Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/aac3eb-0cb4-4e23-9f70-c940ad3c008a/1/0En_rM3ItFKYLhaLLd8WBZOTlpA.roa
File:                     0En_rM3ItFKYLhaLLd8WBZOTlpA.roa (raw, json)
Hash identifier:          152maO322NYmeUI+2QBI3Muc080/yMuLJaeicPAME94=
Subject key identifier:   D0:49:FF:AC:CD:C8:B4:52:98:2E:16:8B:2D:DF:16:05:93:93:96:90
Certificate issuer:       /CN=092be762fbb10fee42d6de5567936ecd1f83ded5
Certificate serial:       01979CF6B57EA219D1D884D6552104389F04
Authority key identifier: 09:2B:E7:62:FB:B1:0F:EE:42:D6:DE:55:67:93:6E:CD:1F:83:DE:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CSvnYvuxD-5C1t5VZ5NuzR-D3tU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/aac3eb-0cb4-4e23-9f70-c940ad3c008a/1/0En_rM3ItFKYLhaLLd8WBZOTlpA.roa
Signing time:             Mon 23 Jun 2025 13:25:03 +0000
ROA not before:           Mon 23 Jun 2025 13:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209097
IP address blocks:        83.175.167.0/24 maxlen: 24
                          83.175.173.0/24 maxlen: 24
                          2a04:6e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/aac3eb-0cb4-4e23-9f70-c940ad3c008a/1/CSvnYvuxD-5C1t5VZ5NuzR-D3tU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/aac3eb-0cb4-4e23-9f70-c940ad3c008a/1/CSvnYvuxD-5C1t5VZ5NuzR-D3tU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CSvnYvuxD-5C1t5VZ5NuzR-D3tU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:f6:b5:7e:a2:19:d1:d8:84:d6:55:21:04:38:9f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=092be762fbb10fee42d6de5567936ecd1f83ded5
        Validity
            Not Before: Jun 23 13:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d049ffaccdc8b452982e168b2ddf160593939690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f9:7c:21:84:20:68:69:40:b1:25:f4:28:6c:
                    90:5a:ca:09:0b:e2:c2:e8:0e:d6:be:8b:c5:f9:b9:
                    c9:5e:3e:f4:9c:67:45:18:34:37:de:af:73:ab:6f:
                    ea:b5:b4:44:80:f4:9a:46:5d:d3:f9:62:40:49:98:
                    2b:39:b3:9e:46:9d:74:6b:55:0e:e0:c3:0c:b5:31:
                    c0:f9:68:dd:d8:38:c2:0c:03:23:5c:e2:03:5c:6b:
                    a0:d6:90:55:32:92:12:0b:5b:ed:48:53:06:69:68:
                    b0:af:6b:35:8a:cd:9a:3b:9a:c1:2e:bf:ec:4d:82:
                    d2:58:a0:b5:ee:f2:18:b3:eb:92:ba:bf:ca:78:f2:
                    ff:a5:c0:66:b0:af:8d:92:6a:79:09:71:18:0d:63:
                    51:da:fc:e9:5a:a4:a4:34:96:f7:51:82:7c:9b:2c:
                    44:ac:6b:17:8e:74:3b:1a:1e:66:10:81:a1:3a:e8:
                    ff:60:e3:d0:a2:0a:f9:a3:dd:a1:e3:64:eb:30:73:
                    b0:a1:e0:d6:7f:00:32:ea:04:7d:e2:97:4a:6b:51:
                    03:0f:0d:9b:de:a8:5f:d2:5f:65:dc:44:70:18:40:
                    55:98:97:2f:6f:b7:7b:c8:7c:2f:ec:3e:63:a3:a0:
                    27:31:c1:17:0b:29:bd:bb:4a:e4:c4:92:b7:d0:47:
                    47:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:49:FF:AC:CD:C8:B4:52:98:2E:16:8B:2D:DF:16:05:93:93:96:90
            X509v3 Authority Key Identifier:
                keyid:09:2B:E7:62:FB:B1:0F:EE:42:D6:DE:55:67:93:6E:CD:1F:83:DE:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CSvnYvuxD-5C1t5VZ5NuzR-D3tU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/aac3eb-0cb4-4e23-9f70-c940ad3c008a/1/0En_rM3ItFKYLhaLLd8WBZOTlpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/aac3eb-0cb4-4e23-9f70-c940ad3c008a/1/CSvnYvuxD-5C1t5VZ5NuzR-D3tU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.175.167.0/24
                  83.175.173.0/24
                IPv6:
                  2a04:6e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:fe:50:db:8b:e9:63:eb:70:cc:db:db:66:32:06:e7:fb:45:
         10:42:6d:8b:46:96:9a:8a:b2:2c:88:02:1a:cb:9d:24:65:f5:
         be:14:bd:5d:13:30:2c:e7:26:7d:53:f5:4d:d8:2d:07:84:e6:
         b7:fb:e5:7a:bf:96:ee:f9:d0:f4:1c:f5:4e:f3:8b:c6:32:14:
         a6:f4:5d:74:40:c9:73:10:c5:e0:c5:78:e4:c9:e7:ed:9b:e1:
         8c:bd:72:aa:1c:29:02:e8:83:96:d8:c8:8d:b4:dd:9a:f9:b7:
         e2:4a:80:b1:c5:aa:25:32:46:25:61:b9:bf:c6:3a:be:60:92:
         6d:f7:07:7d:da:b6:eb:c8:d9:53:50:bd:94:7b:23:fd:19:3d:
         e3:37:44:f0:8a:25:54:80:c6:c1:88:cf:2c:26:50:fc:99:d7:
         b5:d9:c7:a8:ae:57:a7:62:55:73:88:c3:03:ab:fb:88:d3:c7:
         86:d9:94:96:e9:d2:c6:e1:42:7c:e2:96:b7:b8:16:de:89:34:
         ef:9c:d6:75:ae:2b:10:fb:dc:30:d0:a3:20:e5:69:10:3e:44:
         d1:23:c2:75:d3:c3:48:d9:94:c2:d5:44:ad:98:b5:c0:a1:94:
         f5:a4:5f:9a:e7:f1:d3:2e:a1:50:d7:2f:60:eb:cc:82:5c:c9:
         43:6e:7b:ca
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZec9rV+ohnR2ITWVSEEOJ8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MmJlNzYyZmJiMTBmZWU0MmQ2ZGU1NTY3OTM2ZWNkMWY4
M2RlZDUwHhcNMjUwNjIzMTMyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQ5ZmZhY2NkYzhiNDUyOTgyZTE2OGIyZGRmMTYwNTkzOTM5NjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fl8IYQgaGlAsSX0KGyQWsoJC+LC
6A7WvovF+bnJXj70nGdFGDQ33q9zq2/qtbREgPSaRl3T+WJASZgrObOeRp10a1UO
4MMMtTHA+Wjd2DjCDAMjXOIDXGug1pBVMpISC1vtSFMGaWiwr2s1is2aO5rBLr/s
TYLSWKC17vIYs+uSur/KePL/pcBmsK+Nkmp5CXEYDWNR2vzpWqSkNJb3UYJ8myxE
rGsXjnQ7Gh5mEIGhOuj/YOPQogr5o92h42TrMHOwoeDWfwAy6gR94pdKa1EDDw2b
3qhf0l9l3ERwGEBVmJcvb7d7yHwv7D5jo6AnMcEXCym9u0rkxJK30EdHOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNBJ/6zNyLRSmC4Wiy3fFgWTk5aQMB8GA1UdIwQY
MBaAFAkr52L7sQ/uQtbeVWeTbs0fg97VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1N2bll2dXhELTVDMXQ1Vlo1TnV6Ui1EM3RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hYWMzZWItMGNiNC00ZTIzLTlmNzAt
Yzk0MGFkM2MwMDhhLzEvMEVuX3JNM0l0RktZTGhhTExkOFdCWk9UbHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hYWMzZWItMGNiNC00ZTIzLTlmNzAtYzk0MGFkM2MwMDhh
LzEvQ1N2bll2dXhELTVDMXQ1Vlo1TnV6Ui1EM3RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAU6+nAwQA
U6+tMA0EAgACMAcDBQMqBG6AMA0GCSqGSIb3DQEBCwUAA4IBAQA9/lDbi+lj63DM
29tmMgbn+0UQQm2LRpaairIsiAIay50kZfW+FL1dEzAs5yZ9U/VN2C0HhOa3++V6
v5bu+dD0HPVO84vGMhSm9F10QMlzEMXgxXjkyeftm+GMvXKqHCkC6IOW2MiNtN2a
+bfiSoCxxaolMkYlYbm/xjq+YJJt9wd92rbryNlTUL2UeyP9GT3jN0TwiiVUgMbB
iM8sJlD8mde12ceorlenYlVziMMDq/uI08eG2ZSW6dLG4UJ84pa3uBbeiTTvnNZ1
risQ+9ww0KMg5WkQPkTRI8J108NI2ZTC1UStmLXAoZT1pF+a5/HTLqFQ1y9g68yC
XMlDbnvK
-----END CERTIFICATE-----