Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/9S73DcHkN0cbH_2GviG7N5Sv-Lc.roa
File:                     9S73DcHkN0cbH_2GviG7N5Sv-Lc.roa (raw, json)
Hash identifier:          PKrvsBmHnjfpNdszqF6KH/yB1IT8KubreO+bLS502r0=
Subject key identifier:   F5:2E:F7:0D:C1:E4:37:47:1B:1F:FD:86:BE:21:BB:37:94:AF:F8:B7
Certificate issuer:       /CN=10768d39f932791007a097209b0983fe85560cb8
Certificate serial:       018CC34916D0E2696B8C7EAF82C2FF2D8E74
Authority key identifier: 10:76:8D:39:F9:32:79:10:07:A0:97:20:9B:09:83:FE:85:56:0C:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHaNOfkyeRAHoJcgmwmD_oVWDLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/9S73DcHkN0cbH_2GviG7N5Sv-Lc.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31273
IP address blocks:        82.113.224.0/19 maxlen: 24
                          2a00:6f00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/EHaNOfkyeRAHoJcgmwmD_oVWDLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/EHaNOfkyeRAHoJcgmwmD_oVWDLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHaNOfkyeRAHoJcgmwmD_oVWDLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:16:d0:e2:69:6b:8c:7e:af:82:c2:ff:2d:8e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10768d39f932791007a097209b0983fe85560cb8
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f52ef70dc1e437471b1ffd86be21bb3794aff8b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9b:1a:fc:50:27:8a:0c:f6:f8:02:1a:56:98:
                    e4:2e:ef:f5:d1:f3:73:b9:b3:97:09:28:a5:21:21:
                    34:03:c9:55:66:47:f8:66:d1:e1:f8:cd:e8:6d:93:
                    38:62:1c:ec:4f:ac:17:6e:8b:5c:91:d8:22:6a:62:
                    d6:58:ee:b0:91:df:a6:95:b3:a8:f4:16:9b:86:ca:
                    06:a4:91:5a:10:72:57:e1:2d:48:09:00:93:86:52:
                    59:6c:8c:07:6b:e0:b2:ff:a8:7f:14:fb:51:09:1c:
                    dc:13:1a:57:f0:5c:46:12:79:3d:fd:f7:fd:38:bc:
                    66:68:b8:ee:28:22:8b:5e:a9:be:eb:87:49:b5:69:
                    73:67:c8:c3:b4:78:e8:76:13:7b:ed:d2:18:30:2b:
                    86:c5:c0:aa:1a:5e:e3:63:76:08:01:04:6b:f0:64:
                    7c:e4:a7:bb:67:5e:ce:02:0c:79:ba:9c:45:2d:98:
                    69:58:72:80:ca:ba:15:e6:94:c7:2a:1f:35:de:46:
                    1c:2d:ce:54:b2:09:cc:bf:9b:7d:ce:2b:fb:d4:e1:
                    e6:98:28:3f:28:28:18:2c:e7:83:01:a1:e5:1c:6a:
                    ac:53:a0:2d:13:63:f7:8b:42:b9:47:c2:f5:40:80:
                    6b:0f:91:2b:85:94:13:87:1a:48:cc:ae:ad:0f:e5:
                    e2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2E:F7:0D:C1:E4:37:47:1B:1F:FD:86:BE:21:BB:37:94:AF:F8:B7
            X509v3 Authority Key Identifier:
                keyid:10:76:8D:39:F9:32:79:10:07:A0:97:20:9B:09:83:FE:85:56:0C:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHaNOfkyeRAHoJcgmwmD_oVWDLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/9S73DcHkN0cbH_2GviG7N5Sv-Lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/EHaNOfkyeRAHoJcgmwmD_oVWDLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.113.224.0/19
                IPv6:
                  2a00:6f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:ec:42:5d:83:93:7e:3f:e4:33:89:fd:dd:5b:0a:3c:a1:65:
         84:5e:62:5b:a3:05:b1:a2:91:3d:de:c9:0a:d0:c8:5c:03:26:
         f2:88:52:e3:94:ad:64:5f:fd:4d:0e:bd:01:2f:90:02:43:8b:
         df:2d:67:17:71:20:73:d6:64:80:10:e9:e4:30:4c:7e:63:dc:
         09:1b:ef:c8:5c:70:bd:5f:e8:87:9c:a0:ad:5b:87:7a:56:e6:
         29:06:c9:a7:60:55:79:7e:5d:89:9d:b2:34:d0:23:9b:c8:c5:
         ff:15:5f:46:1c:76:fb:ee:2f:fd:86:de:7d:cc:1d:c3:52:d0:
         83:ba:f9:3b:22:87:08:0f:90:db:57:6b:33:23:5e:09:c8:9c:
         a3:5b:8b:2b:77:94:a7:db:48:e5:68:79:39:64:1f:92:05:ca:
         15:eb:65:de:12:e7:21:84:e0:da:c5:bd:dd:ae:aa:5f:77:f2:
         5d:82:88:2d:5a:9b:13:24:6e:4f:60:b6:de:1f:b8:92:9a:6e:
         d1:07:5e:dc:a3:aa:7a:ac:0f:ce:3f:2b:0c:49:ed:0a:de:15:
         72:ed:9a:a5:f2:da:af:b4:d7:9c:f5:e8:d4:ca:d8:52:37:5a:
         d9:e3:33:79:64:a2:2e:37:23:33:89:73:40:d3:22:01:1a:2a:
         5f:96:87:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSRbQ4mlrjH6vgsL/LY50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzY4ZDM5ZjkzMjc5MTAwN2EwOTcyMDliMDk4M2ZlODU1
NjBjYjgwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJlZjcwZGMxZTQzNzQ3MWIxZmZkODZiZTIxYmIzNzk0YWZmOGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpsa/FAnigz2+AIaVpjkLu/10fNz
ubOXCSilISE0A8lVZkf4ZtHh+M3obZM4YhzsT6wXbotckdgiamLWWO6wkd+mlbOo
9BabhsoGpJFaEHJX4S1ICQCThlJZbIwHa+Cy/6h/FPtRCRzcExpX8FxGEnk9/ff9
OLxmaLjuKCKLXqm+64dJtWlzZ8jDtHjodhN77dIYMCuGxcCqGl7jY3YIAQRr8GR8
5Ke7Z17OAgx5upxFLZhpWHKAyroV5pTHKh813kYcLc5UsgnMv5t9ziv71OHmmCg/
KCgYLOeDAaHlHGqsU6AtE2P3i0K5R8L1QIBrD5ErhZQThxpIzK6tD+XiGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPUu9w3B5DdHGx/9hr4huzeUr/i3MB8GA1UdIwQY
MBaAFBB2jTn5MnkQB6CXIJsJg/6FVgy4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhhTk9ma3llUkFIb0pjZ213bURfb1ZXRExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85M2MxN2UtODQ5MC00ZTkxLTk4MTUt
NzJjMzNkYWYzMTU2LzEvOVM3M0RjSGtOMGNiSF8yR3ZpRzdONVN2LUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85M2MxN2UtODQ5MC00ZTkxLTk4MTUtNzJjMzNkYWYzMTU2
LzEvRUhhTk9ma3llUkFIb0pjZ213bURfb1ZXRExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUnHgMA0E
AgACMAcDBQAqAG8AMA0GCSqGSIb3DQEBCwUAA4IBAQCF7EJdg5N+P+Qzif3dWwo8
oWWEXmJbowWxopE93skK0MhcAybyiFLjlK1kX/1NDr0BL5ACQ4vfLWcXcSBz1mSA
EOnkMEx+Y9wJG+/IXHC9X+iHnKCtW4d6VuYpBsmnYFV5fl2JnbI00CObyMX/FV9G
HHb77i/9ht59zB3DUtCDuvk7IocID5DbV2szI14JyJyjW4srd5Sn20jlaHk5ZB+S
BcoV62XeEuchhODaxb3drqpfd/JdgogtWpsTJG5PYLbeH7iSmm7RB17co6p6rA/O
PysMSe0K3hVy7Zql8tqvtNec9ejUythSN1rZ4zN5ZKIuNyMziXNA0yIBGipflodx
-----END CERTIFICATE-----