Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/ODqTHlDbaPBUV0aRCaBuPqaDQSA.roa
File:                     ODqTHlDbaPBUV0aRCaBuPqaDQSA.roa (raw, json)
Hash identifier:          QC/9MrgFL4HEKypd8iRiJumrof3HYvCsdsr1JCqaorI=
Subject key identifier:   38:3A:93:1E:50:DB:68:F0:54:57:46:91:09:A0:6E:3E:A6:83:41:20
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       0198E9F37982D8A511854A7CFBD75BB2AA1F
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/ODqTHlDbaPBUV0aRCaBuPqaDQSA.roa
Signing time:             Wed 27 Aug 2025 05:15:04 +0000
ROA not before:           Wed 27 Aug 2025 05:15:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        83.147.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e9:f3:79:82:d8:a5:11:85:4a:7c:fb:d7:5b:b2:aa:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Aug 27 05:15:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=383a931e50db68f05457469109a06e3ea6834120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:57:8f:de:aa:aa:4b:b7:89:4b:51:15:7c:06:
                    fb:13:dc:6a:ff:94:84:70:65:01:88:6a:b1:ee:ec:
                    fc:ab:6d:f5:7b:06:58:af:94:ee:63:fc:38:bf:25:
                    a8:b7:0d:e8:3a:4c:77:6e:63:43:ca:6c:2a:93:19:
                    20:48:35:17:18:3e:aa:60:3a:45:29:d2:f3:75:c8:
                    98:c1:8c:eb:80:65:78:3e:f5:24:b2:4e:1b:55:29:
                    0b:ec:da:1b:b5:11:68:13:a4:17:86:97:a5:bc:ca:
                    c0:7f:53:a0:8e:fc:84:79:22:b6:f0:c5:9a:28:5b:
                    c8:0f:a1:fc:d1:5f:1f:06:50:42:71:4d:ac:45:3a:
                    da:03:28:06:03:af:6a:a1:1a:60:9f:42:dc:8c:5a:
                    19:ac:a4:5b:c6:f0:9b:e1:86:21:18:e6:08:b0:10:
                    f3:69:b4:56:d6:5d:d1:be:76:8f:c6:58:2d:8d:19:
                    d5:33:8e:9f:17:02:1e:64:99:cb:55:73:ff:46:a9:
                    47:f5:28:61:46:43:88:51:9d:f9:3c:1c:d7:07:13:
                    26:f3:dc:40:23:80:46:0c:77:d4:14:34:79:b2:68:
                    eb:0e:cc:1d:e3:75:31:09:09:39:ed:52:d3:24:bf:
                    2f:22:cb:8a:22:c3:1f:7f:c8:8b:11:1b:9d:2b:26:
                    9d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3A:93:1E:50:DB:68:F0:54:57:46:91:09:A0:6E:3E:A6:83:41:20
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/ODqTHlDbaPBUV0aRCaBuPqaDQSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:76:72:2f:7c:04:e8:c7:4f:8a:29:79:36:1b:ad:a1:6f:65:
         df:46:48:f1:db:80:cd:5c:2b:70:ae:d6:25:9b:c9:b1:64:41:
         59:15:3b:47:10:36:11:de:bc:38:8d:3d:95:5d:c8:af:e4:cb:
         a7:76:84:53:1e:ac:17:eb:39:77:cc:d4:dd:c0:36:22:eb:57:
         7d:32:b7:f2:ee:65:9e:e3:ea:3f:b1:b1:b0:a6:51:66:0b:12:
         91:ba:e2:0f:d8:00:d6:e7:bf:59:96:64:2d:11:97:a7:8d:90:
         64:eb:e2:40:ea:b2:1f:36:fb:67:93:2a:96:54:15:eb:29:f3:
         54:73:35:13:22:19:b3:9b:13:05:ae:39:7b:1d:7f:ed:a1:25:
         37:37:00:a3:75:88:50:d1:27:e8:04:b7:0d:74:91:aa:e2:e1:
         a2:ad:c2:db:10:eb:bd:94:67:de:16:01:ca:7d:6d:8a:08:65:
         cf:5a:6b:e6:48:94:c2:ea:9d:01:b2:b5:67:46:7d:23:5a:a9:
         d8:70:20:66:93:fb:65:73:ee:bc:49:27:ea:63:6b:6e:aa:e6:
         0c:e6:73:59:e4:5f:51:62:12:8c:7d:70:d5:9e:6b:cd:b9:e4:
         1e:83:de:b5:72:25:cc:8e:d3:f2:51:88:2b:bc:b6:29:16:0e:
         18:9f:46:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjp83mC2KURhUp8+9dbsqofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwODI3MDUxNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODNhOTMxZTUwZGI2OGYwNTQ1NzQ2OTEwOWEwNmUzZWE2ODM0MTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVeP3qqqS7eJS1EVfAb7E9xq/5SE
cGUBiGqx7uz8q231ewZYr5TuY/w4vyWotw3oOkx3bmNDymwqkxkgSDUXGD6qYDpF
KdLzdciYwYzrgGV4PvUksk4bVSkL7NobtRFoE6QXhpelvMrAf1OgjvyEeSK28MWa
KFvID6H80V8fBlBCcU2sRTraAygGA69qoRpgn0LcjFoZrKRbxvCb4YYhGOYIsBDz
abRW1l3RvnaPxlgtjRnVM46fFwIeZJnLVXP/RqlH9ShhRkOIUZ35PBzXBxMm89xA
I4BGDHfUFDR5smjrDswd43UxCQk57VLTJL8vIsuKIsMff8iLERudKyadLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg6kx5Q22jwVFdGkQmgbj6mg0EgMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvT0RxVEhsRGJhUEJVVjBhUkNhQnVQcWFEUVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MEMA0G
CSqGSIb3DQEBCwUAA4IBAQBcdnIvfATox0+KKXk2G62hb2XfRkjx24DNXCtwrtYl
m8mxZEFZFTtHEDYR3rw4jT2VXciv5MundoRTHqwX6zl3zNTdwDYi61d9Mrfy7mWe
4+o/sbGwplFmCxKRuuIP2ADW579ZlmQtEZenjZBk6+JA6rIfNvtnkyqWVBXrKfNU
czUTIhmzmxMFrjl7HX/toSU3NwCjdYhQ0SfoBLcNdJGq4uGircLbEOu9lGfeFgHK
fW2KCGXPWmvmSJTC6p0BsrVnRn0jWqnYcCBmk/tlc+68SSfqY2tuquYM5nNZ5F9R
YhKMfXDVnmvNueQeg961ciXMjtPyUYgrvLYpFg4Yn0Yw
-----END CERTIFICATE-----