Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1Rat8edkf1M65aLn56bORVbQDr4.roa
File:                     1Rat8edkf1M65aLn56bORVbQDr4.roa (raw, json)
Hash identifier:          w1SZ7P5jXcp5mVOkzwMVh2nJeZYBfQScYX9oxmYssuI=
Subject key identifier:   D5:16:AD:F1:E7:64:7F:53:3A:E5:A2:E7:E7:A6:CE:45:56:D0:0E:BE
Certificate issuer:       /CN=f879988e0f49971a326f419e5cfacbfddcc993e7
Certificate serial:       018DE9B102A1EE59B86FD5496076388E43D1
Authority key identifier: F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1Rat8edkf1M65aLn56bORVbQDr4.roa
Signing time:             Tue 27 Feb 2024 08:31:48 +0000
ROA not before:           Tue 27 Feb 2024 08:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        83.136.212.0/24 maxlen: 24
                          83.136.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e9:b1:02:a1:ee:59:b8:6f:d5:49:60:76:38:8e:43:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f879988e0f49971a326f419e5cfacbfddcc993e7
        Validity
            Not Before: Feb 27 08:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d516adf1e7647f533ae5a2e7e7a6ce4556d00ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1d:24:1a:2b:ca:5b:48:23:5d:a3:97:3e:7d:
                    09:ba:72:4c:20:e6:7e:e5:e8:e5:9e:e4:34:3c:c8:
                    77:67:83:d8:d9:a7:c6:32:1f:19:ea:10:72:57:71:
                    22:51:2b:11:7b:53:50:13:23:65:bb:0d:44:1c:0b:
                    29:41:27:63:d8:fb:02:11:fd:1d:0f:73:51:a4:80:
                    5b:96:3d:5f:ae:71:9b:ab:03:6c:08:29:5e:34:6e:
                    bf:48:63:17:4f:14:97:12:ae:8f:77:1e:98:63:68:
                    3b:86:5a:42:bd:92:f5:41:20:db:cb:1a:86:cb:41:
                    fc:da:3f:bd:72:67:07:31:fb:67:dd:79:74:27:8e:
                    f2:c3:7b:d0:f5:e1:e6:5f:fa:60:33:f8:3f:c0:e7:
                    bd:27:1f:e2:5a:2d:f7:41:61:a8:6e:c9:56:fc:64:
                    13:85:ca:51:cf:cf:66:5e:c2:d9:d2:a3:63:af:db:
                    25:9e:f8:eb:e0:27:89:e3:4c:68:c8:0f:14:de:2e:
                    99:1b:36:6e:f3:bc:fc:3b:de:06:c2:6c:63:9b:57:
                    dd:6f:e3:57:66:fb:f2:06:18:a1:14:42:23:15:3c:
                    25:77:50:88:f6:d5:84:2d:74:76:6c:91:32:74:b9:
                    bc:d1:54:06:22:e4:8b:00:db:87:7e:f0:01:a8:2d:
                    ca:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:16:AD:F1:E7:64:7F:53:3A:E5:A2:E7:E7:A6:CE:45:56:D0:0E:BE
            X509v3 Authority Key Identifier:
                keyid:F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1Rat8edkf1M65aLn56bORVbQDr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:09:68:85:7f:5b:69:9a:bf:f5:ec:b0:9a:ee:b9:7d:f6:c8:
         98:94:59:e8:01:71:0d:cf:b5:05:18:00:70:68:ef:c5:69:a0:
         96:96:39:d0:c5:90:bb:1d:6b:ce:ef:68:cb:bf:d2:ae:a6:3c:
         aa:28:9c:d5:7f:51:7c:5a:b5:f8:7d:b3:f0:a3:36:b2:e6:18:
         1e:9b:9d:8c:fa:80:8b:73:c3:19:0e:3b:8c:7e:ef:83:44:d7:
         07:dd:d3:bf:73:c5:f8:2e:53:14:e9:08:c2:79:60:55:bf:2f:
         cc:2e:7a:cd:a7:4d:8c:32:0d:5b:46:c4:25:7b:3b:03:7f:28:
         6e:8f:fb:9e:85:e2:9d:dd:06:a6:b9:6f:52:5e:3e:bc:75:4c:
         cd:dd:0b:c5:30:5a:7a:e2:82:38:b1:0a:d1:66:f3:b8:46:7d:
         00:f8:49:f3:fd:c4:6b:02:27:44:b4:8b:bd:0f:b2:d4:56:af:
         a7:c0:48:f5:fe:c4:52:86:81:20:4a:01:38:bf:84:cb:cc:c3:
         dc:ea:43:4e:03:54:d7:f7:df:cc:8d:72:2d:cf:a1:8a:f8:40:
         bd:b5:71:af:5b:d6:ef:12:1d:ea:8b:3b:99:9d:a0:25:71:99:
         1a:43:66:8f:c3:cd:d1:dd:53:09:38:f6:6a:15:44:c8:8d:b8:
         9f:75:0c:98
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY3psQKh7lm4b9VJYHY4jkPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Nzk5ODhlMGY0OTk3MWEzMjZmNDE5ZTVjZmFjYmZkZGNj
OTkzZTcwHhcNMjQwMjI3MDgzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTE2YWRmMWU3NjQ3ZjUzM2FlNWEyZTdlN2E2Y2U0NTU2ZDAwZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh0kGivKW0gjXaOXPn0JunJMIOZ+
5ejlnuQ0PMh3Z4PY2afGMh8Z6hByV3EiUSsRe1NQEyNluw1EHAspQSdj2PsCEf0d
D3NRpIBblj1frnGbqwNsCCleNG6/SGMXTxSXEq6Pdx6YY2g7hlpCvZL1QSDbyxqG
y0H82j+9cmcHMftn3Xl0J47yw3vQ9eHmX/pgM/g/wOe9Jx/iWi33QWGobslW/GQT
hcpRz89mXsLZ0qNjr9slnvjr4CeJ40xoyA8U3i6ZGzZu87z8O94Gwmxjm1fdb+NX
ZvvyBhihFEIjFTwld1CI9tWELXR2bJEydLm80VQGIuSLANuHfvABqC3KzwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNUWrfHnZH9TOuWi5+emzkVW0A6+MB8GA1UdIwQY
MBaAFPh5mI4PSZcaMm9Bnlz6y/3cyZPnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IbVlqZzlKbHhveWIwR2VYUHJMX2R6SmstYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0
LTA0NzBiNGJiMzBkYi8xLzFSYXQ4ZWRrZjFNNjVhTG41NmJPUlZiUURyNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0LTA0NzBiNGJiMzBk
Yi8xLzEtSG1Zamc5Smx4b3liMEdlWFByTF9kekprLWMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFTiNQw
DQYJKoZIhvcNAQELBQADggEBABcJaIV/W2mav/XssJruuX32yJiUWegBcQ3PtQUY
AHBo78VpoJaWOdDFkLsda87vaMu/0q6mPKoonNV/UXxatfh9s/CjNrLmGB6bnYz6
gItzwxkOO4x+74NE1wfd079zxfguUxTpCMJ5YFW/L8wues2nTYwyDVtGxCV7OwN/
KG6P+56F4p3dBqa5b1JePrx1TM3dC8UwWnrigjixCtFm87hGfQD4SfP9xGsCJ0S0
i70PstRWr6fASPX+xFKGgSBKATi/hMvMw9zqQ04DVNf338yNci3PoYr4QL21ca9b
1u8SHeqLO5mdoCVxmRpDZo/DzdHdUwk49moVRMiNuJ91DJg=
-----END CERTIFICATE-----