Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/g8dmqB-d7-gWtV7kw3NmQBJ6GQE.roa
File:                     g8dmqB-d7-gWtV7kw3NmQBJ6GQE.roa (raw, json)
Hash identifier:          tY65EsqKgUVd5eEy+b3JWcjOnvKmYod9fbKFPbX+LkU=
Subject key identifier:   83:C7:66:A8:1F:9D:EF:E8:16:B5:5E:E4:C3:73:66:40:12:7A:19:01
Certificate issuer:       /CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
Certificate serial:       01967B4DAD04F7CB26D6DA3201B0EC1B6994
Authority key identifier: C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/g8dmqB-d7-gWtV7kw3NmQBJ6GQE.roa
Signing time:             Mon 28 Apr 2025 07:30:10 +0000
ROA not before:           Mon 28 Apr 2025 07:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        141.138.77.0/24 maxlen: 24
                          141.138.78.0/24 maxlen: 24
                          141.138.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:4d:ad:04:f7:cb:26:d6:da:32:01:b0:ec:1b:69:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
        Validity
            Not Before: Apr 28 07:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83c766a81f9defe816b55ee4c3736640127a1901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1e:ac:40:21:82:0b:eb:eb:dd:50:35:e5:3c:
                    1a:38:71:23:6c:6a:21:6b:42:35:be:48:01:6b:04:
                    d4:10:41:1d:83:32:35:79:14:53:25:be:4e:f2:76:
                    32:db:a5:78:4d:c0:c8:c9:58:76:84:f1:40:89:ef:
                    e2:a6:69:87:55:89:7a:0c:03:52:46:d3:e5:3c:31:
                    1e:ba:20:7a:3a:8d:9e:29:e6:f4:f1:34:f9:f1:a0:
                    b4:eb:3c:e6:e4:11:f4:db:c9:84:2e:17:16:29:20:
                    2c:d1:f7:fc:ec:87:c3:de:bd:65:d3:3d:6a:85:c8:
                    48:25:b9:7d:1b:0a:b2:8e:59:df:43:16:5d:ea:0a:
                    59:16:f1:a6:b8:6a:ee:6c:ea:84:f1:72:f9:f7:a0:
                    31:2b:e8:7c:96:d6:69:d0:9c:87:2f:91:cb:30:f1:
                    e4:a8:bd:3b:47:f7:41:8d:29:01:5a:a9:be:3c:9b:
                    73:f8:be:15:c8:f2:45:a4:14:36:c9:d1:0b:f5:e1:
                    b1:fa:ef:6e:73:38:f0:85:13:ca:ac:79:f6:83:8b:
                    05:f5:e4:29:22:ea:e9:0c:cd:10:40:7e:46:b7:2f:
                    33:b4:d7:bb:1b:05:2a:6c:2a:1a:00:04:71:76:58:
                    86:46:02:86:49:86:83:ea:1c:27:93:06:ca:d1:d2:
                    6c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C7:66:A8:1F:9D:EF:E8:16:B5:5E:E4:C3:73:66:40:12:7A:19:01
            X509v3 Authority Key Identifier:
                keyid:C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/g8dmqB-d7-gWtV7kw3NmQBJ6GQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.77.0-141.138.79.255

    Signature Algorithm: sha256WithRSAEncryption
         9d:80:18:c0:d9:15:97:1c:45:54:95:4e:e7:f0:10:25:8b:41:
         e3:37:32:25:bb:1e:48:62:cb:ae:3b:73:65:0a:09:c4:c6:d1:
         3a:76:5c:aa:d1:9c:2f:a2:59:af:2d:a4:89:55:e9:38:53:e9:
         e2:7f:01:31:23:c6:dc:9f:7e:3c:bf:97:c2:1d:07:09:06:02:
         f1:91:7f:c5:9d:c2:1d:bd:26:81:a2:6c:30:e4:23:90:51:c6:
         43:16:10:e3:5a:30:9a:2b:09:92:de:bb:45:74:c5:78:f3:30:
         1f:e9:7f:e3:b9:e5:34:bd:56:39:bc:fe:48:8b:69:74:8b:13:
         4d:a9:44:73:96:49:1d:b8:02:ec:3b:81:d8:85:4f:05:13:31:
         b0:83:1e:11:5f:51:92:2c:ce:50:cd:f4:fa:5d:95:c0:37:34:
         14:32:09:85:c8:2b:5e:e7:06:0c:14:ce:f6:d1:13:37:a2:ce:
         c2:be:56:27:0b:4e:e7:7b:d1:f2:7d:8e:c4:e4:47:02:9c:50:
         3b:c7:ea:7b:75:b3:84:d6:4a:a0:d0:f3:52:fe:8d:19:31:08:
         e4:e6:c1:64:24:04:cf:51:65:b4:31:24:d8:4a:73:cb:3f:e1:
         33:12:0a:0c:fa:be:da:5b:37:95:07:71:ca:54:16:f5:8f:55:
         46:79:55:89
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZ7Ta0E98sm1toyAbDsG2mUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGFkYWZiMWYzMWY5ODg5YWE0NzM1NzkyYjZlM2RiNDY5
MzFiYjkwHhcNMjUwNDI4MDczMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M3NjZhODFmOWRlZmU4MTZiNTVlZTRjMzczNjY0MDEyN2ExOTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4R6sQCGCC+vr3VA15TwaOHEjbGoh
a0I1vkgBawTUEEEdgzI1eRRTJb5O8nYy26V4TcDIyVh2hPFAie/ipmmHVYl6DANS
RtPlPDEeuiB6Oo2eKeb08TT58aC06zzm5BH028mELhcWKSAs0ff87IfD3r1l0z1q
hchIJbl9GwqyjlnfQxZd6gpZFvGmuGrubOqE8XL596AxK+h8ltZp0JyHL5HLMPHk
qL07R/dBjSkBWqm+PJtz+L4VyPJFpBQ2ydEL9eGx+u9uczjwhRPKrHn2g4sF9eQp
IurpDM0QQH5Gty8ztNe7GwUqbCoaAARxdliGRgKGSYaD6hwnkwbK0dJsiQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIPHZqgfne/oFrVe5MNzZkASehkBMB8GA1UdIwQY
MBaAFMmK2vsfMfmImqRzV5K249tGkxu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYt
M2IxMDNkNWE2OTBhLzEvZzhkbXFCLWQ3LWdXdFY3a3czTm1RQko2R1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYtM2IxMDNkNWE2OTBh
LzEveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACNik0D
BASNikAwDQYJKoZIhvcNAQELBQADggEBAJ2AGMDZFZccRVSVTufwECWLQeM3MiW7
Hkhiy647c2UKCcTG0Tp2XKrRnC+iWa8tpIlV6ThT6eJ/ATEjxtyffjy/l8IdBwkG
AvGRf8Wdwh29JoGibDDkI5BRxkMWEONaMJorCZLeu0V0xXjzMB/pf+O55TS9Vjm8
/kiLaXSLE02pRHOWSR24Auw7gdiFTwUTMbCDHhFfUZIszlDN9PpdlcA3NBQyCYXI
K17nBgwUzvbREzeizsK+VicLTud70fJ9jsTkRwKcUDvH6nt1s4TWSqDQ81L+jRkx
COTmwWQkBM9RZbQxJNhKc8s/4TMSCgz6vtpbN5UHccpUFvWPVUZ5VYk=
-----END CERTIFICATE-----