Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/_EStDsqvKncv8nmMdQYe1lKRGDc.roa
File:                     _EStDsqvKncv8nmMdQYe1lKRGDc.roa (raw, json)
Hash identifier:          mfU30IEOu/Lz+mueGytm/aW//4cKKIAZllp9xiEwszs=
Subject key identifier:   FC:44:AD:0E:CA:AF:2A:77:2F:F2:79:8C:75:06:1E:D6:52:91:18:37
Certificate issuer:       /CN=f879988e0f49971a326f419e5cfacbfddcc993e7
Certificate serial:       018CC8714968CF06F9965995E46F83402A7C
Authority key identifier: F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/_EStDsqvKncv8nmMdQYe1lKRGDc.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        83.136.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:49:68:cf:06:f9:96:59:95:e4:6f:83:40:2a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f879988e0f49971a326f419e5cfacbfddcc993e7
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc44ad0ecaaf2a772ff2798c75061ed652911837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:49:01:08:60:a1:a0:69:b5:8c:cc:98:53:31:
                    9f:d0:f1:b7:92:4b:fe:3a:a4:0e:19:2f:89:3e:9d:
                    39:a6:bc:9c:ee:93:ea:ea:88:57:97:6f:ce:d8:2e:
                    fd:75:de:d6:32:4d:1a:64:92:25:49:0d:86:0b:7d:
                    05:73:c1:c9:7f:d4:96:d6:ca:9f:47:a9:2d:a1:84:
                    b4:da:47:13:f1:ac:b5:16:06:23:cf:4d:d9:4e:94:
                    4b:80:24:8b:2f:fc:ab:92:b5:1f:eb:d0:04:93:7d:
                    83:1e:0c:55:90:a9:90:da:ea:06:36:13:e7:05:d8:
                    e5:a9:3a:12:bc:73:66:00:c3:f5:cb:ba:f3:87:6d:
                    a6:1f:4e:40:4a:1e:d2:c4:7c:d1:7e:0f:bb:ca:86:
                    4e:fc:5d:62:47:24:b8:b0:9a:ec:91:17:e7:8f:67:
                    94:70:62:97:82:8e:57:a9:47:6c:8e:21:61:44:76:
                    60:42:7e:3d:31:66:c0:69:61:83:9b:ff:89:03:0a:
                    f3:a6:ff:18:93:78:b7:d7:51:58:a1:ec:1e:00:5c:
                    7f:e5:91:2c:98:80:9c:5b:96:41:24:e9:a4:02:7e:
                    44:ca:d3:37:9e:c1:a9:34:80:08:ac:06:56:29:98:
                    88:58:d5:d6:cf:26:b7:b4:d5:e6:49:9c:a8:85:64:
                    a1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:44:AD:0E:CA:AF:2A:77:2F:F2:79:8C:75:06:1E:D6:52:91:18:37
            X509v3 Authority Key Identifier:
                keyid:F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/_EStDsqvKncv8nmMdQYe1lKRGDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4e:40:ff:11:69:31:05:2c:8d:02:68:c4:d1:50:58:64:4c:de:
         45:0b:d7:ce:c5:0e:4d:f6:89:fc:39:a3:0d:ed:65:a6:03:c5:
         7f:6c:b0:8b:4b:8c:98:10:8c:b5:ff:27:bb:42:37:39:ce:34:
         80:76:de:f8:ab:9f:a7:5c:c6:a7:b0:84:0a:52:a7:8c:64:0b:
         ed:d5:21:08:44:9f:91:3b:89:82:f8:e2:ae:1a:fb:cb:cd:7e:
         40:b6:6f:8e:97:ea:16:12:d8:94:f0:49:d0:73:60:6d:ad:9d:
         c2:bb:2b:e5:f9:19:cd:fd:5e:ec:8a:d1:8b:71:5a:1a:0a:48:
         1b:15:e6:11:9d:62:c2:dd:c5:ca:f6:5f:c0:fa:01:b4:b6:2d:
         4d:df:f5:1c:20:37:a3:55:29:cf:cc:95:7e:a4:65:1a:89:3c:
         73:94:7c:a7:17:6c:24:86:7c:56:85:c5:b8:6e:66:4c:41:cb:
         f5:70:b4:26:23:ef:71:49:8f:ff:b3:c7:21:3e:fc:9f:70:88:
         05:5d:76:d4:9d:77:50:7a:91:ea:7b:85:f4:7c:96:e0:c3:8a:
         21:c4:07:c2:e4:81:3e:95:64:f9:45:a5:37:74:7f:a1:7b:92:
         60:0e:75:f6:23:bb:e1:0f:a2:cd:a9:21:8c:d2:4e:59:ff:85:
         03:f6:a5:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIcUlozwb5llmV5G+DQCp8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Nzk5ODhlMGY0OTk3MWEzMjZmNDE5ZTVjZmFjYmZkZGNj
OTkzZTcwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ0YWQwZWNhYWYyYTc3MmZmMjc5OGM3NTA2MWVkNjUyOTExODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0kBCGChoGm1jMyYUzGf0PG3kkv+
OqQOGS+JPp05pryc7pPq6ohXl2/O2C79dd7WMk0aZJIlSQ2GC30Fc8HJf9SW1sqf
R6ktoYS02kcT8ay1FgYjz03ZTpRLgCSLL/yrkrUf69AEk32DHgxVkKmQ2uoGNhPn
BdjlqToSvHNmAMP1y7rzh22mH05ASh7SxHzRfg+7yoZO/F1iRyS4sJrskRfnj2eU
cGKXgo5XqUdsjiFhRHZgQn49MWbAaWGDm/+JAwrzpv8Yk3i311FYoeweAFx/5ZEs
mICcW5ZBJOmkAn5EytM3nsGpNIAIrAZWKZiIWNXWzya3tNXmSZyohWShkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPxErQ7Kryp3L/J5jHUGHtZSkRg3MB8GA1UdIwQY
MBaAFPh5mI4PSZcaMm9Bnlz6y/3cyZPnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IbVlqZzlKbHhveWIwR2VYUHJMX2R6SmstYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0
LTA0NzBiNGJiMzBkYi8xL19FU3REc3F2S25jdjhubU1kUVllMWxLUkdEYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0LTA0NzBiNGJiMzBk
Yi8xLzEtSG1Zamc5Smx4b3liMEdlWFByTF9kekprLWMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANTiNAw
DQYJKoZIhvcNAQELBQADggEBAE5A/xFpMQUsjQJoxNFQWGRM3kUL187FDk32ifw5
ow3tZaYDxX9ssItLjJgQjLX/J7tCNznONIB23virn6dcxqewhApSp4xkC+3VIQhE
n5E7iYL44q4a+8vNfkC2b46X6hYS2JTwSdBzYG2tncK7K+X5Gc39XuyK0YtxWhoK
SBsV5hGdYsLdxcr2X8D6AbS2LU3f9RwgN6NVKc/MlX6kZRqJPHOUfKcXbCSGfFaF
xbhuZkxBy/VwtCYj73FJj/+zxyE+/J9wiAVddtSdd1B6kep7hfR8luDDiiHEB8Lk
gT6VZPlFpTd0f6F7kmAOdfYju+EPos2pIYzSTln/hQP2pSU=
-----END CERTIFICATE-----