Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/4XDgKO79XmXOb4-G5xTONVrvgW0.roa
File:                     4XDgKO79XmXOb4-G5xTONVrvgW0.roa (raw, json)
Hash identifier:          tGjUxZ/kXi8ihM39nHigT0xXtfrY2RyKK9rqdogl5Ys=
Subject key identifier:   E1:70:E0:28:EE:FD:5E:65:CE:6F:8F:86:E7:14:CE:35:5A:EF:81:6D
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       01962489E7AEB6C65CF706DF920CE249CFE6
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/4XDgKO79XmXOb4-G5xTONVrvgW0.roa
Signing time:             Fri 11 Apr 2025 11:08:59 +0000
ROA not before:           Fri 11 Apr 2025 11:08:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        83.147.232.0/22 maxlen: 24
                          178.253.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:24:89:e7:ae:b6:c6:5c:f7:06:df:92:0c:e2:49:cf:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 11 11:08:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e170e028eefd5e65ce6f8f86e714ce355aef816d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:0d:65:f7:59:12:e6:15:9e:ab:a2:99:ee:e4:
                    cd:09:20:20:57:19:bd:f5:31:01:f7:39:42:55:3b:
                    b7:20:32:c9:da:20:75:ed:ac:9a:f7:2f:01:22:4a:
                    9b:91:42:83:11:40:b5:79:96:6a:94:94:4f:82:31:
                    c6:8e:48:2f:b8:2c:f9:82:e2:fe:05:b5:20:6b:93:
                    bc:d9:a8:87:cb:5a:f2:2f:78:6f:a7:65:d3:7e:15:
                    73:b7:aa:ee:94:93:ce:68:a6:62:ab:13:9b:d0:b6:
                    85:88:fc:f6:d4:11:00:1b:05:f1:4b:68:b4:b0:78:
                    7e:9d:9c:2e:e4:15:c3:0c:b4:7b:19:13:cb:d4:b3:
                    a5:71:8e:84:54:ed:c9:86:75:99:8e:44:e8:ca:2b:
                    7e:be:79:9d:48:aa:93:04:08:93:22:bc:e8:31:13:
                    28:99:a6:a2:51:cf:a4:0e:52:c1:f4:70:26:98:99:
                    bb:21:7c:6b:f9:5e:27:84:76:98:16:10:9f:57:62:
                    de:d1:f5:40:2f:bd:07:84:8c:4b:e3:ef:8d:7e:40:
                    8d:c7:00:22:54:18:3c:69:d8:70:76:d7:f1:6c:1f:
                    17:04:e5:6d:0b:3b:fa:70:5e:2a:37:18:59:22:a9:
                    29:c3:ea:12:39:d5:09:cc:98:5b:ca:8e:de:02:42:
                    84:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:70:E0:28:EE:FD:5E:65:CE:6F:8F:86:E7:14:CE:35:5A:EF:81:6D
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/4XDgKO79XmXOb4-G5xTONVrvgW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.232.0/22
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:38:86:8d:fa:61:62:cb:2e:5b:8b:ca:4b:58:28:9a:0b:ae:
         33:10:7f:ff:d3:b2:3b:8d:e8:1d:83:61:46:fb:d2:b1:d0:05:
         68:87:27:34:11:ee:7a:62:43:02:09:55:9e:21:c6:2a:53:86:
         59:c9:5b:31:98:15:a3:21:a5:a8:49:6c:71:7e:1b:89:2c:22:
         8f:ac:0d:22:e8:66:38:77:22:05:f6:f6:d4:07:f4:48:e3:12:
         48:75:0c:07:bb:6a:78:b6:0e:af:35:c5:d7:7f:29:49:9b:db:
         09:0b:22:ec:91:87:ac:b7:08:09:29:c4:96:a4:b5:13:c5:3d:
         42:f3:92:c2:94:1d:de:fa:b6:10:e8:88:b3:43:b5:cf:28:00:
         4d:d5:07:60:39:f3:66:00:6f:07:3c:f7:fd:34:25:77:33:96:
         0b:6d:c5:57:57:05:f3:27:ad:41:9c:3e:c8:d5:60:50:2f:dd:
         a2:8d:fc:ae:42:ff:74:12:2d:a9:23:29:29:ba:42:a4:c3:b4:
         fa:18:79:91:a3:32:08:95:21:0c:94:76:a8:d0:dd:55:46:8e:
         c9:11:4f:00:7e:19:19:10:ac:c7:64:40:ab:96:db:75:7f:a5:
         29:84:d5:21:06:ed:80:d3:fd:a8:b1:51:2a:ac:4e:49:8d:86:
         a1:1a:30:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYkieeutsZc9wbfkgziSc/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwNDExMTEwODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTcwZTAyOGVlZmQ1ZTY1Y2U2ZjhmODZlNzE0Y2UzNTVhZWY4MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Q1l91kS5hWeq6KZ7uTNCSAgVxm9
9TEB9zlCVTu3IDLJ2iB17aya9y8BIkqbkUKDEUC1eZZqlJRPgjHGjkgvuCz5guL+
BbUga5O82aiHy1ryL3hvp2XTfhVzt6rulJPOaKZiqxOb0LaFiPz21BEAGwXxS2i0
sHh+nZwu5BXDDLR7GRPL1LOlcY6EVO3JhnWZjkToyit+vnmdSKqTBAiTIrzoMRMo
maaiUc+kDlLB9HAmmJm7IXxr+V4nhHaYFhCfV2Le0fVAL70HhIxL4++NfkCNxwAi
VBg8adhwdtfxbB8XBOVtCzv6cF4qNxhZIqkpw+oSOdUJzJhbyo7eAkKEhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOFw4Cju/V5lzm+PhucUzjVa74FtMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvNFhEZ0tPNzlYbVhPYjQtRzV4VE9OVnJ2Z1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5PoAwQB
sv0mMA0GCSqGSIb3DQEBCwUAA4IBAQAmOIaN+mFiyy5bi8pLWCiaC64zEH//07I7
jegdg2FG+9Kx0AVohyc0Ee56YkMCCVWeIcYqU4ZZyVsxmBWjIaWoSWxxfhuJLCKP
rA0i6GY4dyIF9vbUB/RI4xJIdQwHu2p4tg6vNcXXfylJm9sJCyLskYestwgJKcSW
pLUTxT1C85LClB3e+rYQ6IizQ7XPKABN1QdgOfNmAG8HPPf9NCV3M5YLbcVXVwXz
J61BnD7I1WBQL92ijfyuQv90Ei2pIykpukKkw7T6GHmRozIIlSEMlHao0N1VRo7J
EU8AfhkZEKzHZECrltt1f6UphNUhBu2A0/2osVEqrE5JjYahGjDa
-----END CERTIFICATE-----