Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/iBBI9wsmx_ZRCN_yDaZqUnSClAc.roa
File:                     iBBI9wsmx_ZRCN_yDaZqUnSClAc.roa (raw, json)
Hash identifier:          kpmtltOLlXHahYv2GFQSNQ7Emi1x37EgZXjFhKQ/xKY=
Subject key identifier:   88:10:48:F7:0B:26:C7:F6:51:08:DF:F2:0D:A6:6A:52:74:82:94:07
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       0196A0A01F840106AE2D4A0F13F941C709A3
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/iBBI9wsmx_ZRCN_yDaZqUnSClAc.roa
Signing time:             Mon 05 May 2025 13:26:10 +0000
ROA not before:           Mon 05 May 2025 13:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210119
IP address blocks:        82.137.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 01:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:a0:1f:84:01:06:ae:2d:4a:0f:13:f9:41:c7:09:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: May  5 13:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=881048f70b26c7f65108dff20da66a5274829407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9a:21:68:7e:c5:ee:2c:54:22:5e:f4:93:57:
                    34:ef:41:80:68:fe:84:f9:6a:1b:c3:d1:10:d5:f4:
                    2f:6b:b4:55:17:76:0d:84:86:74:39:55:c6:54:d3:
                    95:30:47:15:ef:90:bb:e8:4c:29:34:97:ef:7f:16:
                    4a:f8:62:64:bc:da:81:92:67:ca:73:26:4f:3f:66:
                    e1:5b:9e:65:2e:ea:31:a6:cf:ef:26:88:93:90:12:
                    e0:44:b7:f0:b4:c2:d5:ac:d4:4a:68:d1:02:a3:3c:
                    b6:77:f7:11:8d:91:cf:e7:64:e3:56:1c:91:fd:a8:
                    eb:84:88:5c:b9:c7:8a:83:4a:dc:49:2c:da:60:0b:
                    00:95:2f:95:54:ac:87:53:b6:e9:4d:7f:6a:29:05:
                    cc:f2:18:42:72:d9:2c:2f:47:a1:46:98:1e:29:c2:
                    9f:58:19:14:9c:cb:44:b5:b6:15:32:51:b7:f7:98:
                    48:bd:e8:05:49:aa:2e:d7:ae:53:2a:3a:ed:69:2d:
                    8b:5d:0c:52:d9:40:f0:34:54:5a:27:f2:c0:38:0b:
                    7c:10:81:d1:a3:be:b2:db:c7:ee:2b:0e:32:c7:c9:
                    45:bb:78:f5:d0:07:aa:af:28:44:32:05:87:17:77:
                    1f:19:f0:c3:05:c1:30:fb:2e:78:03:0f:43:72:a2:
                    cb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:10:48:F7:0B:26:C7:F6:51:08:DF:F2:0D:A6:6A:52:74:82:94:07
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/iBBI9wsmx_ZRCN_yDaZqUnSClAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.137.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:79:df:92:b4:b7:53:58:de:e9:3c:50:64:70:fa:f6:08:f0:
         e4:16:80:82:f8:b8:d8:97:8d:38:b2:a5:35:e2:a5:e8:dc:b8:
         40:33:d9:c5:6d:7a:d0:fa:de:81:24:02:75:2b:13:a8:f8:f9:
         e8:4e:7c:c1:bb:12:60:55:13:4b:85:be:16:1a:d1:08:13:c7:
         06:bb:62:e5:0e:7a:25:1a:5e:47:03:6a:2f:b4:be:74:0d:a4:
         74:45:bc:0b:32:db:db:f2:c8:53:c1:47:ea:ad:8b:46:6b:26:
         15:4b:cf:66:11:7d:de:93:ec:05:d5:f7:ae:df:ce:10:43:c1:
         57:35:a6:13:63:48:61:f0:d9:24:6f:2d:83:1d:67:a7:4b:19:
         fb:1e:98:25:6d:08:9e:c4:9a:d2:1c:8e:75:16:0c:9d:ca:de:
         bb:bb:72:c5:70:9e:a3:7b:17:b8:1f:2d:a2:4a:1a:52:94:6e:
         35:59:e0:d6:9a:e2:a6:26:8b:f2:4d:50:b9:02:68:67:40:80:
         a4:39:7d:20:50:05:f6:bd:86:19:e3:5c:c2:4c:c0:76:d1:db:
         c6:bc:0d:e9:17:ed:86:7a:cc:1c:fd:7f:28:84:bd:79:d9:31:
         b7:39:ce:a1:0d:14:c4:9f:64:36:09:43:00:7f:f3:ae:6b:79:
         d4:80:d6:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZagoB+EAQauLUoPE/lBxwmjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwNTA1MTMyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODEwNDhmNzBiMjZjN2Y2NTEwOGRmZjIwZGE2NmE1Mjc0ODI5NDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5ohaH7F7ixUIl70k1c070GAaP6E
+Wobw9EQ1fQva7RVF3YNhIZ0OVXGVNOVMEcV75C76EwpNJfvfxZK+GJkvNqBkmfK
cyZPP2bhW55lLuoxps/vJoiTkBLgRLfwtMLVrNRKaNECozy2d/cRjZHP52TjVhyR
/ajrhIhcuceKg0rcSSzaYAsAlS+VVKyHU7bpTX9qKQXM8hhCctksL0ehRpgeKcKf
WBkUnMtEtbYVMlG395hIvegFSaou165TKjrtaS2LXQxS2UDwNFRaJ/LAOAt8EIHR
o76y28fuKw4yx8lFu3j10AeqryhEMgWHF3cfGfDDBcEw+y54Aw9DcqLLMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgQSPcLJsf2UQjf8g2malJ0gpQHMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvaUJCSTl3c214X1pSQ05feURhWnFVblNDbEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUolEMA0G
CSqGSIb3DQEBCwUAA4IBAQBped+StLdTWN7pPFBkcPr2CPDkFoCC+LjYl404sqU1
4qXo3LhAM9nFbXrQ+t6BJAJ1KxOo+PnoTnzBuxJgVRNLhb4WGtEIE8cGu2LlDnol
Gl5HA2ovtL50DaR0RbwLMtvb8shTwUfqrYtGayYVS89mEX3ek+wF1feu384QQ8FX
NaYTY0hh8Nkkby2DHWenSxn7HpglbQiexJrSHI51Fgydyt67u3LFcJ6jexe4Hy2i
ShpSlG41WeDWmuKmJovyTVC5AmhnQICkOX0gUAX2vYYZ41zCTMB20dvGvA3pF+2G
eswc/X8ohL152TG3Oc6hDRTEn2Q2CUMAf/Oua3nUgNYq
-----END CERTIFICATE-----