Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j5Qii8CZN_qp-4ccXtc7LD97-tY.roa
File:                     j5Qii8CZN_qp-4ccXtc7LD97-tY.roa (raw, json)
Hash identifier:          ngeZ8nTSt/nDCbtXdxmIMpyWVPp5DgtOQvP/5mpQVcQ=
Subject key identifier:   8F:94:22:8B:C0:99:37:FA:A9:FB:87:1C:5E:D7:3B:2C:3F:7B:FA:D6
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0194DF4F09B48ABC511E9857111F0CAB1624
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j5Qii8CZN_qp-4ccXtc7LD97-tY.roa
Signing time:             Fri 07 Feb 2025 07:28:06 +0000
ROA not before:           Fri 07 Feb 2025 07:28:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        83.137.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:df:4f:09:b4:8a:bc:51:1e:98:57:11:1f:0c:ab:16:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Feb  7 07:28:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f94228bc09937faa9fb871c5ed73b2c3f7bfad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:53:7d:98:79:fe:40:9b:14:80:10:c9:bc:a3:
                    56:0d:f6:c8:20:2d:b1:11:0f:e4:14:50:46:f8:8e:
                    ff:87:8d:ec:e4:15:4d:50:9e:66:79:ec:06:7b:67:
                    75:87:83:fd:34:04:f8:7f:03:e9:97:32:83:4e:4c:
                    f4:72:f6:0b:1c:8a:b8:51:d8:32:65:34:7a:be:d5:
                    eb:6c:3a:d3:7d:3f:d9:b6:8f:c4:4d:15:e8:c0:ba:
                    f6:f2:f8:c0:52:2d:67:d1:b6:39:d1:f5:dc:5d:d8:
                    9e:8d:85:61:32:60:34:74:2f:51:ee:97:7f:0e:50:
                    06:6c:49:26:bf:84:cf:1c:97:0d:fc:f2:9a:86:e7:
                    17:fa:a3:d4:ae:d8:4d:bd:43:b3:df:c4:ed:8f:2b:
                    41:0f:fc:39:c4:db:77:ba:df:5a:37:48:24:ef:f7:
                    b8:38:1a:c7:db:d4:ac:b9:96:dd:d8:50:2d:78:57:
                    78:c7:6e:29:a9:a2:a7:0c:e3:6e:ee:c8:79:b7:b9:
                    47:8f:32:00:5b:5d:14:ae:ef:b6:31:39:75:05:b4:
                    47:e5:1d:76:3c:0c:cd:7d:a5:a7:ab:f4:eb:11:00:
                    55:e3:59:81:8d:bd:ed:01:ce:11:04:ed:11:1f:52:
                    08:3a:f4:fc:eb:2c:10:f2:43:18:44:2e:b2:38:e5:
                    8e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:94:22:8B:C0:99:37:FA:A9:FB:87:1C:5E:D7:3B:2C:3F:7B:FA:D6
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j5Qii8CZN_qp-4ccXtc7LD97-tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:2a:32:2e:12:5b:72:ca:3a:df:f3:6e:00:92:33:87:8a:d8:
         85:16:d8:aa:65:23:a4:19:84:90:6c:71:23:b1:01:b3:ff:3e:
         23:52:54:07:f6:bc:59:64:44:30:91:21:60:54:75:59:b5:7f:
         ee:aa:40:6f:49:89:46:6a:39:9f:68:65:52:79:74:f3:cd:14:
         37:04:cf:bd:2f:e6:dc:f6:0a:3b:d1:7f:b9:a2:b1:f5:61:13:
         85:ae:14:d3:ee:af:e0:5b:83:fd:c1:d5:8a:bb:37:90:2a:48:
         b1:9e:b1:ec:78:c3:a3:a6:01:50:29:5a:a3:69:97:e5:34:3b:
         70:74:fe:e1:87:1a:2a:ac:20:6d:0e:10:49:89:bb:f7:b7:d8:
         ef:5d:b9:d6:00:6e:37:59:a3:2b:87:35:97:2a:19:db:93:e4:
         49:ab:12:9e:1c:46:c8:8b:19:a4:1d:b4:a3:2b:43:e0:e0:d4:
         68:4e:03:86:96:a6:2f:85:d1:ba:bd:fb:73:2c:47:46:30:70:
         6d:53:3f:70:c5:89:18:04:a2:a3:97:4f:49:64:1c:ce:6f:6d:
         c6:dc:1a:62:cc:3e:a0:d0:5c:da:c8:20:39:dd:93:4b:22:cf:
         bd:fd:dc:a9:49:f0:ab:32:f5:95:af:92:9d:bd:5b:de:16:b4:
         43:47:e9:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTfTwm0irxRHphXER8MqxYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMjA3MDcyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk0MjI4YmMwOTkzN2ZhYTlmYjg3MWM1ZWQ3M2IyYzNmN2JmYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFN9mHn+QJsUgBDJvKNWDfbIIC2x
EQ/kFFBG+I7/h43s5BVNUJ5meewGe2d1h4P9NAT4fwPplzKDTkz0cvYLHIq4Udgy
ZTR6vtXrbDrTfT/Zto/ETRXowLr28vjAUi1n0bY50fXcXdiejYVhMmA0dC9R7pd/
DlAGbEkmv4TPHJcN/PKahucX+qPUrthNvUOz38TtjytBD/w5xNt3ut9aN0gk7/e4
OBrH29SsuZbd2FAteFd4x24pqaKnDONu7sh5t7lHjzIAW10Uru+2MTl1BbRH5R12
PAzNfaWnq/TrEQBV41mBjb3tAc4RBO0RH1IIOvT86ywQ8kMYRC6yOOWOFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+UIovAmTf6qfuHHF7XOyw/e/rWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvajVRaWk4Q1pOX3FwLTRjY1h0YzdMRDk3LXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4mYMA0G
CSqGSIb3DQEBCwUAA4IBAQBtKjIuEltyyjrf824AkjOHitiFFtiqZSOkGYSQbHEj
sQGz/z4jUlQH9rxZZEQwkSFgVHVZtX/uqkBvSYlGajmfaGVSeXTzzRQ3BM+9L+bc
9go70X+5orH1YROFrhTT7q/gW4P9wdWKuzeQKkixnrHseMOjpgFQKVqjaZflNDtw
dP7hhxoqrCBtDhBJibv3t9jvXbnWAG43WaMrhzWXKhnbk+RJqxKeHEbIixmkHbSj
K0Pg4NRoTgOGlqYvhdG6vftzLEdGMHBtUz9wxYkYBKKjl09JZBzOb23G3BpizD6g
0FzayCA53ZNLIs+9/dypSfCrMvWVr5KdvVveFrRDR+mQ
-----END CERTIFICATE-----