Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/rjoLb6xRWSPJtXMLtPqwuFtEkcg.roa
File:                     rjoLb6xRWSPJtXMLtPqwuFtEkcg.roa (raw, json)
Hash identifier:          /M6nuA1R9V+fnffp6tJmgxeR7pu/I0EBNNvcUnAVpwg=
Subject key identifier:   AE:3A:0B:6F:AC:51:59:23:C9:B5:73:0B:B4:FA:B0:B8:5B:44:91:C8
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747FAD7CD87286D7B530F1561EB83D1
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/rjoLb6xRWSPJtXMLtPqwuFtEkcg.roa
Signing time:             Thu 02 Jan 2025 13:50:16 +0000
ROA not before:           Thu 02 Jan 2025 13:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        83.147.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:fa:d7:cd:87:28:6d:7b:53:0f:15:61:eb:83:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae3a0b6fac515923c9b5730bb4fab0b85b4491c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1c:3f:4b:e1:a1:d5:8f:6e:3a:bc:41:bd:03:
                    e9:8e:00:90:cf:50:38:a5:01:09:b0:40:58:46:e5:
                    fa:06:59:d5:22:cf:05:2c:9d:6f:20:74:a8:15:2f:
                    55:24:f9:8b:d2:88:7f:e2:cd:b8:01:6e:b1:fb:82:
                    74:b7:d3:01:a5:c5:6b:b4:06:24:5a:2a:92:41:9c:
                    f6:d8:b3:84:27:b0:38:26:be:a1:fb:8f:b3:2b:49:
                    41:41:40:96:85:c7:e0:97:ea:8c:bc:b3:7a:83:a1:
                    c2:9d:b3:83:34:21:3b:d0:55:13:da:8d:0e:dd:d3:
                    7f:f2:c5:83:23:86:7d:5e:3f:03:19:41:8d:ff:0c:
                    db:14:eb:35:c9:a1:25:bf:9b:ac:cb:f3:15:10:2d:
                    08:55:38:d5:ba:d6:3f:e7:10:1f:24:d7:c9:35:5f:
                    0c:4f:79:12:ff:be:0e:74:9c:db:a2:44:40:09:6d:
                    7f:08:14:50:90:2e:b1:88:7a:e1:80:d0:1a:88:b3:
                    f6:d1:4c:28:d6:46:c4:93:70:b3:8f:2b:c0:66:2e:
                    22:fb:86:81:1a:44:09:59:c5:31:e3:27:df:fe:a8:
                    27:ec:0b:0f:6d:2c:6f:71:df:5b:cb:44:5d:c4:e0:
                    e4:30:e5:e1:5b:1d:b6:c4:c6:b4:9b:c3:e2:95:3a:
                    20:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:3A:0B:6F:AC:51:59:23:C9:B5:73:0B:B4:FA:B0:B8:5B:44:91:C8
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/rjoLb6xRWSPJtXMLtPqwuFtEkcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:4a:94:0f:4f:c8:d4:c6:25:fb:eb:05:74:16:12:2d:02:ab:
         b9:f4:d8:d2:4c:c6:c1:08:4d:f1:7d:bc:49:e1:9d:b2:19:3d:
         84:83:1f:e3:f8:9d:ec:49:b9:9d:bc:21:f2:14:40:7f:76:87:
         04:75:99:cb:86:7c:39:21:0f:d1:3e:ae:f2:82:96:b9:2e:48:
         0a:15:16:75:c3:40:f3:8a:ed:46:13:d6:97:52:17:d8:21:61:
         19:af:28:48:75:3b:17:e4:f2:61:7c:5c:19:d6:d5:25:24:f3:
         e2:9f:c3:64:d2:fe:6b:e6:46:63:30:09:5a:5f:8a:8d:48:de:
         59:4f:01:83:6c:87:d9:4f:f7:50:b0:f3:a6:68:ff:a4:e8:2a:
         85:1c:15:62:80:5a:5b:f3:0d:c6:35:dc:de:5b:37:4b:38:8a:
         b8:b6:7a:69:64:bf:11:e2:84:63:fc:ce:29:77:ed:58:9b:f4:
         00:d0:b0:1c:12:04:72:d3:bb:ae:89:14:69:ea:da:2e:57:91:
         bd:66:e1:01:0a:18:88:74:e8:f0:0a:f6:98:23:28:9d:34:43:
         14:e5:a2:be:7a:fd:61:6c:cc:89:21:79:2a:85:bb:97:11:88:
         4c:88:6a:fe:22:ab:82:d0:e3:c3:de:0b:56:c9:53:23:33:18:
         43:71:d4:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/rXzYcobXtTDxVh64PRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTNhMGI2ZmFjNTE1OTIzYzliNTczMGJiNGZhYjBiODViNDQ5MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBw/S+Gh1Y9uOrxBvQPpjgCQz1A4
pQEJsEBYRuX6BlnVIs8FLJ1vIHSoFS9VJPmL0oh/4s24AW6x+4J0t9MBpcVrtAYk
WiqSQZz22LOEJ7A4Jr6h+4+zK0lBQUCWhcfgl+qMvLN6g6HCnbODNCE70FUT2o0O
3dN/8sWDI4Z9Xj8DGUGN/wzbFOs1yaElv5usy/MVEC0IVTjVutY/5xAfJNfJNV8M
T3kS/74OdJzbokRACW1/CBRQkC6xiHrhgNAaiLP20Uwo1kbEk3CzjyvAZi4i+4aB
GkQJWcUx4yff/qgn7AsPbSxvcd9by0RdxODkMOXhWx22xMa0m8PilToguQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK46C2+sUVkjybVzC7T6sLhbRJHIMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvcmpvTGI2eFJXU1BKdFhNTHRQcXd1RnRFa2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MsMA0G
CSqGSIb3DQEBCwUAA4IBAQCbSpQPT8jUxiX76wV0FhItAqu59NjSTMbBCE3xfbxJ
4Z2yGT2Egx/j+J3sSbmdvCHyFEB/docEdZnLhnw5IQ/RPq7ygpa5LkgKFRZ1w0Dz
iu1GE9aXUhfYIWEZryhIdTsX5PJhfFwZ1tUlJPPin8Nk0v5r5kZjMAlaX4qNSN5Z
TwGDbIfZT/dQsPOmaP+k6CqFHBVigFpb8w3GNdzeWzdLOIq4tnppZL8R4oRj/M4p
d+1Ym/QA0LAcEgRy07uuiRRp6touV5G9ZuEBChiIdOjwCvaYIyidNEMU5aK+ev1h
bMyJIXkqhbuXEYhMiGr+IquC0OPD3gtWyVMjMxhDcdQb
-----END CERTIFICATE-----