Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1-gYRTEDgBogd3mXfDu-gGMVlMfs.roa
File:                     1-gYRTEDgBogd3mXfDu-gGMVlMfs.roa (raw, json)
Hash identifier:          1/N4+O1zGf490R5GwGGO9rqov3KpiVu2vaX1gaZCaPI=
Subject key identifier:   FA:06:11:4C:40:E0:06:88:1D:DE:65:DF:0E:EF:A0:18:C5:65:31:FB
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6BDA82D18B283DB41B16FFF4F9E16
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1-gYRTEDgBogd3mXfDu-gGMVlMfs.roa
Signing time:             Mon 01 Jan 2024 06:29:42 +0000
ROA not before:           Mon 01 Jan 2024 06:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        83.137.155.0/24 maxlen: 24
                          88.209.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bd:a8:2d:18:b2:83:db:41:b1:6f:ff:4f:9e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa06114c40e006881dde65df0eefa018c56531fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:31:7c:7c:6f:d9:c1:fb:03:57:b0:b5:04:
                    56:e6:f1:d6:36:78:c9:53:ab:40:11:c6:58:35:43:
                    80:af:c5:9f:99:b8:7a:e9:5f:b6:ff:19:7e:5c:4d:
                    40:5d:3a:60:fb:c0:78:a4:80:b3:d0:1e:62:09:14:
                    f4:93:79:39:9e:73:bd:33:c1:bd:fb:12:db:6d:49:
                    58:e2:04:2e:27:d3:67:56:62:89:54:58:b0:cb:77:
                    19:41:57:86:23:8a:f9:03:a5:96:91:29:4b:e0:6c:
                    db:a6:1b:ed:db:36:99:82:20:3a:ae:ea:38:79:05:
                    09:bf:69:68:2d:cb:f8:2d:82:d6:b4:2e:2f:77:56:
                    16:b0:53:da:2c:33:31:bc:b9:14:27:d9:cc:79:f2:
                    f6:29:9e:22:b5:70:33:33:ea:2b:57:9f:39:8d:c0:
                    5a:8e:1a:9d:45:b9:86:c9:9b:4c:77:72:10:85:44:
                    29:03:f7:48:6c:e1:d6:47:0e:26:cd:aa:d4:69:36:
                    d3:69:6b:c3:90:96:42:ae:26:3c:b8:4f:69:4b:a3:
                    32:8a:06:a6:f5:21:67:e1:52:79:d8:46:cf:8b:4e:
                    ff:93:2a:93:44:e8:1e:41:a1:42:bd:cb:2a:41:46:
                    8b:bf:bb:04:d5:49:7f:c2:57:d5:4d:16:8b:c7:b5:
                    83:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:06:11:4C:40:E0:06:88:1D:DE:65:DF:0E:EF:A0:18:C5:65:31:FB
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1-gYRTEDgBogd3mXfDu-gGMVlMfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.155.0/24
                  88.209.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:9f:75:36:af:69:41:93:be:c6:43:7e:ee:6f:c0:89:42:3f:
         c8:ac:ca:78:a7:2b:cb:94:87:d3:33:83:d7:88:88:21:88:b3:
         55:4c:52:19:35:8d:0a:5a:84:bd:ea:ef:54:9f:04:96:63:f6:
         f9:73:6c:f4:86:15:eb:74:05:3c:6d:b3:e8:43:b7:40:be:13:
         f8:e7:b0:b3:14:9b:4e:bb:a1:8b:d2:d6:e9:7c:37:1f:ab:c8:
         9f:30:c2:09:01:e9:f4:69:10:b1:13:f1:f0:e3:ed:f9:41:e6:
         f1:8b:e8:60:e2:a8:17:f7:a3:e4:9e:65:2d:0b:93:03:a2:98:
         88:2b:83:49:20:a3:b6:89:6d:eb:9c:30:67:90:81:6d:93:05:
         7c:ca:99:9d:3c:2d:48:89:c0:eb:9b:e0:59:fd:5c:c1:db:e5:
         d1:8c:77:dd:26:4b:54:f9:84:c3:ef:cd:a3:c7:5f:5c:dc:b4:
         1a:f1:31:4d:54:9a:34:d5:1d:c7:e4:d0:29:c3:56:47:a8:65:
         8d:25:f0:9e:c5:4a:b6:21:6e:19:5b:e8:8b:c3:01:ab:ad:98:
         35:10:18:22:42:ce:a6:8d:cd:50:1d:5c:5f:4f:96:d0:81:ad:
         b7:c8:a3:84:2b:95:8d:e5:58:77:4e:ad:7a:35:60:c3:a6:04:
         f7:2b:c9:ab
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzDtr2oLRiyg9tBsW//T54WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTA2MTE0YzQwZTAwNjg4MWRkZTY1ZGYwZWVmYTAxOGM1NjUzMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozExfHxv2cH7A1ewtQRW5vHWNnjJ
U6tAEcZYNUOAr8Wfmbh66V+2/xl+XE1AXTpg+8B4pICz0B5iCRT0k3k5nnO9M8G9
+xLbbUlY4gQuJ9NnVmKJVFiwy3cZQVeGI4r5A6WWkSlL4Gzbphvt2zaZgiA6ruo4
eQUJv2loLcv4LYLWtC4vd1YWsFPaLDMxvLkUJ9nMefL2KZ4itXAzM+orV585jcBa
jhqdRbmGyZtMd3IQhUQpA/dIbOHWRw4mzarUaTbTaWvDkJZCriY8uE9pS6Myigam
9SFn4VJ52EbPi07/kyqTROgeQaFCvcsqQUaLv7sE1Ul/wlfVTRaLx7WDLwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPoGEUxA4AaIHd5l3w7voBjFZTH7MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMS1nWVJURURnQm9nZDNtWGZEdS1nR01WbE1mcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGQvNTg5MTI3LTEwOTYtNGM5MS05NmNjLTdlNGQ2ZjZmNmU2
Ni8xL3phcWc0SUkyQTJDczJqUjJaT3VERk9zUjJoQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFOJmwME
AFjRyjANBgkqhkiG9w0BAQsFAAOCAQEAAJ91Nq9pQZO+xkN+7m/AiUI/yKzKeKcr
y5SH0zOD14iIIYizVUxSGTWNClqEvervVJ8ElmP2+XNs9IYV63QFPG2z6EO3QL4T
+OewsxSbTruhi9LW6Xw3H6vInzDCCQHp9GkQsRPx8OPt+UHm8YvoYOKoF/ej5J5l
LQuTA6KYiCuDSSCjtolt65wwZ5CBbZMFfMqZnTwtSInA65vgWf1cwdvl0Yx33SZL
VPmEw+/No8dfXNy0GvExTVSaNNUdx+TQKcNWR6hljSXwnsVKtiFuGVvoi8MBq62Y
NRAYIkLOpo3NUB1cX0+W0IGtt8ijhCuVjeVYd06tejVgw6YE9yvJqw==
-----END CERTIFICATE-----