Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/sbB5rWznkx11a-ml7F5dgxBdLB8.roa
File:                     sbB5rWznkx11a-ml7F5dgxBdLB8.roa (raw, json)
Hash identifier:          hZDJbvnmqoTqmB24xt4Zqd+OZQtbN/yic/4pL/K8uVA=
Subject key identifier:   B1:B0:79:AD:6C:E7:93:1D:75:6B:E9:A5:EC:5E:5D:83:10:5D:2C:1F
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6C10442D947C68596F4AD91BD5F46
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/sbB5rWznkx11a-ml7F5dgxBdLB8.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210122
IP address blocks:        83.137.154.0/24 maxlen: 24
                          88.209.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c1:04:42:d9:47:c6:85:96:f4:ad:91:bd:5f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1b079ad6ce7931d756be9a5ec5e5d83105d2c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:83:c7:c2:3d:ce:5e:0d:20:57:d8:d7:b4:5b:
                    bb:1c:f9:07:84:17:57:ac:2b:d7:ed:be:dc:1f:c6:
                    40:53:e2:f1:9f:2e:c7:48:0b:e7:69:83:71:1b:93:
                    f5:bf:95:ca:25:8b:58:3b:57:c3:5c:88:8d:94:45:
                    c7:d0:b7:ba:d8:5e:31:c9:80:1a:39:0d:de:c2:ae:
                    ed:f7:36:c1:8d:f0:93:65:a1:35:ad:81:cd:dc:87:
                    04:88:3a:93:cc:6e:69:13:83:d3:8b:82:cd:cb:f7:
                    6b:39:39:86:24:11:0e:bf:22:fc:37:9d:ee:32:f9:
                    cb:3e:7e:ac:b6:de:e7:1c:01:7b:fd:84:c2:ca:50:
                    59:05:71:37:9a:3a:e1:cb:4e:d0:0d:3c:87:ba:96:
                    c6:c8:f8:14:b0:59:e8:9c:4c:73:bf:64:3d:b0:89:
                    85:56:d2:f2:22:fd:0b:b4:61:c4:19:c5:e7:88:71:
                    49:36:39:c1:7e:7f:e8:d4:30:21:1e:a2:f2:87:e7:
                    36:ab:2b:e3:b7:26:e0:05:a6:98:94:77:95:d4:7e:
                    56:ed:05:c8:5c:3a:00:5d:15:7d:47:7c:b6:28:88:
                    db:78:d7:61:36:4b:c6:85:25:06:0a:8b:8c:f9:79:
                    73:dc:9d:f7:90:cc:a0:b7:e8:54:38:bf:f1:19:81:
                    96:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:B0:79:AD:6C:E7:93:1D:75:6B:E9:A5:EC:5E:5D:83:10:5D:2C:1F
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/sbB5rWznkx11a-ml7F5dgxBdLB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.154.0/24
                  88.209.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:48:3b:61:73:5c:24:e3:15:68:40:98:ff:2b:2e:7c:17:15:
         0c:b0:fc:81:24:76:d5:3b:1e:0b:39:e5:c2:40:8e:a1:c1:27:
         47:e5:4e:85:08:10:a0:78:9c:c2:58:f5:a8:0f:e8:fe:10:dc:
         a6:99:31:fd:f8:fc:35:58:17:c1:0b:e4:2f:a3:52:15:9f:30:
         8c:12:02:43:5d:77:75:64:e1:eb:7c:47:94:2b:75:8a:88:98:
         f9:8b:26:46:e5:50:25:42:14:a7:15:66:41:55:3d:e6:02:cf:
         c4:60:12:cf:f1:ed:8a:b8:0e:77:70:f0:e5:17:85:aa:86:92:
         4c:21:cc:c3:6b:8d:7d:62:5c:10:2c:e5:fe:67:0c:5b:1f:32:
         25:77:78:4a:69:ea:cc:fc:28:69:d9:f2:ef:cd:14:86:ca:7a:
         f9:1b:4f:28:18:a3:fc:60:eb:36:ef:a6:d6:2d:f9:28:e0:8b:
         95:1c:a9:3e:53:96:88:c6:b9:5a:31:30:2f:40:63:6a:7f:ad:
         1d:b7:0e:4a:63:d5:06:80:96:24:02:db:a4:7e:13:0c:7f:cb:
         14:26:26:37:d2:0d:9b:32:da:1d:57:b3:0c:b8:bb:52:d4:24:
         5f:a4:05:6c:1d:de:85:fb:c9:d4:71:ee:af:b4:87:29:6f:09:
         9c:7c:a0:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtsEEQtlHxoWW9K2RvV9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWIwNzlhZDZjZTc5MzFkNzU2YmU5YTVlYzVlNWQ4MzEwNWQyYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4PHwj3OXg0gV9jXtFu7HPkHhBdX
rCvX7b7cH8ZAU+Lxny7HSAvnaYNxG5P1v5XKJYtYO1fDXIiNlEXH0Le62F4xyYAa
OQ3ewq7t9zbBjfCTZaE1rYHN3IcEiDqTzG5pE4PTi4LNy/drOTmGJBEOvyL8N53u
MvnLPn6stt7nHAF7/YTCylBZBXE3mjrhy07QDTyHupbGyPgUsFnonExzv2Q9sImF
VtLyIv0LtGHEGcXniHFJNjnBfn/o1DAhHqLyh+c2qyvjtybgBaaYlHeV1H5W7QXI
XDoAXRV9R3y2KIjbeNdhNkvGhSUGCouM+Xlz3J33kMygt+hUOL/xGYGWIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLGwea1s55MddWvppexeXYMQXSwfMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvc2JCNXJXem5reDExYS1tbDdGNWRneEJkTEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU4maAwQA
WNHMMA0GCSqGSIb3DQEBCwUAA4IBAQBrSDthc1wk4xVoQJj/Ky58FxUMsPyBJHbV
Ox4LOeXCQI6hwSdH5U6FCBCgeJzCWPWoD+j+ENymmTH9+Pw1WBfBC+Qvo1IVnzCM
EgJDXXd1ZOHrfEeUK3WKiJj5iyZG5VAlQhSnFWZBVT3mAs/EYBLP8e2KuA53cPDl
F4WqhpJMIczDa419YlwQLOX+ZwxbHzIld3hKaerM/Chp2fLvzRSGynr5G08oGKP8
YOs276bWLfko4IuVHKk+U5aIxrlaMTAvQGNqf60dtw5KY9UGgJYkAtukfhMMf8sU
JiY30g2bMtodV7MMuLtS1CRfpAVsHd6F+8nUce6vtIcpbwmcfKDI
-----END CERTIFICATE-----