Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/Dkm-SUCRilfQ4XzeJOnuoK5ZJdE.roa
File:                     Dkm-SUCRilfQ4XzeJOnuoK5ZJdE.roa (raw, json)
Hash identifier:          zTpguLAeipn8Wtst/naF+8QZOEVr2PbUrq+v8q/mGyQ=
Subject key identifier:   0E:49:BE:49:40:91:8A:57:D0:E1:7C:DE:24:E9:EE:A0:AE:59:25:D1
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       019A050805DEF3F37D06705B43C0E3853DB6
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/Dkm-SUCRilfQ4XzeJOnuoK5ZJdE.roa
Signing time:             Tue 21 Oct 2025 04:30:03 +0000
ROA not before:           Tue 21 Oct 2025 04:30:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215311
IP address blocks:        83.147.18.0/24 maxlen: 24
                          83.147.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:08:05:de:f3:f3:7d:06:70:5b:43:c0:e3:85:3d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Oct 21 04:30:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e49be4940918a57d0e17cde24e9eea0ae5925d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:37:6f:6f:6e:4a:c2:bb:29:e7:10:7f:1b:b2:
                    1a:b0:64:70:8d:ca:a0:a2:42:79:35:96:fa:b4:dc:
                    e8:c6:3a:0b:e1:a1:9b:5f:27:ae:c7:e9:49:b4:de:
                    50:2b:1e:26:e9:a1:6b:8d:bb:12:b9:92:e5:06:04:
                    41:58:4c:d8:0f:06:13:c1:f4:37:bc:e8:8f:91:00:
                    a1:0f:28:17:56:88:eb:45:6e:73:ed:9f:b0:50:11:
                    aa:f7:64:c9:15:72:78:77:63:86:74:0d:46:d0:e9:
                    2a:8c:12:a0:7d:6b:e6:c6:05:99:1c:ca:fb:62:d5:
                    8f:81:6f:8c:21:77:bb:57:13:59:ec:9d:a7:6b:6d:
                    1c:c1:64:da:ef:cb:52:0c:af:33:e5:1c:85:06:4b:
                    94:c9:d1:e0:fb:d0:62:ec:d6:f1:96:05:cd:b6:f3:
                    fa:aa:d7:e7:6f:72:ef:7e:51:d8:4b:09:9b:e0:f1:
                    4a:fa:6c:7e:32:84:b0:9c:20:c8:eb:56:c3:e5:5d:
                    81:db:65:ef:51:ce:3b:81:ef:97:4c:31:5a:62:37:
                    63:05:03:e3:04:80:af:18:cd:be:32:b3:c6:2b:db:
                    18:52:6c:24:35:7f:e1:79:d2:76:1f:7c:7b:92:a0:
                    3e:38:32:19:45:3a:07:18:61:f5:1a:96:93:88:c8:
                    5b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:49:BE:49:40:91:8A:57:D0:E1:7C:DE:24:E9:EE:A0:AE:59:25:D1
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/Dkm-SUCRilfQ4XzeJOnuoK5ZJdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:99:89:d4:12:55:e2:b7:41:6c:11:e2:3b:f0:2d:e0:a5:8c:
         44:41:29:36:57:2f:5b:70:d2:c4:ab:05:ca:57:ed:cc:ea:7d:
         af:fa:aa:34:67:f9:d6:aa:65:30:92:85:bf:69:05:11:3f:60:
         31:d7:76:fa:37:6b:8d:fc:f8:18:f6:e3:f4:c4:b0:9d:fa:ea:
         f8:8a:98:39:44:d3:18:1d:1d:ca:6d:8e:33:b9:5d:b5:78:8e:
         24:4a:91:0a:e9:32:a1:61:7b:7b:82:31:3a:cb:83:5d:08:87:
         13:2f:2e:d9:3d:80:67:c6:0d:8e:63:6e:4e:4e:51:bd:49:68:
         5b:01:e2:9d:c1:d3:3d:51:c1:1b:ea:3a:c8:46:71:53:c3:49:
         24:96:c5:d9:05:c2:8d:37:7b:1e:7f:0a:d8:25:fc:15:93:bd:
         a3:c7:63:bf:ff:94:d0:3f:c2:d1:df:f7:2f:a2:a9:35:85:6f:
         11:45:f9:11:e1:6e:82:e3:1e:c8:fc:a5:8a:7e:39:0e:1c:16:
         5c:fd:27:1f:af:05:da:9b:bd:f9:b4:77:af:72:8d:7a:76:28:
         b2:79:8d:fe:bd:74:ea:5e:e1:cb:c6:50:4e:16:ff:6d:a1:8e:
         a0:c7:42:4a:9a:a7:24:e9:e3:61:26:5d:97:a3:d3:dd:85:d5:
         c9:89:4d:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoFCAXe8/N9BnBbQ8DjhT22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUxMDIxMDQzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQ5YmU0OTQwOTE4YTU3ZDBlMTdjZGUyNGU5ZWVhMGFlNTkyNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjdvb25Kwrsp5xB/G7IasGRwjcqg
okJ5NZb6tNzoxjoL4aGbXyeux+lJtN5QKx4m6aFrjbsSuZLlBgRBWEzYDwYTwfQ3
vOiPkQChDygXVojrRW5z7Z+wUBGq92TJFXJ4d2OGdA1G0OkqjBKgfWvmxgWZHMr7
YtWPgW+MIXe7VxNZ7J2na20cwWTa78tSDK8z5RyFBkuUydHg+9Bi7NbxlgXNtvP6
qtfnb3LvflHYSwmb4PFK+mx+MoSwnCDI61bD5V2B22XvUc47ge+XTDFaYjdjBQPj
BICvGM2+MrPGK9sYUmwkNX/hedJ2H3x7kqA+ODIZRToHGGH1GpaTiMhbvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5JvklAkYpX0OF83iTp7qCuWSXRMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvRGttLVNVQ1JpbGZRNFh6ZUpPbnVvSzVaSmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MSMA0G
CSqGSIb3DQEBCwUAA4IBAQBYmYnUElXit0FsEeI78C3gpYxEQSk2Vy9bcNLEqwXK
V+3M6n2v+qo0Z/nWqmUwkoW/aQURP2Ax13b6N2uN/PgY9uP0xLCd+ur4ipg5RNMY
HR3KbY4zuV21eI4kSpEK6TKhYXt7gjE6y4NdCIcTLy7ZPYBnxg2OY25OTlG9SWhb
AeKdwdM9UcEb6jrIRnFTw0kklsXZBcKNN3sefwrYJfwVk72jx2O//5TQP8LR3/cv
oqk1hW8RRfkR4W6C4x7I/KWKfjkOHBZc/ScfrwXam735tHevco16diiyeY3+vXTq
XuHLxlBOFv9toY6gx0JKmqck6eNhJl2Xo9PdhdXJiU3z
-----END CERTIFICATE-----