Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/3kuD3LLnycMU7BTyf9tYGmONV8Y.roa
File:                     3kuD3LLnycMU7BTyf9tYGmONV8Y.roa (raw, json)
Hash identifier:          DHhMqohJkKx9UxzpEEhLQe6jqZLZmbEF5em+WhcLQm8=
Subject key identifier:   DE:4B:83:DC:B2:E7:C9:C3:14:EC:14:F2:7F:DB:58:1A:63:8D:57:C6
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747FFC0AC2BF2539B79F5500F8A380E
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/3kuD3LLnycMU7BTyf9tYGmONV8Y.roa
Signing time:             Thu 02 Jan 2025 13:50:17 +0000
ROA not before:           Thu 02 Jan 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399486
IP address blocks:        83.147.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ff:c0:ac:2b:f2:53:9b:79:f5:50:0f:8a:38:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de4b83dcb2e7c9c314ec14f27fdb581a638d57c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:81:e3:12:db:a6:04:10:45:8e:4a:95:1c:cf:
                    37:3c:63:2e:b7:8b:57:b3:b1:2f:94:2d:16:54:41:
                    89:26:56:65:89:a5:4c:e7:cb:1e:9a:a4:57:fe:00:
                    65:0e:98:7d:d6:43:00:e3:38:ab:59:09:e3:7d:9c:
                    b3:3a:63:cf:3f:d1:5f:9f:cd:7f:b0:02:a4:88:cc:
                    14:28:ab:f6:66:20:ad:ca:76:74:1e:77:75:20:8c:
                    17:d7:0e:db:c9:d1:db:54:be:7a:f9:c8:9a:aa:93:
                    02:08:60:e9:a0:cf:4e:c7:55:4e:59:8a:50:68:94:
                    bc:99:73:5a:45:cd:27:85:93:08:f1:7e:dd:4a:69:
                    16:31:5d:8d:07:98:c1:5b:0f:d4:63:74:8d:87:5f:
                    9d:aa:51:bf:f0:d1:fb:b0:48:5a:ca:7d:1c:4f:fc:
                    64:6c:64:b0:03:02:d0:80:58:c8:e2:de:6a:3c:a0:
                    49:76:a5:c7:98:87:53:19:b8:c8:5d:b2:f1:2b:dd:
                    bb:1d:cb:4d:38:6b:2e:a3:0e:19:87:74:4e:e9:61:
                    d5:07:d2:5d:e4:3e:1d:0c:6e:45:0f:39:8a:9e:ee:
                    47:ce:3e:76:76:01:f5:25:59:7c:f7:85:a5:19:a9:
                    a1:dd:74:b6:fc:cb:3e:a1:61:55:cc:52:8d:f1:39:
                    dc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4B:83:DC:B2:E7:C9:C3:14:EC:14:F2:7F:DB:58:1A:63:8D:57:C6
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/3kuD3LLnycMU7BTyf9tYGmONV8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:ed:b4:93:18:ad:f0:3e:94:26:c3:e6:63:a5:c0:ff:9f:10:
         ac:e8:a6:1c:a4:d0:70:4a:83:42:4f:bb:af:7f:ca:93:23:03:
         68:70:7a:9e:2c:af:0a:f7:05:7e:b0:88:a5:c2:f4:b8:50:70:
         9b:16:dd:1a:bb:7b:32:21:cb:26:77:6c:42:19:eb:1b:c4:b3:
         77:ea:9c:00:8f:f0:fd:23:72:06:61:e6:37:e9:f7:73:26:d0:
         47:39:ae:a3:29:d8:4b:91:7a:d9:ba:2e:dc:28:64:d7:38:5b:
         d8:18:ab:8c:d3:e4:3c:1a:6c:b2:d9:eb:f4:06:ad:5f:c4:44:
         ca:e9:7f:c5:f2:32:12:eb:c8:87:06:f9:60:e4:96:84:5a:fc:
         6a:a8:4c:8e:3d:c7:c7:19:26:91:96:5c:5e:54:0a:f0:1f:01:
         29:77:7b:75:f8:92:c4:9b:b5:ac:2b:a2:bb:96:91:a4:67:dc:
         03:13:0a:d1:50:b9:42:16:9e:9a:3f:78:b0:21:39:82:5c:cc:
         f7:88:78:f6:3a:55:21:08:f4:5b:93:8a:06:9c:7b:0f:a7:8a:
         3f:b9:6d:80:4c:6f:dd:ec:4c:1e:78:de:99:5d:c8:9b:7e:f0:
         18:a2:63:e1:0f:78:a1:ad:0a:55:c1:ac:03:3f:91:37:ef:de:
         76:d4:16:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR//ArCvyU5t59VAPijgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRiODNkY2IyZTdjOWMzMTRlYzE0ZjI3ZmRiNTgxYTYzOGQ1N2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oHjEtumBBBFjkqVHM83PGMut4tX
s7EvlC0WVEGJJlZliaVM58semqRX/gBlDph91kMA4zirWQnjfZyzOmPPP9Ffn81/
sAKkiMwUKKv2ZiCtynZ0Hnd1IIwX1w7bydHbVL56+ciaqpMCCGDpoM9Ox1VOWYpQ
aJS8mXNaRc0nhZMI8X7dSmkWMV2NB5jBWw/UY3SNh1+dqlG/8NH7sEhayn0cT/xk
bGSwAwLQgFjI4t5qPKBJdqXHmIdTGbjIXbLxK927HctNOGsuow4Zh3RO6WHVB9Jd
5D4dDG5FDzmKnu5Hzj52dgH1JVl894WlGamh3XS2/Ms+oWFVzFKN8TncmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5Lg9yy58nDFOwU8n/bWBpjjVfGMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvM2t1RDNMTG55Y01VN0JUeWY5dFlHbU9OVjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5M0MA0G
CSqGSIb3DQEBCwUAA4IBAQAr7bSTGK3wPpQmw+ZjpcD/nxCs6KYcpNBwSoNCT7uv
f8qTIwNocHqeLK8K9wV+sIilwvS4UHCbFt0au3syIcsmd2xCGesbxLN36pwAj/D9
I3IGYeY36fdzJtBHOa6jKdhLkXrZui7cKGTXOFvYGKuM0+Q8Gmyy2ev0Bq1fxETK
6X/F8jIS68iHBvlg5JaEWvxqqEyOPcfHGSaRllxeVArwHwEpd3t1+JLEm7WsK6K7
lpGkZ9wDEwrRULlCFp6aP3iwITmCXMz3iHj2OlUhCPRbk4oGnHsPp4o/uW2ATG/d
7EweeN6ZXcibfvAYomPhD3ihrQpVwawDP5E379521BaV
-----END CERTIFICATE-----