Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/stpJENpG1HfxaYzx679NTwZFpZY.roa
File:                     stpJENpG1HfxaYzx679NTwZFpZY.roa (raw, json)
Hash identifier:          EMcugxArWnP7J9sItxl3gZsFeM8qrAvUxjSeKkZ4oao=
Subject key identifier:   B2:DA:49:10:DA:46:D4:77:F1:69:8C:F1:EB:BF:4D:4F:06:45:A5:96
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       0194DF004DCB0035D5E5A13E57C2A7D600C0
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/stpJENpG1HfxaYzx679NTwZFpZY.roa
Signing time:             Fri 07 Feb 2025 06:02:06 +0000
ROA not before:           Fri 07 Feb 2025 06:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44152
IP address blocks:        82.98.75.80/29 maxlen: 32
                          82.98.90.0/24 maxlen: 32
                          82.98.94.120/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:df:00:4d:cb:00:35:d5:e5:a1:3e:57:c2:a7:d6:00:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Feb  7 06:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2da4910da46d477f1698cf1ebbf4d4f0645a596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ab:60:e6:98:38:4b:6b:9c:0b:d4:bd:01:15:
                    7a:bf:e0:d8:7f:0b:e1:9a:25:4c:e8:bf:6c:3c:a4:
                    52:ec:11:6c:02:93:47:d4:8b:11:80:e7:27:fc:d2:
                    93:03:10:1b:f0:38:b5:f9:d2:ec:be:2d:9d:37:66:
                    a8:4a:f1:d1:4a:ca:5f:da:67:d1:bb:91:28:63:90:
                    05:a4:ae:81:80:ca:de:1b:36:b4:71:e1:45:37:73:
                    71:e7:f9:33:77:df:78:c9:67:86:2e:54:ed:4a:40:
                    7c:10:93:61:8f:5d:6f:fa:88:29:b0:ed:89:9f:57:
                    e0:18:c9:18:22:6e:44:cd:e8:76:63:d9:02:63:f1:
                    fe:a5:46:ce:a5:b2:7c:ae:96:10:9b:83:47:6d:0f:
                    5a:e9:90:d0:6d:3b:5b:d4:f6:09:11:99:24:a1:59:
                    0b:91:35:c1:72:85:55:f5:d2:24:ba:39:13:6a:b3:
                    7a:9f:38:4b:30:fb:83:db:22:fe:74:77:79:09:33:
                    46:0a:4d:ef:c6:a9:f8:97:de:4f:a5:23:56:ed:62:
                    60:d7:63:44:36:83:86:29:ef:68:ed:a7:bc:06:7b:
                    7d:cd:d2:06:6a:36:8a:e2:e0:a2:f2:af:ee:43:84:
                    f3:9f:64:8f:23:d8:00:64:36:14:51:46:60:1a:9c:
                    42:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DA:49:10:DA:46:D4:77:F1:69:8C:F1:EB:BF:4D:4F:06:45:A5:96
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/stpJENpG1HfxaYzx679NTwZFpZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.98.75.80/29
                  82.98.90.0/24
                  82.98.94.120/29

    Signature Algorithm: sha256WithRSAEncryption
         57:04:59:0e:da:d2:5c:b3:69:e7:5d:72:3e:c2:d7:d1:55:1f:
         c7:c4:9b:0d:ef:56:d5:a5:09:56:8b:8e:41:cf:b0:27:bb:c9:
         9f:3b:45:78:7a:1a:7a:64:56:1a:ed:89:c2:f2:1f:e9:ab:6f:
         b3:9b:46:4b:ab:26:cd:64:55:e7:1c:98:43:24:b9:74:44:c6:
         b8:c5:72:2e:b9:dc:45:6c:54:42:6b:ea:6c:97:d4:f2:ed:64:
         01:74:80:14:67:11:af:3a:36:71:4e:fa:ca:52:46:87:88:75:
         9a:8f:1d:37:6f:27:f6:e7:66:52:bd:de:c8:13:38:07:b7:cd:
         26:dd:15:ec:25:f3:34:28:c5:66:89:b7:9d:2e:f4:a8:c8:2f:
         e2:58:3c:0c:54:26:1c:1e:14:c7:fa:ab:ab:67:b0:04:20:6b:
         b8:18:3c:25:11:dd:8f:b3:f5:02:10:81:d3:3b:ae:fb:a0:cf:
         57:52:eb:1f:b1:20:1e:10:cf:6e:73:35:26:fe:a4:b1:4a:a9:
         fb:e6:89:ac:ea:38:d1:79:d0:05:e2:28:dc:4f:7d:4a:21:ae:
         92:c4:15:65:57:a1:8d:99:12:c1:f6:04:2d:64:58:31:33:02:
         bd:50:98:d6:db:9e:17:09:93:0c:4a:0b:e1:97:62:af:54:03:
         82:21:d0:cf
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZTfAE3LADXV5aE+V8Kn1gDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjUwMjA3MDYwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmRhNDkxMGRhNDZkNDc3ZjE2OThjZjFlYmJmNGQ0ZjA2NDVhNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6tg5pg4S2ucC9S9ARV6v+DYfwvh
miVM6L9sPKRS7BFsApNH1IsRgOcn/NKTAxAb8Di1+dLsvi2dN2aoSvHRSspf2mfR
u5EoY5AFpK6BgMreGza0ceFFN3Nx5/kzd994yWeGLlTtSkB8EJNhj11v+ogpsO2J
n1fgGMkYIm5Ezeh2Y9kCY/H+pUbOpbJ8rpYQm4NHbQ9a6ZDQbTtb1PYJEZkkoVkL
kTXBcoVV9dIkujkTarN6nzhLMPuD2yL+dHd5CTNGCk3vxqn4l95PpSNW7WJg12NE
NoOGKe9o7ae8Bnt9zdIGajaK4uCi8q/uQ4Tzn2SPI9gAZDYUUUZgGpxCcwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLLaSRDaRtR38WmM8eu/TU8GRaWWMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvc3RwSkVOcEcxSGZ4YVl6eDY3OU5Ud1pGcFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwUDUmJLUAME
AFJiWgMFA1JiXngwDQYJKoZIhvcNAQELBQADggEBAFcEWQ7a0lyzaeddcj7C19FV
H8fEmw3vVtWlCVaLjkHPsCe7yZ87RXh6GnpkVhrticLyH+mrb7ObRkurJs1kVecc
mEMkuXRExrjFci653EVsVEJr6myX1PLtZAF0gBRnEa86NnFO+spSRoeIdZqPHTdv
J/bnZlK93sgTOAe3zSbdFewl8zQoxWaJt50u9KjIL+JYPAxUJhweFMf6q6tnsAQg
a7gYPCUR3Y+z9QIQgdM7rvugz1dS6x+xIB4Qz25zNSb+pLFKqfvmiazqONF50AXi
KNxPfUohrpLEFWVXoY2ZEsH2BC1kWDEzAr1QmNbbnhcJkwxKC+GXYq9UA4Ih0M8=
-----END CERTIFICATE-----