d1:15:fe:78:63:
         e0:95:59:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsmhdftdp2VO8otr5Nvl2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDk2ZTdmN2NkMTllNjM4MzBjODNmMjc2MDM4NDEzMzY0OTQ2NzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPL+E4hHc4Qe55fljqeEOTKzKrSX
1Fy7AVkrdTCMNXmunOAtII2bMz/3CT0uTLwsSmnY9SNX7Gi694pwrcJsTA542pej
EnFsnDTaC1M7MCL8p7jYelqAuDEOl8IO3Eam1jUCXTGgzi3sHQTd4I2jr82WNTst
v2DyxU0iN2i8F2Ds4lu9Vpi/suBWDpAzwTv0/lJ4P/xd1xq8VMdzD9YRvdUyJrsX
2lcRUkR7pGC+JrD/TYKwMRm+VB6a1G2ZthYkaDXM0zA1WjKOQQ9lURwcZGq8szd2
svgGnC9pdWufxGua1+MfmrQ5ZFPJzjacajOhh1cXVvc3aqVQQx9atldBNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2W5/fNGeY4MMg/J2A4QTNklGc2MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvalpibjk4MFo1amd3eUQ4bllEaEJNMlNVWnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrP3MA0G
CSqGSIb3DQEBCwUAA4IBAQA3WyWI56ov90NJzSl16A6hRp/5IKv5o0qmv/JuFSLF
yMCz74TPpeEcmaNibTCosab5QkIdI4cky2sZH95cy019X8pZFRQtGDACa6nHkf33
VwFsPk+Wv6qLijQoofVwV4oFL3Ysu6fmrtymLbLVKMHA5c3Xt5Fm5rRmHi648IgP
uUa2B4YTZa4B3FAPxzJzVH1bLkudZOQIIsSyErywex5IE+ldmrN1M8fNIzB/4yJH
c5aeWTXQ/4Z7pE6IiEe64SmZ1tyPm4fdCe8KCGIKiBXF1+k1XSXokT5NTIV9scFW
1Zlb7lbEvgWRmA38rnrQA0O0AMBQ1SOT0RX+eGPglVkn
-----END CERTIFICATE-----