Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/6kuRJAOofdbeHf_OxvrpfMODDus.roa
File:                     6kuRJAOofdbeHf_OxvrpfMODDus.roa (raw, json)
Hash identifier:          Coim9frb9VfLkErrC0uRIFMvOyZA11kgrRtU/SL24i8=
Subject key identifier:   EA:4B:91:24:03:A8:7D:D6:DE:1D:FF:CE:C6:FA:E9:7C:C3:83:0E:EB
Certificate issuer:       /CN=f879988e0f49971a326f419e5cfacbfddcc993e7
Certificate serial:       0190A083DB710B3B752E5400569E69383533
Authority key identifier: F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/6kuRJAOofdbeHf_OxvrpfMODDus.roa
Signing time:             Thu 11 Jul 2024 06:38:34 +0000
ROA not before:           Thu 11 Jul 2024 06:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400897
IP address blocks:        83.136.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a0:83:db:71:0b:3b:75:2e:54:00:56:9e:69:38:35:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f879988e0f49971a326f419e5cfacbfddcc993e7
        Validity
            Not Before: Jul 11 06:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea4b912403a87dd6de1dffcec6fae97cc3830eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:16:1b:c2:6e:8c:9a:25:26:70:eb:e1:92:98:
                    0d:66:e7:f6:85:a7:f7:70:04:4c:5a:5d:8d:e1:29:
                    52:86:e3:08:e7:46:3e:94:66:b6:47:4a:78:1d:0c:
                    20:0e:c3:33:23:8f:46:f1:32:15:1b:76:b6:e9:bc:
                    e5:71:82:ea:71:04:12:7c:60:92:b5:df:ae:d5:c8:
                    b2:0c:0e:cb:48:b2:57:88:2e:9c:21:b2:b8:71:88:
                    7f:db:7f:8f:9a:17:c0:c1:26:e7:2d:dd:2f:4c:47:
                    de:9b:dd:d4:2f:91:64:fb:8c:1e:e6:7d:92:ad:7f:
                    d0:4d:6b:1d:01:0c:c2:85:31:96:f3:b3:43:7b:df:
                    6a:a1:17:b6:c4:87:f9:0d:d5:5c:32:c2:ab:5b:6f:
                    35:69:dd:d1:b2:dd:66:9f:c3:e3:8c:ec:21:59:ba:
                    ee:e9:ef:e1:b7:52:62:8d:6b:e6:d5:89:ff:72:db:
                    c6:bf:55:7a:e1:f4:72:67:51:4e:32:99:47:20:23:
                    76:80:fd:1d:d0:46:0c:c4:06:49:86:02:6f:0d:7f:
                    5e:0a:1e:2b:dc:c4:d1:e7:b3:42:e1:e6:a6:43:af:
                    85:32:f7:7c:3e:e7:d7:24:e3:d8:4f:56:2b:92:66:
                    5c:f4:b4:6f:0b:5f:c3:14:0d:6c:70:9d:e4:0d:e1:
                    21:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:4B:91:24:03:A8:7D:D6:DE:1D:FF:CE:C6:FA:E9:7C:C3:83:0E:EB
            X509v3 Authority Key Identifier:
                keyid:F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/6kuRJAOofdbeHf_OxvrpfMODDus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:ae:92:97:39:db:47:94:f1:30:43:f1:db:f7:aa:91:78:59:
         b7:79:9c:78:0b:d2:90:70:54:e8:11:27:c2:fa:2d:56:e8:ca:
         18:13:4e:50:f9:24:e1:79:b2:cd:d3:15:9e:d7:86:fc:93:6a:
         ab:95:56:45:cc:2f:2c:29:00:b2:cf:11:e6:1e:1e:61:f0:8d:
         09:25:67:19:01:84:b6:25:68:c9:c9:2a:86:22:da:e5:c1:13:
         1b:7a:d3:21:70:2f:1f:11:7c:46:c5:2e:16:7d:2a:f6:57:f6:
         b5:20:09:87:45:1e:cc:be:af:cd:b0:f2:4d:65:2f:ee:b0:7f:
         c9:c7:5b:95:8b:a9:9c:3e:5c:ca:3a:ba:62:a6:93:d9:45:e4:
         fa:b4:d1:25:47:a6:0d:c1:b7:38:4a:4f:dc:52:05:2a:2b:95:
         91:6f:4a:18:b9:57:13:5d:08:3b:72:8d:fb:58:ef:fb:75:cb:
         67:4e:0a:cf:58:c2:c0:bd:82:e0:6f:c2:63:24:92:52:42:4c:
         f9:b0:81:e3:47:0c:ed:4a:98:90:a3:54:e7:82:6a:6d:f6:ba:
         dd:5d:69:b3:62:8e:7d:a3:1f:24:4f:dc:52:9e:0a:7b:7c:b9:
         12:d8:76:a1:10:83:fb:4a:40:7f:5e:35:84:70:fb:04:38:78:
         44:86:2b:bd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZCgg9txCzt1LlQAVp5pODUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Nzk5ODhlMGY0OTk3MWEzMjZmNDE5ZTVjZmFjYmZkZGNj
OTkzZTcwHhcNMjQwNzExMDYzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTRiOTEyNDAzYTg3ZGQ2ZGUxZGZmY2VjNmZhZTk3Y2MzODMwZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthYbwm6MmiUmcOvhkpgNZuf2haf3
cARMWl2N4SlShuMI50Y+lGa2R0p4HQwgDsMzI49G8TIVG3a26bzlcYLqcQQSfGCS
td+u1ciyDA7LSLJXiC6cIbK4cYh/23+PmhfAwSbnLd0vTEfem93UL5Fk+4we5n2S
rX/QTWsdAQzChTGW87NDe99qoRe2xIf5DdVcMsKrW281ad3Rst1mn8PjjOwhWbru
6e/ht1JijWvm1Yn/ctvGv1V64fRyZ1FOMplHICN2gP0d0EYMxAZJhgJvDX9eCh4r
3MTR57NC4eamQ6+FMvd8PufXJOPYT1YrkmZc9LRvC1/DFA1scJ3kDeEhmwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOpLkSQDqH3W3h3/zsb66XzDgw7rMB8GA1UdIwQY
MBaAFPh5mI4PSZcaMm9Bnlz6y/3cyZPnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IbVlqZzlKbHhveWIwR2VYUHJMX2R6SmstYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0
LTA0NzBiNGJiMzBkYi8xLzZrdVJKQU9vZmRiZUhmX094dnJwZk1PRER1cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0LTA0NzBiNGJiMzBk
Yi8xLzEtSG1Zamc5Smx4b3liMEdlWFByTF9kekprLWMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJTiNAw
DQYJKoZIhvcNAQELBQADggEBAKCukpc520eU8TBD8dv3qpF4Wbd5nHgL0pBwVOgR
J8L6LVboyhgTTlD5JOF5ss3TFZ7XhvyTaquVVkXMLywpALLPEeYeHmHwjQklZxkB
hLYlaMnJKoYi2uXBExt60yFwLx8RfEbFLhZ9KvZX9rUgCYdFHsy+r82w8k1lL+6w
f8nHW5WLqZw+XMo6umKmk9lF5Pq00SVHpg3BtzhKT9xSBSorlZFvShi5VxNdCDty
jftY7/t1y2dOCs9YwsC9guBvwmMkklJCTPmwgeNHDO1KmJCjVOeCam32ut1dabNi
jn2jHyRP3FKeCnt8uRLYdqEQg/tKQH9eNYRw+wQ4eESGK70=
-----END CERTIFICATE-----