Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/ZeR2y6StnT6e8iiUmqPt6QH7l1g.roa
File:                     ZeR2y6StnT6e8iiUmqPt6QH7l1g.roa (raw, json)
Hash identifier:          doAoquHW5ZITfsi9xWFJiGyOadFJ0V1mP2kiA85fdhY=
Subject key identifier:   65:E4:76:CB:A4:AD:9D:3E:9E:F2:28:94:9A:A3:ED:E9:01:FB:97:58
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       0198D24EEC3D23A1EDE52473D43FF3783587
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/ZeR2y6StnT6e8iiUmqPt6QH7l1g.roa
Signing time:             Fri 22 Aug 2025 15:04:04 +0000
ROA not before:           Fri 22 Aug 2025 15:04:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61112
IP address blocks:        83.147.0.0/22 maxlen: 24
                          83.147.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:4e:ec:3d:23:a1:ed:e5:24:73:d4:3f:f3:78:35:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Aug 22 15:04:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65e476cba4ad9d3e9ef228949aa3ede901fb9758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:3e:1f:07:95:0c:cc:d8:86:ea:c1:59:33:
                    0b:bd:7c:74:0e:2b:67:09:51:46:34:25:f3:a8:48:
                    65:80:a2:1a:5d:59:5e:e6:4b:38:ec:c1:4b:c2:b7:
                    0b:45:c5:23:85:a2:40:13:45:24:a9:f3:72:81:d8:
                    63:8b:dd:ed:99:4e:62:b2:dd:9b:ed:07:95:a5:e5:
                    e0:54:b4:f1:25:83:b7:67:68:6c:13:95:12:82:e5:
                    70:f5:62:ac:28:4f:97:5a:71:90:7b:aa:43:4f:2c:
                    0a:d9:65:95:78:17:81:d8:09:ba:bb:ec:8d:ff:72:
                    81:af:36:d3:fe:dc:47:33:68:a9:ce:21:0b:b9:5c:
                    52:a9:7a:5f:65:4a:84:bc:bc:04:96:ef:af:b6:31:
                    7d:d6:59:7a:e6:2f:90:0c:53:60:54:01:9f:3b:73:
                    42:35:1b:6f:03:9f:55:a6:d0:5d:e8:a7:09:e9:c6:
                    99:9b:6c:0e:c9:24:67:62:a4:4f:06:67:b9:74:f1:
                    da:5b:35:6c:ed:a1:58:db:c1:d4:5f:ee:2c:4f:2c:
                    1b:bd:5c:2a:a9:0d:42:ab:e3:59:2c:c4:ac:de:5f:
                    d2:35:33:5d:1d:05:9b:18:e1:3d:f2:1e:26:6c:05:
                    c4:8a:64:1c:83:0d:1a:cf:b6:84:2f:27:1a:75:75:
                    ac:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E4:76:CB:A4:AD:9D:3E:9E:F2:28:94:9A:A3:ED:E9:01:FB:97:58
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/ZeR2y6StnT6e8iiUmqPt6QH7l1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.0.0/22
                  83.147.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:33:d8:65:67:a9:f3:b8:70:af:55:bd:49:bc:83:32:7a:d3:
         38:61:c0:76:1e:51:45:f3:10:95:16:a5:0c:64:82:5a:8c:d2:
         23:5a:5d:5e:c7:7c:e2:d7:13:86:73:fa:80:8b:4b:a6:92:f1:
         5c:10:c8:94:ef:b3:a0:93:7d:ec:5a:5c:48:0d:80:2b:7e:1b:
         4e:30:53:d5:5d:b9:52:8d:5c:f7:4f:7d:6a:63:ca:c9:0c:74:
         b5:73:53:a4:58:fd:1a:07:0d:2c:f5:e0:77:27:27:a5:33:51:
         d6:b1:d9:9f:47:7f:d9:45:96:4a:27:73:84:4a:2e:79:2f:7c:
         6a:c2:99:15:90:0a:e3:42:56:71:b1:68:ac:bf:6b:48:d3:1e:
         b0:8e:c6:25:ac:17:19:89:ea:62:4a:4a:cc:cf:01:1e:f6:08:
         2d:ff:31:96:6d:b9:c2:c6:5e:ea:f4:0a:4c:c8:02:e4:61:8d:
         26:98:9c:88:71:b8:2a:e3:d9:58:25:99:61:ce:e3:86:80:ff:
         f7:f0:00:6b:9d:09:45:e0:43:08:4d:07:8c:ac:63:58:a4:7c:
         23:85:d9:c9:7f:70:6d:57:83:16:86:00:5a:35:8c:65:0f:06:
         db:40:1e:8d:cf:11:3e:09:6a:4c:dc:86:29:a2:a5:78:bb:f6:
         29:4c:2b:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjSTuw9I6Ht5SRz1D/zeDWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwODIyMTUwNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWU0NzZjYmE0YWQ5ZDNlOWVmMjI4OTQ5YWEzZWRlOTAxZmI5NzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP4+HweVDMzYhurBWTMLvXx0Ditn
CVFGNCXzqEhlgKIaXVle5ks47MFLwrcLRcUjhaJAE0UkqfNygdhji93tmU5ist2b
7QeVpeXgVLTxJYO3Z2hsE5USguVw9WKsKE+XWnGQe6pDTywK2WWVeBeB2Am6u+yN
/3KBrzbT/txHM2ipziELuVxSqXpfZUqEvLwElu+vtjF91ll65i+QDFNgVAGfO3NC
NRtvA59VptBd6KcJ6caZm2wOySRnYqRPBme5dPHaWzVs7aFY28HUX+4sTywbvVwq
qQ1Cq+NZLMSs3l/SNTNdHQWbGOE98h4mbAXEimQcgw0az7aELycadXWsvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGXkdsukrZ0+nvIolJqj7ekB+5dYMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvWmVSMnk2U3RuVDZlOGlpVW1xUHQ2UUg3bDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5MAAwQC
U5MMMA0GCSqGSIb3DQEBCwUAA4IBAQBvM9hlZ6nzuHCvVb1JvIMyetM4YcB2HlFF
8xCVFqUMZIJajNIjWl1ex3zi1xOGc/qAi0umkvFcEMiU77Ogk33sWlxIDYArfhtO
MFPVXblSjVz3T31qY8rJDHS1c1OkWP0aBw0s9eB3JyelM1HWsdmfR3/ZRZZKJ3OE
Si55L3xqwpkVkArjQlZxsWisv2tI0x6wjsYlrBcZiepiSkrMzwEe9ggt/zGWbbnC
xl7q9ApMyALkYY0mmJyIcbgq49lYJZlhzuOGgP/38ABrnQlF4EMITQeMrGNYpHwj
hdnJf3BtV4MWhgBaNYxlDwbbQB6NzxE+CWpM3IYpoqV4u/YpTCsT
-----END CERTIFICATE-----