Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/ByVryttsRUdiyHYdCv2-hUGfDwY.roa
File:                     ByVryttsRUdiyHYdCv2-hUGfDwY.roa (raw, json)
Hash identifier:          013uNE62l61fY9rqRgV8nt4bYbUpDg24PN8yEA/A1jQ=
Subject key identifier:   07:25:6B:CA:DB:6C:45:47:62:C8:76:1D:0A:FD:BE:85:41:9F:0F:06
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       01966C2E4583830C494C9CD8342A641A1AB5
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/ByVryttsRUdiyHYdCv2-hUGfDwY.roa
Signing time:             Fri 25 Apr 2025 09:01:33 +0000
ROA not before:           Fri 25 Apr 2025 09:01:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31304
IP address blocks:        83.168.96.0/23 maxlen: 24
                          83.168.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:2e:45:83:83:0c:49:4c:9c:d8:34:2a:64:1a:1a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Apr 25 09:01:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07256bcadb6c454762c8761d0afdbe85419f0f06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:53:0e:ac:55:0a:53:09:e3:3b:b6:41:15:b5:
                    4c:4d:85:c3:b0:a5:e8:7d:85:12:57:e8:c6:67:49:
                    18:07:71:54:c7:ef:1a:ab:ca:7a:f7:2b:28:ea:50:
                    c3:f2:db:e2:d0:9b:9e:e2:29:17:e7:72:3c:96:22:
                    7d:a3:ad:5a:32:7b:de:ec:33:61:f8:e5:11:62:a0:
                    a5:4f:1a:e2:9b:cb:45:8c:87:84:13:41:83:58:b6:
                    9b:37:0f:48:05:42:52:3f:9e:93:75:a2:1b:59:3d:
                    c5:94:5e:32:d0:51:cd:6c:90:96:14:36:02:1d:a7:
                    21:05:30:4c:a5:7b:d9:e7:81:d5:4e:46:b6:e8:8c:
                    0e:7b:e9:06:29:9b:2f:47:46:9a:b1:84:7d:11:d1:
                    07:36:7f:b0:48:5d:eb:84:53:3d:2b:06:e1:d5:54:
                    ff:eb:83:67:07:21:19:55:27:36:ed:8b:1e:57:0c:
                    ae:01:c6:5b:9a:91:5e:50:01:e5:7e:35:56:5b:05:
                    e7:8d:a6:56:32:da:b1:be:60:50:a8:c7:52:80:f9:
                    47:f5:f3:b8:4b:06:39:2e:49:97:51:69:52:21:df:
                    38:9e:a7:f5:05:c9:3f:83:06:ba:4c:ea:25:b4:5e:
                    3d:33:ee:e9:03:b7:33:29:02:39:00:45:57:7f:04:
                    4e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:25:6B:CA:DB:6C:45:47:62:C8:76:1D:0A:FD:BE:85:41:9F:0F:06
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/ByVryttsRUdiyHYdCv2-hUGfDwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.96.0/23
                  83.168.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:17:84:69:7c:6f:8e:29:f2:d2:01:48:d8:db:89:0a:b4:dd:
         51:d2:be:f3:91:58:92:43:26:32:9c:b3:12:c1:81:fc:69:4b:
         4c:7b:c4:63:4e:47:b1:6f:bf:e7:4f:49:26:e1:8d:e3:0a:c3:
         f2:15:6e:ce:4a:f8:99:b9:e5:1d:3c:cf:6b:56:39:01:bd:3d:
         62:04:75:bb:ba:ae:54:96:25:46:8e:14:d1:b2:29:2a:48:c0:
         f1:11:73:06:fc:d1:31:8e:d2:fe:dc:0c:46:28:f7:20:c3:6a:
         d6:cb:ba:5a:2a:f5:e3:6f:19:24:4b:77:5f:dc:f3:43:cb:10:
         ec:d8:0b:c4:1f:30:31:5c:30:a3:d0:85:cb:5b:d0:13:52:fd:
         71:25:a3:33:ff:2f:8a:84:2b:0c:e2:af:da:ea:a0:fc:20:05:
         ac:72:4e:aa:5a:f7:16:bb:6b:38:66:69:c6:46:1b:e4:62:60:
         d7:d2:e8:cb:fa:29:5e:0a:44:e8:48:e3:25:19:b7:cf:89:e5:
         1a:1d:30:81:08:e2:17:46:09:e5:01:c2:32:93:47:0f:32:be:
         6f:ef:fa:54:1c:aa:be:e7:e7:6d:ab:99:dd:5f:19:a4:2e:fa:
         fe:a2:6d:1e:11:e9:52:a2:62:44:5a:dd:28:6a:c3:65:08:5c:
         62:9a:55:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZsLkWDgwxJTJzYNCpkGhq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjUwNDI1MDkwMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzI1NmJjYWRiNmM0NTQ3NjJjODc2MWQwYWZkYmU4NTQxOWYwZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFMOrFUKUwnjO7ZBFbVMTYXDsKXo
fYUSV+jGZ0kYB3FUx+8aq8p69yso6lDD8tvi0Jue4ikX53I8liJ9o61aMnve7DNh
+OURYqClTxrim8tFjIeEE0GDWLabNw9IBUJSP56TdaIbWT3FlF4y0FHNbJCWFDYC
HachBTBMpXvZ54HVTka26IwOe+kGKZsvR0aasYR9EdEHNn+wSF3rhFM9Kwbh1VT/
64NnByEZVSc27YseVwyuAcZbmpFeUAHlfjVWWwXnjaZWMtqxvmBQqMdSgPlH9fO4
SwY5LkmXUWlSId84nqf1Bck/gwa6TOoltF49M+7pA7czKQI5AEVXfwROiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAcla8rbbEVHYsh2HQr9voVBnw8GMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvQnlWcnl0dHNSVWRpeUhZZEN2Mi1oVUdmRHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBU6hgAwQA
U6hvMA0GCSqGSIb3DQEBCwUAA4IBAQCLF4RpfG+OKfLSAUjY24kKtN1R0r7zkViS
QyYynLMSwYH8aUtMe8RjTkexb7/nT0km4Y3jCsPyFW7OSviZueUdPM9rVjkBvT1i
BHW7uq5UliVGjhTRsikqSMDxEXMG/NExjtL+3AxGKPcgw2rWy7paKvXjbxkkS3df
3PNDyxDs2AvEHzAxXDCj0IXLW9ATUv1xJaMz/y+KhCsM4q/a6qD8IAWsck6qWvcW
u2s4ZmnGRhvkYmDX0ujL+ileCkToSOMlGbfPieUaHTCBCOIXRgnlAcIyk0cPMr5v
7/pUHKq+5+dtq5ndXxmkLvr+om0eEelSomJEWt0oasNlCFximlUs
-----END CERTIFICATE-----