Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ogNoWyvyAJ_ciRQtRuzik7bpwgs.roa
File:                     ogNoWyvyAJ_ciRQtRuzik7bpwgs.roa (raw, json)
Hash identifier:          03kYSBscd+RLLeN+/Mp6hogzNu37hHBpU5C6NHr2LHU=
Subject key identifier:   A2:03:68:5B:2B:F2:00:9F:DC:89:14:2D:46:EC:E2:93:B6:E9:C2:0B
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747F347A0592BFD6A2A562C709474F9
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ogNoWyvyAJ_ciRQtRuzik7bpwgs.roa
Signing time:             Thu 02 Jan 2025 13:50:14 +0000
ROA not before:           Thu 02 Jan 2025 13:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57705
IP address blocks:        83.228.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f3:47:a0:59:2b:fd:6a:2a:56:2c:70:94:74:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a203685b2bf2009fdc89142d46ece293b6e9c20b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:27:ec:8b:f0:5e:b1:61:b3:9a:d7:2a:85:
                    83:ad:9e:81:8c:34:22:e9:b2:24:d7:5d:c9:a3:7a:
                    91:1d:29:00:f3:fd:34:75:a8:88:0f:a8:20:59:a5:
                    b4:38:08:e8:02:ad:54:f4:3b:c1:c7:80:d6:14:b4:
                    f7:a9:13:80:41:38:69:b3:82:66:90:0a:dd:46:2c:
                    2d:51:eb:e2:f1:ea:30:de:d2:e6:70:41:a9:99:aa:
                    71:bd:69:ad:c0:4b:34:60:fd:96:1e:57:15:74:3b:
                    18:ee:c8:81:d4:27:12:25:7d:50:1c:34:e7:bb:ef:
                    b6:05:7c:a1:46:d0:e7:38:61:83:54:21:c1:79:80:
                    c9:64:bf:db:95:4b:f4:3c:26:1c:84:8e:30:41:34:
                    6a:a0:15:0b:4b:9d:6b:b3:33:3f:25:2c:60:39:ef:
                    8a:eb:d1:da:ae:97:65:5d:08:34:55:94:1e:6a:24:
                    d2:e6:a0:c0:23:75:00:ff:ac:3b:ef:4b:5c:89:4b:
                    fc:ec:f9:3b:d7:99:56:01:5f:09:31:2d:62:09:42:
                    25:1b:5f:d8:8e:1b:8b:fb:a6:02:f8:80:e3:4c:8a:
                    91:6f:4f:b2:a7:5a:2b:93:62:f1:c0:1d:a5:7d:86:
                    95:72:c2:f6:17:d9:0d:9c:40:e5:6d:1e:ec:e5:2f:
                    d2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:03:68:5B:2B:F2:00:9F:DC:89:14:2D:46:EC:E2:93:B6:E9:C2:0B
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ogNoWyvyAJ_ciRQtRuzik7bpwgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.228.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ae:a5:6a:2b:fb:13:57:06:ea:e4:c7:0e:3f:57:02:20:20:
         c9:a0:5f:2a:eb:30:97:31:a5:03:23:85:6d:14:b6:f5:81:b2:
         19:00:8e:f9:66:e3:0b:c7:2b:fb:92:3f:26:ae:f2:55:f6:63:
         c5:9e:fe:86:66:58:83:30:83:b2:f3:eb:1d:fa:51:6d:87:62:
         dc:dd:76:b4:0b:ce:9a:23:78:0f:3f:87:55:f7:11:68:40:21:
         a1:85:b7:ae:5d:8d:91:ca:b6:4d:b3:ac:7f:20:2a:c6:22:a9:
         b5:72:45:f6:7a:ab:5c:2c:20:ee:e3:a6:34:f5:e2:aa:d7:cb:
         81:da:73:21:55:a4:ae:13:e1:7d:b7:3e:e9:04:8a:44:9c:8d:
         8b:18:3d:93:92:ce:0b:42:0f:09:85:8d:63:e1:6d:a1:02:68:
         85:c9:dc:87:67:f7:ba:48:1f:cc:81:70:9b:e5:7e:0e:0f:f0:
         75:f7:a5:ba:55:39:d2:62:84:91:23:7c:e6:3a:11:c1:d9:d1:
         a3:93:71:a8:17:c8:43:67:3c:a7:db:dc:16:2f:b6:7f:0f:d7:
         32:16:25:dc:1c:0e:8e:70:1f:d9:4d:22:1d:78:3d:2b:c4:c3:
         98:33:81:b9:89:2d:9e:20:2f:95:26:10:de:8f:9a:d0:81:6d:
         ab:e3:49:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/NHoFkr/WoqVixwlHT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAzNjg1YjJiZjIwMDlmZGM4OTE0MmQ0NmVjZTI5M2I2ZTljMjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr20n7IvwXrFhs5rXKoWDrZ6BjDQi
6bIk113Jo3qRHSkA8/00daiID6ggWaW0OAjoAq1U9DvBx4DWFLT3qROAQThps4Jm
kArdRiwtUevi8eow3tLmcEGpmapxvWmtwEs0YP2WHlcVdDsY7siB1CcSJX1QHDTn
u++2BXyhRtDnOGGDVCHBeYDJZL/blUv0PCYchI4wQTRqoBULS51rszM/JSxgOe+K
69HarpdlXQg0VZQeaiTS5qDAI3UA/6w770tciUv87Pk715lWAV8JMS1iCUIlG1/Y
jhuL+6YC+IDjTIqRb0+yp1ork2LxwB2lfYaVcsL2F9kNnEDlbR7s5S/SzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIDaFsr8gCf3IkULUbs4pO26cILMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvb2dOb1d5dnlBSl9jaVJRdFJ1emlrN2Jwd2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU+RmMA0G
CSqGSIb3DQEBCwUAA4IBAQAorqVqK/sTVwbq5McOP1cCICDJoF8q6zCXMaUDI4Vt
FLb1gbIZAI75ZuMLxyv7kj8mrvJV9mPFnv6GZliDMIOy8+sd+lFth2Lc3Xa0C86a
I3gPP4dV9xFoQCGhhbeuXY2RyrZNs6x/ICrGIqm1ckX2eqtcLCDu46Y09eKq18uB
2nMhVaSuE+F9tz7pBIpEnI2LGD2Tks4LQg8JhY1j4W2hAmiFydyHZ/e6SB/MgXCb
5X4OD/B196W6VTnSYoSRI3zmOhHB2dGjk3GoF8hDZzyn29wWL7Z/D9cyFiXcHA6O
cB/ZTSIdeD0rxMOYM4G5iS2eIC+VJhDej5rQgW2r40nF
-----END CERTIFICATE-----