Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/QbRQTfaYLYmN0DX0x6kawgyd_B0.roa
File:                     QbRQTfaYLYmN0DX0x6kawgyd_B0.roa (raw, json)
Hash identifier:          X82ZtWRftbj4LkzDn2jTKQoVvUu94ZF9lagAirGdgkw=
Subject key identifier:   41:B4:50:4D:F6:98:2D:89:8D:D0:35:F4:C7:A9:1A:C2:0C:9D:FC:1D
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       018D833613674A9D585DC9228F3EF235DD61
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/QbRQTfaYLYmN0DX0x6kawgyd_B0.roa
Signing time:             Wed 07 Feb 2024 10:56:15 +0000
ROA not before:           Wed 07 Feb 2024 10:56:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        83.168.122.0/24 maxlen: 24
                          83.168.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:36:13:67:4a:9d:58:5d:c9:22:8f:3e:f2:35:dd:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Feb  7 10:56:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=41b4504df6982d898dd035f4c7a91ac20c9dfc1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d4:7f:2f:0a:06:5c:f8:e8:7f:d0:8b:05:4c:
                    93:de:4e:a5:02:8a:33:ec:ab:a7:65:09:dd:9b:34:
                    8d:12:07:93:49:51:5f:f2:5b:3b:62:69:06:e5:99:
                    3f:7c:f3:5e:78:b7:80:e5:c7:84:00:c7:dc:0e:f7:
                    28:ec:40:44:5b:6c:ca:fd:02:b0:cc:9b:86:c4:c1:
                    1e:f3:71:4d:29:87:94:51:56:5c:c3:3c:da:76:73:
                    94:75:2f:35:27:57:ca:1f:47:4a:c2:84:33:f6:ee:
                    4a:68:4b:8c:14:98:83:7e:1b:8f:7b:cb:4d:07:79:
                    79:be:20:29:80:89:16:a7:f3:9a:02:f0:bd:06:2c:
                    66:24:c7:f6:05:c7:ea:81:65:d7:66:fe:c9:32:92:
                    db:a6:34:a4:3b:d7:53:3d:1a:9c:66:7b:98:74:9c:
                    ff:ab:90:9d:32:5f:b9:41:16:bf:87:c7:71:2a:0f:
                    26:5b:1e:06:6e:63:b8:05:e1:76:01:84:a0:b0:4a:
                    ac:be:73:88:49:d8:e6:4e:f8:7a:1d:7a:a2:98:85:
                    8c:21:71:f1:7d:65:8b:8b:49:2b:14:ed:6f:b6:ee:
                    cc:23:6b:11:2d:63:69:e6:ae:dd:1f:0a:b3:b4:ee:
                    66:8b:63:13:c1:73:b7:24:17:f4:48:a8:ee:7d:39:
                    48:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B4:50:4D:F6:98:2D:89:8D:D0:35:F4:C7:A9:1A:C2:0C:9D:FC:1D
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/QbRQTfaYLYmN0DX0x6kawgyd_B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.122.0/24
                  83.168.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:1c:d9:fb:fd:8f:f7:5c:ed:6e:51:0e:41:17:bd:45:a4:54:
         61:71:01:ad:27:9f:67:cf:89:d0:1d:99:2f:a9:b2:55:bb:33:
         64:28:43:02:15:8d:36:9f:4d:c8:d3:45:ef:ca:b9:06:a1:ac:
         dd:66:f2:a5:00:42:d6:78:1e:09:4d:db:3c:ac:7d:18:54:2c:
         5e:4e:fb:3d:9f:3b:9a:19:7a:c6:18:61:f0:2c:4c:a3:0f:f4:
         66:cf:b8:3d:12:01:ad:1e:29:d8:6e:7d:a1:d6:8e:21:ac:78:
         c7:da:98:70:71:84:4e:82:85:6c:ed:59:f1:95:4f:32:8f:c6:
         9c:f5:c5:e3:08:ec:c6:b9:77:71:e1:9a:3d:78:1f:b1:45:74:
         81:a4:80:93:b0:d8:64:db:10:fe:d2:c0:0d:99:fc:5c:e9:92:
         f2:87:e0:2b:f1:3a:30:a8:35:08:c8:d2:f4:e4:7e:91:b6:3d:
         5d:38:70:bb:1a:fe:e4:16:da:dc:df:9b:26:f4:e2:d6:e8:91:
         17:0b:e0:a4:da:53:4b:a7:05:91:fc:8e:c1:06:a8:69:e3:54:
         0b:60:da:90:6c:07:a0:43:18:a1:30:06:9f:8e:18:f7:12:bf:
         62:23:d2:9e:22:9f:20:04:2d:06:1b:ae:e5:a6:3c:c1:0f:7e:
         33:93:eb:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2DNhNnSp1YXckijz7yNd1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjQwMjA3MTA1NjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWI0NTA0ZGY2OTgyZDg5OGRkMDM1ZjRjN2E5MWFjMjBjOWRmYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNR/LwoGXPjof9CLBUyT3k6lAooz
7KunZQndmzSNEgeTSVFf8ls7YmkG5Zk/fPNeeLeA5ceEAMfcDvco7EBEW2zK/QKw
zJuGxMEe83FNKYeUUVZcwzzadnOUdS81J1fKH0dKwoQz9u5KaEuMFJiDfhuPe8tN
B3l5viApgIkWp/OaAvC9BixmJMf2BcfqgWXXZv7JMpLbpjSkO9dTPRqcZnuYdJz/
q5CdMl+5QRa/h8dxKg8mWx4GbmO4BeF2AYSgsEqsvnOISdjmTvh6HXqimIWMIXHx
fWWLi0krFO1vtu7MI2sRLWNp5q7dHwqztO5mi2MTwXO3JBf0SKjufTlIIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEG0UE32mC2JjdA19MepGsIMnfwdMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvUWJSUVRmYVlMWW1OMERYMHg2a2F3Z3lkX0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU6h6AwQA
U6h9MA0GCSqGSIb3DQEBCwUAA4IBAQB/HNn7/Y/3XO1uUQ5BF71FpFRhcQGtJ59n
z4nQHZkvqbJVuzNkKEMCFY02n03I00XvyrkGoazdZvKlAELWeB4JTds8rH0YVCxe
Tvs9nzuaGXrGGGHwLEyjD/Rmz7g9EgGtHinYbn2h1o4hrHjH2phwcYROgoVs7Vnx
lU8yj8ac9cXjCOzGuXdx4Zo9eB+xRXSBpICTsNhk2xD+0sANmfxc6ZLyh+Ar8Tow
qDUIyNL05H6Rtj1dOHC7Gv7kFtrc35sm9OLW6JEXC+Ck2lNLpwWR/I7BBqhp41QL
YNqQbAegQxihMAafjhj3Er9iI9KeIp8gBC0GG67lpjzBD34zk+tr
-----END CERTIFICATE-----