Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/vUCrsmvv2hLrDVQjooPhAGhtB7M.roa
File:                     vUCrsmvv2hLrDVQjooPhAGhtB7M.roa (raw, json)
Hash identifier:          DdBn7OvB1HjQDAdya+D1j2328EikxgeXQxaT9ospJ84=
Subject key identifier:   BD:40:AB:B2:6B:EF:DA:12:EB:0D:54:23:A2:83:E1:00:68:6D:07:B3
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B25C7AB17E340E6BD31E291CF1315C
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/vUCrsmvv2hLrDVQjooPhAGhtB7M.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29581
IP address blocks:        82.179.16.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5c:7a:b1:7e:34:0e:6b:d3:1e:29:1c:f1:31:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd40abb26befda12eb0d5423a283e100686d07b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c8:15:d0:75:dd:37:2c:a8:ec:dd:0e:cd:4b:
                    41:6b:a6:2e:d6:dd:43:82:df:af:16:38:3b:d7:12:
                    78:17:de:cc:20:d0:58:ad:13:7b:f7:7f:71:41:39:
                    46:24:7c:c5:83:be:4b:56:15:6d:42:65:4d:5a:69:
                    3e:f2:9f:e3:28:5d:d9:e2:79:ab:76:b8:51:80:5d:
                    b4:e9:56:ea:50:c5:b4:1b:a0:13:d0:67:2b:27:c1:
                    53:49:11:5b:82:da:33:de:ad:8d:cf:1e:61:af:a8:
                    d0:31:89:37:fd:05:bf:8a:55:ed:f4:b4:f6:9f:2a:
                    c4:34:b6:49:17:23:67:a9:3b:f1:3e:59:4c:33:bb:
                    40:0e:9f:0e:75:6c:75:b1:54:1c:08:7a:5a:ee:e2:
                    24:57:99:89:9f:3f:da:88:41:2f:ff:f6:91:8b:ba:
                    bb:bc:5d:ea:b1:f2:8e:3d:2e:ac:00:b4:22:a6:38:
                    38:fc:13:c5:18:c1:8f:e2:fa:ba:dd:2a:64:84:70:
                    b5:0f:60:98:51:55:5a:56:18:4b:88:c3:02:44:5a:
                    a9:43:e7:c8:80:3e:78:2e:78:42:1c:f6:e5:eb:60:
                    9b:2f:29:c9:56:9a:c3:25:d9:67:bb:2a:16:c8:5a:
                    3d:c0:8d:79:86:3a:9c:97:3f:db:26:d5:94:af:88:
                    ce:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:40:AB:B2:6B:EF:DA:12:EB:0D:54:23:A2:83:E1:00:68:6D:07:B3
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/vUCrsmvv2hLrDVQjooPhAGhtB7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.179.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         49:ab:fd:3a:c6:d9:12:2f:e2:07:df:6c:ab:6a:3b:76:14:5c:
         19:b4:ae:db:70:fc:f2:5a:70:e7:88:d2:fb:8d:02:ec:5f:89:
         f1:ac:23:65:ba:b6:13:80:7c:fa:2e:fd:d5:9b:47:e5:a7:b9:
         2c:54:e6:49:4a:e3:1a:22:7b:a2:fd:b0:fb:ca:80:9d:ac:8f:
         de:1f:b1:61:f8:40:2f:06:b8:67:c1:8c:e1:85:ad:c9:a4:3f:
         1d:54:30:38:94:d5:bc:3e:cd:b9:ae:21:4a:cf:a0:36:37:6d:
         a3:3a:3f:2c:d0:75:53:90:42:98:6e:b6:a3:19:50:15:4f:81:
         07:70:72:ac:b4:24:a5:87:ab:89:7b:59:cf:c6:2c:cc:6e:9c:
         05:cb:42:c9:0b:8a:aa:96:d3:d4:49:01:9d:e1:db:26:70:d0:
         d0:a6:ff:aa:9c:c0:f9:0d:42:8d:b2:91:0f:a7:af:bb:3f:81:
         f9:33:49:58:06:30:94:86:bf:41:7c:d3:e3:53:de:63:7d:e5:
         2e:e1:7c:c5:04:88:de:c0:2f:4e:e3:98:bf:6d:19:e2:12:2a:
         84:fc:98:6f:27:84:5f:88:61:be:5a:81:da:e2:6f:cc:a4:bc:
         cb:91:89:ea:43:25:79:64:33:fb:95:35:ee:39:de:24:df:5d:
         a4:20:68:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslx6sX40DmvTHikc8TFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQwYWJiMjZiZWZkYTEyZWIwZDU0MjNhMjgzZTEwMDY4NmQwN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncgV0HXdNyyo7N0OzUtBa6Yu1t1D
gt+vFjg71xJ4F97MINBYrRN7939xQTlGJHzFg75LVhVtQmVNWmk+8p/jKF3Z4nmr
drhRgF206VbqUMW0G6AT0GcrJ8FTSRFbgtoz3q2Nzx5hr6jQMYk3/QW/ilXt9LT2
nyrENLZJFyNnqTvxPllMM7tADp8OdWx1sVQcCHpa7uIkV5mJnz/aiEEv//aRi7q7
vF3qsfKOPS6sALQipjg4/BPFGMGP4vq63SpkhHC1D2CYUVVaVhhLiMMCRFqpQ+fI
gD54LnhCHPbl62CbLynJVprDJdlnuyoWyFo9wI15hjqclz/bJtWUr4jO/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1Aq7Jr79oS6w1UI6KD4QBobQezMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvdlVDcnNtdnYyaExyRFZRam9vUGhBR2h0QjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUrMQMA0G
CSqGSIb3DQEBCwUAA4IBAQBJq/06xtkSL+IH32yrajt2FFwZtK7bcPzyWnDniNL7
jQLsX4nxrCNlurYTgHz6Lv3Vm0flp7ksVOZJSuMaInui/bD7yoCdrI/eH7Fh+EAv
BrhnwYzhha3JpD8dVDA4lNW8Ps25riFKz6A2N22jOj8s0HVTkEKYbrajGVAVT4EH
cHKstCSlh6uJe1nPxizMbpwFy0LJC4qqltPUSQGd4dsmcNDQpv+qnMD5DUKNspEP
p6+7P4H5M0lYBjCUhr9BfNPjU95jfeUu4XzFBIjewC9O45i/bRniEiqE/JhvJ4Rf
iGG+WoHa4m/MpLzLkYnqQyV5ZDP7lTXuOd4k312kIGjW
-----END CERTIFICATE-----