Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/G65BJ6shsUdOh19v1hfXRwHgzo4.roa
File:                     G65BJ6shsUdOh19v1hfXRwHgzo4.roa (raw, json)
Hash identifier:          S5PbU0xaBKMdkZH8U+Um6NGNQ2tzuPOS5cGzA6yMW+I=
Subject key identifier:   1B:AE:41:27:AB:21:B1:47:4E:87:5F:6F:D6:17:D7:47:01:E0:CE:8E
Certificate issuer:       /CN=0962dc6940760b7fbc2ea4367cc53bc230a64f9b
Certificate serial:       018E3932F7909F2DE95580847438E311AC95
Authority key identifier: 09:62:DC:69:40:76:0B:7F:BC:2E:A4:36:7C:C5:3B:C2:30:A6:4F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/G65BJ6shsUdOh19v1hfXRwHgzo4.roa
Signing time:             Wed 13 Mar 2024 19:03:45 +0000
ROA not before:           Wed 13 Mar 2024 19:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212234
IP address blocks:        83.220.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:39:32:f7:90:9f:2d:e9:55:80:84:74:38:e3:11:ac:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0962dc6940760b7fbc2ea4367cc53bc230a64f9b
        Validity
            Not Before: Mar 13 19:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bae4127ab21b1474e875f6fd617d74701e0ce8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d9:5a:4f:e5:98:d9:32:25:ad:38:b7:7a:fb:
                    a7:84:a9:1b:8e:cf:1c:ab:ba:10:2e:30:62:65:dd:
                    77:e3:dd:18:1c:41:ac:d4:f2:56:06:98:0f:30:c5:
                    0d:5a:30:00:03:d1:7b:50:bc:9a:03:47:c7:bb:7e:
                    21:57:fd:bd:b0:b7:b5:16:40:fa:d9:bd:f6:fa:77:
                    ff:23:45:5d:3e:b1:1f:28:42:35:63:19:3a:92:0e:
                    07:40:92:1e:f7:63:d1:b7:98:2b:55:e0:28:00:24:
                    c8:2e:a4:d2:35:da:14:77:3c:db:6a:a5:11:c0:b9:
                    c2:d5:82:af:02:9a:65:cd:5b:10:e6:a4:d8:02:87:
                    8d:17:7e:42:c9:9f:e5:67:91:30:25:48:e3:99:ff:
                    30:6b:67:99:cb:87:cb:f5:58:06:5e:c0:d4:d5:a0:
                    a5:38:95:0a:db:d8:53:eb:52:d0:45:8b:f3:e5:c8:
                    6a:74:d7:f4:0e:f3:55:ce:30:ac:7a:89:a3:14:dc:
                    bf:86:23:bb:79:1e:21:e1:12:e6:ec:12:1b:13:df:
                    61:16:66:d7:c3:e9:4c:f9:1f:00:c8:c9:85:e6:ae:
                    c2:22:6a:dd:94:e7:23:7e:e4:6d:9b:41:3e:39:80:
                    83:c1:13:d1:42:98:08:9a:c7:c1:e3:29:00:38:45:
                    f2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:AE:41:27:AB:21:B1:47:4E:87:5F:6F:D6:17:D7:47:01:E0:CE:8E
            X509v3 Authority Key Identifier:
                keyid:09:62:DC:69:40:76:0B:7F:BC:2E:A4:36:7C:C5:3B:C2:30:A6:4F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/G65BJ6shsUdOh19v1hfXRwHgzo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:95:c1:d1:2a:2d:1e:26:42:be:c9:6d:e1:22:ba:dd:13:a8:
         f2:2b:0f:2c:5c:c6:f5:bc:8c:89:1c:7d:36:a0:f6:55:be:50:
         81:97:cc:3c:a3:b9:b6:ac:48:ac:70:8e:4e:2d:2e:58:f6:13:
         2c:dc:7c:bc:39:21:f4:51:91:e8:2d:43:0b:44:b3:9a:a6:0b:
         61:e6:f0:7d:ae:bb:36:48:a9:35:a7:14:0d:cc:7a:4f:29:53:
         42:92:1c:9d:27:b9:3b:f7:94:c9:56:51:90:bb:f2:e0:fe:1d:
         25:d6:81:d5:91:56:b6:25:6a:8a:67:d5:03:c0:29:1c:3a:d9:
         2e:95:76:56:1b:06:43:0e:ca:3d:39:e7:d0:3a:08:67:e6:aa:
         33:d3:15:ce:47:91:e0:81:a9:4b:e6:ae:38:fa:70:95:df:92:
         b2:67:ec:80:7f:81:51:4b:90:a5:c3:9e:e9:07:74:91:a2:11:
         77:77:42:eb:04:e9:60:a2:10:45:ac:f0:a3:28:2f:52:78:86:
         9e:f4:c0:bf:d5:60:1f:da:65:99:05:cf:3b:fc:50:71:cf:2b:
         f4:e6:ef:3a:9f:51:b1:ae:8e:ff:5c:b4:55:08:27:85:99:cf:
         38:61:5f:32:fa:25:0b:30:2e:3e:87:c7:04:5d:95:eb:1a:9c:
         80:3a:9e:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY45MveQny3pVYCEdDjjEayVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjJkYzY5NDA3NjBiN2ZiYzJlYTQzNjdjYzUzYmMyMzBh
NjRmOWIwHhcNMjQwMzEzMTkwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmFlNDEyN2FiMjFiMTQ3NGU4NzVmNmZkNjE3ZDc0NzAxZTBjZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNlaT+WY2TIlrTi3evunhKkbjs8c
q7oQLjBiZd13490YHEGs1PJWBpgPMMUNWjAAA9F7ULyaA0fHu34hV/29sLe1FkD6
2b32+nf/I0VdPrEfKEI1Yxk6kg4HQJIe92PRt5grVeAoACTILqTSNdoUdzzbaqUR
wLnC1YKvApplzVsQ5qTYAoeNF35CyZ/lZ5EwJUjjmf8wa2eZy4fL9VgGXsDU1aCl
OJUK29hT61LQRYvz5chqdNf0DvNVzjCseomjFNy/hiO7eR4h4RLm7BIbE99hFmbX
w+lM+R8AyMmF5q7CImrdlOcjfuRtm0E+OYCDwRPRQpgImsfB4ykAOEXyxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuuQSerIbFHTodfb9YX10cB4M6OMB8GA1UdIwQY
MBaAFAli3GlAdgt/vC6kNnzFO8Iwpk+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dMY2FVQjJDMy04THFRMmZNVTd3akNtVDVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yMGZmMGYtNjE4Zi00Y2I2LWJjN2Yt
NjU0MTk3N2Y2NWY5LzEvRzY1Qko2c2hzVWRPaDE5djFoZlhSd0hnem80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yMGZmMGYtNjE4Zi00Y2I2LWJjN2YtNjU0MTk3N2Y2NWY5
LzEvQ1dMY2FVQjJDMy04THFRMmZNVTd3akNtVDVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9xUMA0G
CSqGSIb3DQEBCwUAA4IBAQDilcHRKi0eJkK+yW3hIrrdE6jyKw8sXMb1vIyJHH02
oPZVvlCBl8w8o7m2rEiscI5OLS5Y9hMs3Hy8OSH0UZHoLUMLRLOapgth5vB9rrs2
SKk1pxQNzHpPKVNCkhydJ7k795TJVlGQu/Lg/h0l1oHVkVa2JWqKZ9UDwCkcOtku
lXZWGwZDDso9OefQOghn5qoz0xXOR5HggalL5q44+nCV35KyZ+yAf4FRS5Clw57p
B3SRohF3d0LrBOlgohBFrPCjKC9SeIae9MC/1WAf2mWZBc87/FBxzyv05u86n1Gx
ro7/XLRVCCeFmc84YV8y+iULMC4+h8cEXZXrGpyAOp6b
-----END CERTIFICATE-----