Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/7oRngLTIyLusPJE0RlFARO6cCe0.roa
File:                     7oRngLTIyLusPJE0RlFARO6cCe0.roa (raw, json)
Hash identifier:          urpgNoECvF0UQwPVjST6lveX1B/rldtKkZi+ctJ0EUc=
Subject key identifier:   EE:84:67:80:B4:C8:C8:BB:AC:3C:91:34:46:51:40:44:EE:9C:09:ED
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC953BB1FC8778D67D1A456EB06621
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/7oRngLTIyLusPJE0RlFARO6cCe0.roa
Signing time:             Tue 02 Jan 2024 10:33:48 +0000
ROA not before:           Tue 02 Jan 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394808
IP address blocks:        83.231.150.192/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:95:3b:b1:fc:87:78:d6:7d:1a:45:6e:b0:66:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee846780b4c8c8bbac3c913446514044ee9c09ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:32:15:15:f9:b1:ae:c4:c7:d9:ed:b4:11:57:
                    4b:1a:d0:56:9a:26:49:5a:78:6f:08:f4:03:1a:d4:
                    9b:0c:aa:48:99:37:2c:e1:40:44:23:36:1b:58:91:
                    32:9e:4a:d4:c8:68:12:87:f0:36:db:6c:f2:e1:5c:
                    fb:c0:7f:df:a4:3d:3d:a0:6b:c9:d9:6c:d2:21:38:
                    22:06:f7:e2:63:ca:51:c3:c8:cd:61:61:e3:7e:a2:
                    b2:55:70:0b:05:dc:50:b8:97:31:c0:8a:e3:7f:b5:
                    bb:0c:3f:10:df:fc:e6:5f:bc:d4:63:6b:00:e9:b5:
                    90:da:01:5d:c5:1d:be:00:bf:f2:5f:09:5d:06:f9:
                    58:db:9b:54:e7:0c:e6:cf:61:31:66:38:3a:3f:00:
                    ac:6e:4b:08:be:5b:cf:39:a5:8d:e6:ab:6e:54:00:
                    f2:72:2c:4f:c0:01:a8:5a:ea:1c:34:93:5f:79:37:
                    32:cc:17:b5:4e:8c:67:45:ef:51:4c:7f:e4:6d:80:
                    7c:5f:2c:35:12:f1:8b:db:23:60:ce:93:66:0b:dc:
                    2b:8d:7c:47:d7:30:9c:e9:5e:d2:11:0b:59:2e:d7:
                    af:58:cb:e3:2e:e2:f5:52:ad:e6:4d:c4:f2:62:c9:
                    c2:86:e3:ec:be:fb:3d:1a:eb:be:34:b7:f4:78:85:
                    d8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:84:67:80:B4:C8:C8:BB:AC:3C:91:34:46:51:40:44:EE:9C:09:ED
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/7oRngLTIyLusPJE0RlFARO6cCe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.231.150.192/27

    Signature Algorithm: sha256WithRSAEncryption
         43:4f:c7:15:d0:0e:6b:f6:99:38:d2:0d:ac:09:c1:41:e4:1b:
         1d:ad:9d:c8:ad:2c:41:8a:a9:17:86:83:94:3b:54:3a:d7:c1:
         00:76:25:24:6a:e4:31:42:68:eb:1c:1b:c7:84:b0:79:94:49:
         5e:5d:da:9c:3d:04:ac:dd:b1:8e:45:ee:db:78:f1:99:7d:c2:
         c4:ed:b7:c1:fc:ae:5c:49:ef:2c:f6:27:ad:18:fc:d7:56:3c:
         cc:98:f5:ee:d0:9d:3f:ea:8e:92:22:30:01:23:51:0c:e8:b7:
         09:0d:fe:3c:72:24:37:0b:24:83:a2:12:d1:02:19:df:5f:55:
         ea:d1:27:b9:bc:14:03:13:4b:32:92:12:7d:1c:af:48:03:86:
         bd:72:5e:14:fa:4d:b0:dc:15:1a:c9:68:3f:d8:53:0f:1a:65:
         f8:ac:70:b4:17:36:80:a4:6c:f0:f5:d1:a5:c2:ab:29:de:20:
         d3:05:cd:27:32:78:b3:48:1e:6a:59:7f:3c:9e:a6:7e:ac:12:
         c3:60:f1:89:85:6f:a1:73:00:45:5f:06:ac:59:b5:8a:69:90:
         8e:e2:50:f4:04:55:02:57:82:42:cb:b1:fe:1f:be:89:d0:7f:
         3c:ec:67:63:c7:b0:92:fe:55:e4:d5:a5:2c:95:6d:ab:8d:f8:
         a2:aa:cf:63
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvJU7sfyHeNZ9GkVusGYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg0Njc4MGI0YzhjOGJiYWMzYzkxMzQ0NjUxNDA0NGVlOWMwOWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDIVFfmxrsTH2e20EVdLGtBWmiZJ
WnhvCPQDGtSbDKpImTcs4UBEIzYbWJEynkrUyGgSh/A222zy4Vz7wH/fpD09oGvJ
2WzSITgiBvfiY8pRw8jNYWHjfqKyVXALBdxQuJcxwIrjf7W7DD8Q3/zmX7zUY2sA
6bWQ2gFdxR2+AL/yXwldBvlY25tU5wzmz2ExZjg6PwCsbksIvlvPOaWN5qtuVADy
cixPwAGoWuocNJNfeTcyzBe1ToxnRe9RTH/kbYB8Xyw1EvGL2yNgzpNmC9wrjXxH
1zCc6V7SEQtZLtevWMvjLuL1Uq3mTcTyYsnChuPsvvs9Guu+NLf0eIXY9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO6EZ4C0yMi7rDyRNEZRQETunAntMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvN29SbmdMVEl5THVzUEpFMFJsRkFSTzZjQ2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUFU+eWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQ0/HFdAOa/aZONINrAnBQeQbHa2dyK0sQYqpF4aD
lDtUOtfBAHYlJGrkMUJo6xwbx4SweZRJXl3anD0ErN2xjkXu23jxmX3CxO23wfyu
XEnvLPYnrRj811Y8zJj17tCdP+qOkiIwASNRDOi3CQ3+PHIkNwskg6IS0QIZ319V
6tEnubwUAxNLMpISfRyvSAOGvXJeFPpNsNwVGsloP9hTDxpl+KxwtBc2gKRs8PXR
pcKrKd4g0wXNJzJ4s0geall/PJ6mfqwSw2DxiYVvoXMARV8GrFm1immQjuJQ9ARV
AleCQsux/h++idB/POxnY8ewkv5V5NWlLJVtq434oqrPYw==
-----END CERTIFICATE-----