Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/DUER2OIxuLfteK-5s9p125aHbHQ.roa
File:                     DUER2OIxuLfteK-5s9p125aHbHQ.roa (raw, json)
Hash identifier:          MKxlsAlXCfnz4va2JwSTTtP5lv2QEgVXIYiD1U0P1iM=
Subject key identifier:   0D:41:11:D8:E2:31:B8:B7:ED:78:AF:B9:B3:DA:75:DB:96:87:6C:74
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       019422FC1C371ECF784A6FA808EE2F3481BC
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/DUER2OIxuLfteK-5s9p125aHbHQ.roa
Signing time:             Wed 01 Jan 2025 17:48:55 +0000
ROA not before:           Wed 01 Jan 2025 17:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209943
IP address blocks:        213.83.7.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:1c:37:1e:cf:78:4a:6f:a8:08:ee:2f:34:81:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  1 17:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d4111d8e231b8b7ed78afb9b3da75db96876c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:14:a9:58:51:53:f0:3f:77:e5:90:73:cd:74:
                    a3:aa:08:84:18:cb:e5:b7:e1:8c:90:0b:0a:96:42:
                    17:fb:b5:6e:09:5a:3b:76:ae:33:06:db:8d:14:6c:
                    76:21:e1:c0:77:55:e2:52:d6:69:d2:69:58:33:1d:
                    8c:1e:4b:72:00:c5:55:53:5e:ae:50:65:47:56:5e:
                    0f:a5:a1:24:39:01:9c:b7:91:ed:d8:2a:1c:c0:9b:
                    f8:a7:f6:ce:de:b3:fa:8d:d9:b4:89:e5:15:2d:c8:
                    ac:1b:fa:dc:b1:82:5f:b8:c7:bc:40:ec:2c:dd:56:
                    b7:6e:27:f5:ab:18:0d:b3:c2:e9:5d:4f:dd:2b:8a:
                    84:ad:16:55:cf:22:1c:68:16:b0:ac:ec:be:bb:dd:
                    69:00:cb:0e:31:90:3e:8c:02:63:fd:b2:f3:36:01:
                    64:23:64:d9:df:c4:27:dc:1b:19:aa:31:1e:bf:4d:
                    55:de:78:83:0f:2a:13:18:89:ab:4c:8a:d9:af:65:
                    6a:7d:fd:11:d4:fb:45:45:77:57:5c:86:42:63:a8:
                    0a:df:5f:58:56:5e:17:d6:53:20:cc:b3:cd:25:88:
                    39:88:1a:da:02:74:fa:55:a2:55:70:a5:cf:1e:ba:
                    6c:20:77:4b:a7:e1:8e:07:b4:15:3e:44:89:3e:81:
                    24:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:41:11:D8:E2:31:B8:B7:ED:78:AF:B9:B3:DA:75:DB:96:87:6C:74
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/DUER2OIxuLfteK-5s9p125aHbHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.83.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:bd:b2:bc:e3:32:fc:26:10:79:a8:1e:c5:c4:e0:f5:de:19:
         c7:67:2f:79:80:66:c3:3e:63:f0:ef:6c:56:30:a7:41:96:36:
         26:98:07:e5:b1:12:33:12:6d:7c:d0:4d:f1:3b:ad:19:8d:51:
         ea:13:03:9b:c6:33:c3:07:d9:61:85:fd:bd:00:0c:0d:d5:50:
         b8:4e:c4:1e:39:e7:b8:47:0e:4e:71:e9:52:6b:0e:6c:f7:69:
         cc:69:3d:41:5c:90:f6:26:27:6f:bc:ae:e6:54:c3:e7:59:d8:
         bb:03:81:4a:1d:29:47:95:ce:31:1f:ba:dc:79:ba:1d:45:a4:
         2c:72:ec:f2:1b:d8:06:81:97:db:b9:41:fa:47:3d:af:02:ea:
         d8:b4:63:b4:b7:b4:a9:b4:05:47:5d:18:6b:04:65:e2:28:19:
         16:f7:6e:37:92:84:2c:f7:91:e5:cc:7f:6c:da:ca:02:73:71:
         a4:9e:09:7d:8f:86:fe:da:17:70:ed:2f:c0:bf:78:b1:87:f7:
         a0:c0:7a:af:67:77:a6:13:35:94:a2:23:ed:50:83:f7:0b:d0:
         c8:37:56:bd:36:b1:b9:25:e4:b0:5b:3f:3b:00:4f:ba:9a:50:
         55:43:6b:39:67:1e:5f:12:e6:fa:28:4c:4c:02:6e:15:ab:bf:
         87:df:cf:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Bw3Hs94Sm+oCO4vNIG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQxMTFkOGUyMzFiOGI3ZWQ3OGFmYjliM2RhNzVkYjk2ODc2Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBSpWFFT8D935ZBzzXSjqgiEGMvl
t+GMkAsKlkIX+7VuCVo7dq4zBtuNFGx2IeHAd1XiUtZp0mlYMx2MHktyAMVVU16u
UGVHVl4PpaEkOQGct5Ht2CocwJv4p/bO3rP6jdm0ieUVLcisG/rcsYJfuMe8QOws
3Va3bif1qxgNs8LpXU/dK4qErRZVzyIcaBawrOy+u91pAMsOMZA+jAJj/bLzNgFk
I2TZ38Qn3BsZqjEev01V3niDDyoTGImrTIrZr2Vqff0R1PtFRXdXXIZCY6gK319Y
Vl4X1lMgzLPNJYg5iBraAnT6VaJVcKXPHrpsIHdLp+GOB7QVPkSJPoEkxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1BEdjiMbi37XivubPadduWh2x0MB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvRFVFUjJPSXh1TGZ0ZUstNXM5cDEyNWFIYkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VMHMA0G
CSqGSIb3DQEBCwUAA4IBAQAJvbK84zL8JhB5qB7FxOD13hnHZy95gGbDPmPw72xW
MKdBljYmmAflsRIzEm180E3xO60ZjVHqEwObxjPDB9lhhf29AAwN1VC4TsQeOee4
Rw5OcelSaw5s92nMaT1BXJD2JidvvK7mVMPnWdi7A4FKHSlHlc4xH7rcebodRaQs
cuzyG9gGgZfbuUH6Rz2vAurYtGO0t7SptAVHXRhrBGXiKBkW9243koQs95HlzH9s
2soCc3Gkngl9j4b+2hdw7S/Av3ixh/egwHqvZ3emEzWUoiPtUIP3C9DIN1a9NrG5
JeSwWz87AE+6mlBVQ2s5Zx5fEub6KExMAm4Vq7+H38+A
-----END CERTIFICATE-----