Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/7EDjoF5mutdcAJvIdfxor5LfZp4.roa
File:                     7EDjoF5mutdcAJvIdfxor5LfZp4.roa (raw, json)
Hash identifier:          O7ykZyXLu8J+CJMyCpWG1jkMtL50tJC56CgoAtaouX0=
Subject key identifier:   EC:40:E3:A0:5E:66:BA:D7:5C:00:9B:C8:75:FC:68:AF:92:DF:66:9E
Certificate issuer:       /CN=89b332d57ce14fab1ebd746817dd701062c74a88
Certificate serial:       018CC795124FEFC57D8E3FA2D129E1A25ED2
Authority key identifier: 89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/7EDjoF5mutdcAJvIdfxor5LfZp4.roa
Signing time:             Tue 02 Jan 2024 00:31:24 +0000
ROA not before:           Tue 02 Jan 2024 00:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39830
IP address blocks:        83.173.125.0/24 maxlen: 24
                          83.173.124.0/23 maxlen: 24
                          83.173.124.0/24 maxlen: 24
                          83.173.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/ibMy1XzhT6sevXRoF91wEGLHSog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/ibMy1XzhT6sevXRoF91wEGLHSog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:12:4f:ef:c5:7d:8e:3f:a2:d1:29:e1:a2:5e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89b332d57ce14fab1ebd746817dd701062c74a88
        Validity
            Not Before: Jan  2 00:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec40e3a05e66bad75c009bc875fc68af92df669e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d5:a6:64:0e:c8:82:93:9c:f2:6c:2a:8f:45:
                    b9:36:a0:95:4e:a0:79:7d:b6:5d:05:28:0e:76:51:
                    3b:50:41:84:6a:a1:a1:85:4d:e2:ad:c7:e7:de:1d:
                    01:7f:8b:44:c5:da:1e:57:8e:a9:62:92:59:a6:8e:
                    23:c1:d3:1e:e4:a8:c6:cc:d2:30:86:58:07:21:63:
                    7c:87:27:65:ab:98:b8:fc:67:16:ea:49:de:5a:20:
                    86:9b:51:e2:84:38:cc:c0:93:ef:2e:03:d1:dd:a7:
                    54:11:09:a7:66:88:23:bc:a5:b5:43:fb:7d:f4:e2:
                    97:12:69:35:62:1c:cb:c3:15:dc:c5:8a:15:3a:a9:
                    f6:77:42:be:d6:aa:dc:4b:3f:33:91:e2:d3:9a:95:
                    ab:e4:d5:9d:de:8e:eb:4f:5e:c2:a2:f8:89:ac:ac:
                    80:26:92:20:41:c0:c9:6b:9e:57:83:f2:c1:f6:73:
                    0e:9a:22:06:99:7e:1a:92:84:41:e6:80:f1:c5:78:
                    dd:a4:d4:4a:e6:28:b1:76:0c:7e:52:96:45:cb:89:
                    f0:0a:b3:4e:fd:e3:c6:8a:14:f9:be:ea:14:d0:27:
                    c6:e0:fa:00:59:2a:2f:b4:68:a4:c7:b8:48:61:f9:
                    a9:3b:01:1c:33:e6:d8:f1:c5:5f:f2:4d:e4:97:28:
                    c1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:40:E3:A0:5E:66:BA:D7:5C:00:9B:C8:75:FC:68:AF:92:DF:66:9E
            X509v3 Authority Key Identifier:
                keyid:89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/7EDjoF5mutdcAJvIdfxor5LfZp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/ibMy1XzhT6sevXRoF91wEGLHSog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.173.124.0-83.173.126.255

    Signature Algorithm: sha256WithRSAEncryption
         76:1c:46:6e:d9:e5:45:93:2b:94:38:81:eb:51:21:c7:d3:63:
         e5:eb:bb:ba:3e:48:61:e5:c4:4d:c7:58:68:d7:41:79:54:d1:
         a3:e4:2f:71:ce:a2:6e:b6:88:4f:a9:05:68:eb:0f:c4:f6:99:
         ff:e8:1d:f0:b2:eb:63:f4:c6:90:b1:ef:a5:1e:61:92:16:78:
         17:aa:fa:97:c6:f3:24:7b:a5:c7:ac:af:ac:db:85:30:87:cf:
         e2:d7:59:f9:07:9b:d1:06:b9:80:8f:6b:2d:f8:6b:7c:35:0c:
         1a:c1:9a:50:ae:6a:d2:6f:d7:71:9e:ae:d6:0b:92:46:7b:f3:
         fe:02:43:f3:68:c1:74:78:ca:43:5c:83:b1:1d:86:f3:99:ce:
         a5:44:3a:3a:3f:6b:e2:63:b9:28:ee:7b:69:80:48:b5:0f:b1:
         44:30:18:01:ce:3b:ea:45:4f:4e:07:68:95:f9:86:78:39:a0:
         bd:29:ca:23:af:07:10:59:65:9e:44:8a:d1:a5:77:14:17:c9:
         01:9b:6b:d9:04:dd:03:f2:aa:2f:44:41:f2:d8:1a:32:5a:9b:
         a1:ca:82:54:b0:cf:29:8c:fa:25:7b:26:98:ff:1b:15:78:18:
         65:e2:7f:f1:d2:4f:47:0f:5f:ce:2a:90:de:86:7c:5c:29:a2:
         be:39:4f:b3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlRJP78V9jj+i0Snhol7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YjMzMmQ1N2NlMTRmYWIxZWJkNzQ2ODE3ZGQ3MDEwNjJj
NzRhODgwHhcNMjQwMTAyMDAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQwZTNhMDVlNjZiYWQ3NWMwMDliYzg3NWZjNjhhZjkyZGY2NjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtWmZA7IgpOc8mwqj0W5NqCVTqB5
fbZdBSgOdlE7UEGEaqGhhU3ircfn3h0Bf4tExdoeV46pYpJZpo4jwdMe5KjGzNIw
hlgHIWN8hydlq5i4/GcW6kneWiCGm1HihDjMwJPvLgPR3adUEQmnZogjvKW1Q/t9
9OKXEmk1YhzLwxXcxYoVOqn2d0K+1qrcSz8zkeLTmpWr5NWd3o7rT17CoviJrKyA
JpIgQcDJa55Xg/LB9nMOmiIGmX4akoRB5oDxxXjdpNRK5iixdgx+UpZFy4nwCrNO
/ePGihT5vuoU0CfG4PoAWSovtGikx7hIYfmpOwEcM+bY8cVf8k3klyjBNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOxA46BeZrrXXACbyHX8aK+S32aeMB8GA1UdIwQY
MBaAFImzMtV84U+rHr10aBfdcBBix0qIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJNeTFYemhUNnNldlhSb0Y5MXdFR0xIU29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84MTcxOWQtNDY3Yy00YWY3LWE4MjQt
NDZhMGRmNzc0ZmUxLzEvN0VEam9GNW11dGRjQUp2SWRmeG9yNUxmWnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84MTcxOWQtNDY3Yy00YWY3LWE4MjQtNDZhMGRmNzc0ZmUx
LzEvaWJNeTFYemhUNnNldlhSb0Y5MXdFR0xIU29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJTrXwD
BABTrX4wDQYJKoZIhvcNAQELBQADggEBAHYcRm7Z5UWTK5Q4getRIcfTY+Xru7o+
SGHlxE3HWGjXQXlU0aPkL3HOom62iE+pBWjrD8T2mf/oHfCy62P0xpCx76UeYZIW
eBeq+pfG8yR7pcesr6zbhTCHz+LXWfkHm9EGuYCPay34a3w1DBrBmlCuatJv13Ge
rtYLkkZ78/4CQ/NowXR4ykNcg7EdhvOZzqVEOjo/a+JjuSjue2mASLUPsUQwGAHO
O+pFT04HaJX5hng5oL0pyiOvBxBZZZ5EitGldxQXyQGba9kE3QPyqi9EQfLYGjJa
m6HKglSwzymM+iV7Jpj/GxV4GGXif/HST0cPX84qkN6GfFwpor45T7M=
-----END CERTIFICATE-----