Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/0o1YRHDHs6Y_Qq6pCAQcKlyWFz8.roa
File:                     0o1YRHDHs6Y_Qq6pCAQcKlyWFz8.roa (raw, json)
Hash identifier:          nsMIKNS3OeQBs34bWYRCT4THehdiZrvKLdywuELl5UY=
Subject key identifier:   D2:8D:58:44:70:C7:B3:A6:3F:42:AE:A9:08:04:1C:2A:5C:96:17:3F
Certificate issuer:       /CN=733b0728b7a0543584c2cd0b48b7478c4194ef0a
Certificate serial:       01942521A0C21EC85BA11008A3AD19CCB4CF
Authority key identifier: 73:3B:07:28:B7:A0:54:35:84:C2:CD:0B:48:B7:47:8C:41:94:EF:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/0o1YRHDHs6Y_Qq6pCAQcKlyWFz8.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        145.83.4.0/23 maxlen: 23
                          145.83.6.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a0:c2:1e:c8:5b:a1:10:08:a3:ad:19:cc:b4:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=733b0728b7a0543584c2cd0b48b7478c4194ef0a
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d28d584470c7b3a63f42aea908041c2a5c96173f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:77:af:37:c9:e6:75:0e:1e:1d:1a:55:27:3e:
                    0e:1d:5e:44:d3:fd:5c:4c:41:58:3b:08:12:80:9e:
                    57:de:91:27:38:e2:50:e4:da:4b:e2:89:0b:f8:78:
                    c2:84:ef:14:3e:9c:3e:7f:b5:77:a3:57:94:46:2c:
                    04:ee:5d:94:1d:81:43:61:0f:28:f7:79:de:4f:51:
                    af:25:d0:e5:08:7f:b7:a9:4c:dd:91:52:96:15:df:
                    1d:91:04:11:40:16:80:9b:6c:a5:db:f3:d5:95:dc:
                    74:18:7b:d5:89:2c:3e:22:1f:40:b7:db:7f:19:fb:
                    4f:73:b7:ba:ec:85:e5:c4:c7:e6:ce:7b:7e:85:17:
                    70:16:27:4b:aa:79:27:5e:31:a1:40:08:bc:55:6f:
                    2e:db:e8:5b:59:38:2c:21:26:75:4d:d4:2b:8b:3f:
                    67:71:96:73:30:62:5f:9f:c5:69:f4:2e:0f:eb:e8:
                    0e:c3:0f:47:1f:0c:44:fa:83:09:19:25:a1:50:1f:
                    68:20:e7:02:9b:8b:c9:43:48:23:fd:2f:18:f0:24:
                    44:87:b1:a2:27:bd:af:bf:6f:8a:18:41:7b:b8:01:
                    b6:6c:2f:fb:86:d4:c0:48:fa:73:28:7d:50:50:18:
                    c4:54:b2:2f:f9:0a:2b:82:cf:30:31:1e:a0:b0:d4:
                    bf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8D:58:44:70:C7:B3:A6:3F:42:AE:A9:08:04:1C:2A:5C:96:17:3F
            X509v3 Authority Key Identifier:
                keyid:73:3B:07:28:B7:A0:54:35:84:C2:CD:0B:48:B7:47:8C:41:94:EF:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/0o1YRHDHs6Y_Qq6pCAQcKlyWFz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.83.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:98:08:6b:0b:9f:0b:1a:b8:70:ec:71:3c:8a:bb:16:2a:e3:
         f6:f4:5e:3c:af:83:41:69:8c:ea:14:31:15:c8:f2:df:34:2c:
         f1:49:81:f7:2e:f9:29:02:c9:20:7d:25:2a:5d:92:f4:64:29:
         bc:bb:52:4c:4a:a4:6f:26:3a:f6:51:17:5a:5e:5c:6a:65:e7:
         67:53:dc:a8:04:64:cf:69:e8:e5:97:46:e3:c6:91:43:ac:5e:
         70:21:c4:34:e4:86:f5:c7:6c:2f:2f:fc:99:7b:27:dc:21:0c:
         83:61:b1:83:03:a5:b0:fc:2b:d6:ec:75:d0:c5:a1:f6:c6:e8:
         75:cd:d2:0b:22:75:30:11:bd:d7:b2:60:24:f8:bc:65:50:83:
         cf:05:dd:b8:4e:c6:42:34:0b:37:9a:30:a2:4f:83:09:7b:80:
         bb:dd:a4:51:e5:ab:4b:cb:c1:f9:b6:4f:94:33:7d:ee:83:8e:
         d8:b6:d7:7c:77:b8:9c:55:0d:3a:02:01:1c:6b:f5:fa:f8:fc:
         53:8b:63:04:0b:70:a7:7a:d1:80:2c:17:ae:d5:d6:0c:0c:27:
         dc:e6:ff:93:fa:36:44:60:bc:60:92:50:4e:c9:40:e9:0d:91:
         7e:27:e4:c4:b1:18:b2:33:85:22:07:84:06:58:3e:fe:ec:29:
         5c:78:01:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaDCHshboRAIo60ZzLTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczM2IwNzI4YjdhMDU0MzU4NGMyY2QwYjQ4Yjc0NzhjNDE5
NGVmMGEwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhkNTg0NDcwYzdiM2E2M2Y0MmFlYTkwODA0MWMyYTVjOTYxNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnevN8nmdQ4eHRpVJz4OHV5E0/1c
TEFYOwgSgJ5X3pEnOOJQ5NpL4okL+HjChO8UPpw+f7V3o1eURiwE7l2UHYFDYQ8o
93neT1GvJdDlCH+3qUzdkVKWFd8dkQQRQBaAm2yl2/PVldx0GHvViSw+Ih9At9t/
GftPc7e67IXlxMfmznt+hRdwFidLqnknXjGhQAi8VW8u2+hbWTgsISZ1TdQriz9n
cZZzMGJfn8Vp9C4P6+gOww9HHwxE+oMJGSWhUB9oIOcCm4vJQ0gj/S8Y8CREh7Gi
J72vv2+KGEF7uAG2bC/7htTASPpzKH1QUBjEVLIv+Qorgs8wMR6gsNS/DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKNWERwx7OmP0KuqQgEHCpclhc/MB8GA1UdIwQY
MBaAFHM7Byi3oFQ1hMLNC0i3R4xBlO8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3pzSEtMZWdWRFdFd3MwTFNMZEhqRUdVN3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hODM0ZGEtMWNjYS00MDE3LTkwYjgt
ZGFlZTBhZWFmYjJiLzEvMG8xWVJIREhzNllfUXE2cENBUWNLbHlXRno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hODM0ZGEtMWNjYS00MDE3LTkwYjgtZGFlZTBhZWFmYjJi
LzEvY3pzSEtMZWdWRFdFd3MwTFNMZEhqRUdVN3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkVMEMA0G
CSqGSIb3DQEBCwUAA4IBAQAlmAhrC58LGrhw7HE8irsWKuP29F48r4NBaYzqFDEV
yPLfNCzxSYH3LvkpAskgfSUqXZL0ZCm8u1JMSqRvJjr2URdaXlxqZednU9yoBGTP
aejll0bjxpFDrF5wIcQ05Ib1x2wvL/yZeyfcIQyDYbGDA6Ww/CvW7HXQxaH2xuh1
zdILInUwEb3XsmAk+LxlUIPPBd24TsZCNAs3mjCiT4MJe4C73aRR5atLy8H5tk+U
M33ug47Yttd8d7icVQ06AgEca/X6+PxTi2MEC3CnetGALBeu1dYMDCfc5v+T+jZE
YLxgklBOyUDpDZF+J+TEsRiyM4UiB4QGWD7+7ClceAG5
-----END CERTIFICATE-----