Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/QTxGYMkOLUpoge3O0bLLr5gZVVU.roa
File:                     QTxGYMkOLUpoge3O0bLLr5gZVVU.roa (raw, json)
Hash identifier:          1pTHT9/lv01tyf7uuf6zA2fz5A7scKRnSYS1gpcjmh0=
Subject key identifier:   41:3C:46:60:C9:0E:2D:4A:68:81:ED:CE:D1:B2:CB:AF:98:19:55:55
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB5B90D139FA35150024120FDC3D5
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/QTxGYMkOLUpoge3O0bLLr5gZVVU.roa
Signing time:             Tue 02 Jan 2024 08:29:25 +0000
ROA not before:           Tue 02 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        83.147.62.0/24 maxlen: 24
                          83.147.22.0/24 maxlen: 24
                          83.147.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b5:b9:0d:13:9f:a3:51:50:02:41:20:fd:c3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=413c4660c90e2d4a6881edced1b2cbaf98195555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:44:78:67:7b:af:b1:3c:5f:75:b6:e4:a9:d7:
                    d5:45:7c:4a:a6:ae:83:b4:99:49:c4:96:48:5b:35:
                    ed:80:4f:8a:70:29:7b:27:b2:4d:ea:c3:9d:f6:df:
                    f7:df:d8:5e:31:fc:b7:b0:2a:5f:2f:d3:2d:13:75:
                    c5:5d:2c:f6:08:35:68:24:02:81:9e:0a:b9:1e:65:
                    bd:f2:99:1b:b3:91:7c:01:1f:29:cf:a1:a3:42:bc:
                    8a:7a:b6:a9:c4:fb:ba:50:29:4e:0d:ed:73:0e:c0:
                    9f:c4:a6:bb:c8:c5:0d:ce:78:4a:57:fe:a6:75:ca:
                    76:61:ee:47:51:ed:92:6b:62:dd:04:c3:65:f0:51:
                    c9:4c:2b:4d:20:46:4e:d3:44:27:1c:fe:53:a6:6a:
                    f0:ff:79:9c:c2:5a:00:01:b1:1f:f6:56:ca:94:d3:
                    8b:81:fe:8b:56:0c:d1:90:58:fe:ed:ae:51:47:85:
                    b5:e6:0a:7b:a2:b3:06:48:42:43:39:d6:bf:5e:76:
                    d1:b1:6c:f6:72:a7:c6:0d:b8:da:f6:16:b4:16:46:
                    85:3a:eb:f6:38:35:67:70:6d:9c:6a:ed:5f:aa:64:
                    b1:2d:e1:28:cc:56:83:2f:1f:d5:b4:54:71:99:d5:
                    87:82:c2:43:cc:ba:6f:a8:9e:a2:92:10:0c:d2:a2:
                    29:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:3C:46:60:C9:0E:2D:4A:68:81:ED:CE:D1:B2:CB:AF:98:19:55:55
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/QTxGYMkOLUpoge3O0bLLr5gZVVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.22.0/24
                  83.147.32.0/22
                  83.147.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:d2:07:2a:5f:b9:cf:5a:67:65:60:13:17:77:c4:a8:c0:ae:
         48:5c:7d:4c:e4:d7:a3:d3:25:2d:2e:1a:05:d9:cc:67:af:f8:
         c4:9e:b7:f7:14:d4:f7:24:70:17:82:18:25:b9:f3:a4:85:86:
         96:88:1d:ef:d9:30:be:e0:ee:7b:52:ff:23:7e:58:bd:66:66:
         ea:a0:70:12:45:c2:52:ee:b3:12:5a:3b:89:bb:14:e1:f4:37:
         45:e4:3f:c0:da:d3:17:52:08:c0:1a:7c:77:43:fa:61:07:8d:
         96:e6:54:f4:d7:df:7f:f9:5c:9c:58:fa:e3:c5:c2:b5:83:6a:
         7b:46:6a:2c:0b:a8:27:2e:ce:b9:21:db:fc:fa:73:d0:db:29:
         0f:b7:0c:63:21:b5:dc:a9:97:f9:45:21:78:d1:e0:20:0f:f3:
         da:86:54:15:9c:57:68:da:5a:b5:cd:c9:8d:d7:a2:5c:1e:9c:
         8a:1d:1d:95:db:ab:a4:82:45:a4:5f:47:05:cb:64:b0:e7:32:
         31:72:ef:4a:7e:1a:15:12:a7:a8:b9:81:20:a5:da:48:e2:e2:
         25:2b:cc:d7:3f:28:90:06:31:bc:1d:50:4b:fc:2c:a5:ad:1b:
         b4:0e:ce:fb:6a:31:65:d8:d0:88:bf:40:02:64:8d:54:db:fd:
         5b:db:24:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJSrW5DROfo1FQAkEg/cPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTNjNDY2MGM5MGUyZDRhNjg4MWVkY2VkMWIyY2JhZjk4MTk1NTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUR4Z3uvsTxfdbbkqdfVRXxKpq6D
tJlJxJZIWzXtgE+KcCl7J7JN6sOd9t/339heMfy3sCpfL9MtE3XFXSz2CDVoJAKB
ngq5HmW98pkbs5F8AR8pz6GjQryKerapxPu6UClODe1zDsCfxKa7yMUNznhKV/6m
dcp2Ye5HUe2Sa2LdBMNl8FHJTCtNIEZO00QnHP5Tpmrw/3mcwloAAbEf9lbKlNOL
gf6LVgzRkFj+7a5RR4W15gp7orMGSEJDOda/XnbRsWz2cqfGDbja9ha0FkaFOuv2
ODVncG2cau1fqmSxLeEozFaDLx/VtFRxmdWHgsJDzLpvqJ6ikhAM0qIpiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEE8RmDJDi1KaIHtztGyy6+YGVVVMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvUVR4R1lNa09MVXBvZ2UzTzBiTExyNWdaVlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU5MWAwQC
U5MgAwQAU5M+MA0GCSqGSIb3DQEBCwUAA4IBAQB/0gcqX7nPWmdlYBMXd8SowK5I
XH1M5Nej0yUtLhoF2cxnr/jEnrf3FNT3JHAXghglufOkhYaWiB3v2TC+4O57Uv8j
fli9ZmbqoHASRcJS7rMSWjuJuxTh9DdF5D/A2tMXUgjAGnx3Q/phB42W5lT0199/
+VycWPrjxcK1g2p7RmosC6gnLs65Idv8+nPQ2ykPtwxjIbXcqZf5RSF40eAgD/Pa
hlQVnFdo2lq1zcmN16JcHpyKHR2V26ukgkWkX0cFy2Sw5zIxcu9KfhoVEqeouYEg
pdpI4uIlK8zXPyiQBjG8HVBL/CylrRu0Ds77ajFl2NCIv0ACZI1U2/1b2yRk
-----END CERTIFICATE-----