Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/ksK-t7N1cRGNbF98sP0Jc1lb0Do.roa
File:                     ksK-t7N1cRGNbF98sP0Jc1lb0Do.roa (raw, json)
Hash identifier:          8iXN8JngmZ0QSmwEbIicBVGHJiLbXGdi0K7Ud/SdG2s=
Subject key identifier:   92:C2:BE:B7:B3:75:71:11:8D:6C:5F:7C:B0:FD:09:73:59:5B:D0:3A
Certificate issuer:       /CN=f879988e0f49971a326f419e5cfacbfddcc993e7
Certificate serial:       018CC871491CBA0539742082866D96C15097
Authority key identifier: F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/ksK-t7N1cRGNbF98sP0Jc1lb0Do.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        83.136.214.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:49:1c:ba:05:39:74:20:82:86:6d:96:c1:50:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f879988e0f49971a326f419e5cfacbfddcc993e7
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92c2beb7b37571118d6c5f7cb0fd0973595bd03a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7b:ff:61:36:f4:bb:2a:a2:9c:f3:a8:99:62:
                    92:32:c4:23:13:87:db:db:23:26:d9:e8:cf:65:72:
                    7a:53:d2:c8:42:b0:7b:26:2f:e2:82:ff:69:0a:9c:
                    5e:fc:15:d3:c6:71:05:34:47:1b:62:ce:b2:88:ff:
                    e7:7e:c9:94:70:f5:d8:9c:32:df:6b:01:3f:5d:56:
                    09:99:5d:22:46:52:83:93:7d:1a:38:6f:7d:d5:2e:
                    0b:c9:4d:70:14:f8:b9:10:1e:57:2c:44:3e:cd:b1:
                    90:b6:ee:72:8e:e0:76:a5:19:de:7e:0c:cc:8b:d3:
                    9d:85:11:ac:1e:af:3d:ab:0e:1d:33:bb:62:92:32:
                    cc:e5:24:81:4d:e2:b0:ed:9b:80:15:01:55:6c:a5:
                    55:4b:9c:b7:9a:ec:3a:cb:93:d1:04:b9:b0:73:06:
                    30:11:f6:bb:1b:0e:0c:12:6e:31:78:bf:bb:d5:40:
                    93:45:77:cd:65:75:0a:8f:95:3c:f7:de:cb:49:0a:
                    be:b9:26:c0:a0:98:b4:10:95:64:7a:1d:9a:3c:1a:
                    50:87:87:da:d2:19:04:60:67:fe:0d:4e:1f:98:49:
                    a1:f0:36:98:fb:ce:ba:3a:7a:13:c3:3d:f1:be:43:
                    a7:bc:d0:c9:40:64:b9:46:b6:d6:f8:e7:94:86:0e:
                    c3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C2:BE:B7:B3:75:71:11:8D:6C:5F:7C:B0:FD:09:73:59:5B:D0:3A
            X509v3 Authority Key Identifier:
                keyid:F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/ksK-t7N1cRGNbF98sP0Jc1lb0Do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:6c:64:6b:96:7f:a5:d3:a5:8b:55:a3:49:fc:25:4d:60:c3:
         6b:fc:c0:45:8a:a8:85:f3:7f:6b:dc:58:5f:8a:98:1e:cd:0c:
         90:48:79:ed:47:c1:50:28:93:20:95:19:33:a0:4e:cb:54:b5:
         24:d1:96:a0:ba:73:6e:11:19:2a:5a:82:38:e5:fc:75:1f:2d:
         a0:2b:91:ba:52:47:66:32:be:38:8d:fe:85:ca:75:9d:8e:0e:
         3d:b0:cc:17:4a:04:85:18:20:39:97:78:44:be:47:4e:a7:5a:
         c7:6a:85:b1:92:69:27:6a:70:99:5f:00:11:87:1a:ce:c0:4b:
         60:70:89:fd:fe:d3:33:eb:52:c6:c8:cf:d1:49:d9:e3:72:fb:
         43:63:4a:c3:4b:c2:77:11:0f:a5:a5:d7:ff:6c:39:1c:63:d5:
         63:bb:cc:c2:6f:bd:62:80:4b:27:62:df:37:01:cc:87:5a:bd:
         f3:cc:36:b9:81:30:64:93:e6:39:fa:c0:71:22:0d:80:c1:e9:
         57:0d:e2:f9:f3:c8:d4:db:d6:bb:73:3d:54:92:e8:13:85:e9:
         ee:6e:9e:87:c7:aa:7c:ff:85:c3:99:a0:1c:ad:11:50:c5:87:
         b3:10:67:da:f9:b0:48:5e:92:5f:f9:50:f9:7a:17:a2:9e:f2:
         f6:86:66:31
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIcUkcugU5dCCChm2WwVCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Nzk5ODhlMGY0OTk3MWEzMjZmNDE5ZTVjZmFjYmZkZGNj
OTkzZTcwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmMyYmViN2IzNzU3MTExOGQ2YzVmN2NiMGZkMDk3MzU5NWJkMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3v/YTb0uyqinPOomWKSMsQjE4fb
2yMm2ejPZXJ6U9LIQrB7Ji/igv9pCpxe/BXTxnEFNEcbYs6yiP/nfsmUcPXYnDLf
awE/XVYJmV0iRlKDk30aOG991S4LyU1wFPi5EB5XLEQ+zbGQtu5yjuB2pRnefgzM
i9OdhRGsHq89qw4dM7tikjLM5SSBTeKw7ZuAFQFVbKVVS5y3muw6y5PRBLmwcwYw
Efa7Gw4MEm4xeL+71UCTRXfNZXUKj5U8997LSQq+uSbAoJi0EJVkeh2aPBpQh4fa
0hkEYGf+DU4fmEmh8DaY+866OnoTwz3xvkOnvNDJQGS5RrbW+OeUhg7DzwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJLCvrezdXERjWxffLD9CXNZW9A6MB8GA1UdIwQY
MBaAFPh5mI4PSZcaMm9Bnlz6y/3cyZPnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IbVlqZzlKbHhveWIwR2VYUHJMX2R6SmstYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0
LTA0NzBiNGJiMzBkYi8xL2tzSy10N04xY1JHTmJGOThzUDBKYzFsYjBEby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0LTA0NzBiNGJiMzBk
Yi8xLzEtSG1Zamc5Smx4b3liMEdlWFByTF9kekprLWMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFTiNYw
DQYJKoZIhvcNAQELBQADggEBACpsZGuWf6XTpYtVo0n8JU1gw2v8wEWKqIXzf2vc
WF+KmB7NDJBIee1HwVAokyCVGTOgTstUtSTRlqC6c24RGSpagjjl/HUfLaArkbpS
R2YyvjiN/oXKdZ2ODj2wzBdKBIUYIDmXeES+R06nWsdqhbGSaSdqcJlfABGHGs7A
S2Bwif3+0zPrUsbIz9FJ2eNy+0NjSsNLwncRD6Wl1/9sORxj1WO7zMJvvWKASydi
3zcBzIdavfPMNrmBMGST5jn6wHEiDYDB6VcN4vnzyNTb1rtzPVSS6BOF6e5unofH
qnz/hcOZoBytEVDFh7MQZ9r5sEhekl/5UPl6F6Ke8vaGZjE=
-----END CERTIFICATE-----