Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/eQnjTOmaS4caiJPVC8Y012pFK_o.roa
File:                     eQnjTOmaS4caiJPVC8Y012pFK_o.roa (raw, json)
Hash identifier:          LRX+BBpEtfyTnwbv03OUTDUDXUAtSgSdZ/fh2pOrtuA=
Subject key identifier:   79:09:E3:4C:E9:9A:4B:87:1A:88:93:D5:0B:C6:34:D7:6A:45:2B:FA
Certificate issuer:       /CN=2236ed5f5623edeb7910acd31d5f6ee81e5cb17e
Certificate serial:       018CC86F17DFE224C19387820605D06863A8
Authority key identifier: 22:36:ED:5F:56:23:ED:EB:79:10:AC:D3:1D:5F:6E:E8:1E:5C:B1:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/eQnjTOmaS4caiJPVC8Y012pFK_o.roa
Signing time:             Tue 02 Jan 2024 04:29:32 +0000
ROA not before:           Tue 02 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42543
IP address blocks:        83.166.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 04:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:17:df:e2:24:c1:93:87:82:06:05:d0:68:63:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2236ed5f5623edeb7910acd31d5f6ee81e5cb17e
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7909e34ce99a4b871a8893d50bc634d76a452bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:38:57:05:8d:e6:bb:84:bb:f4:73:bb:f2:08:
                    61:c1:a2:46:e3:06:af:31:8a:2c:38:9f:3b:01:95:
                    a1:87:37:b4:05:c5:f2:80:a7:5c:1f:82:0c:6c:66:
                    80:dd:37:0b:f1:64:d4:6d:61:d5:e9:6c:9e:17:7d:
                    02:63:02:d0:c1:e7:19:9d:28:37:16:31:06:63:a1:
                    4b:f5:db:a3:bd:43:f6:ac:df:7f:11:f2:b0:df:a6:
                    6c:ca:1f:bc:f1:3f:21:62:e8:93:e2:32:8b:d9:e7:
                    39:61:1c:75:92:0e:ad:db:bd:95:b5:8b:b1:42:b5:
                    92:b5:1d:31:0c:30:6a:4f:ab:97:0c:49:c3:b0:cf:
                    ce:4c:3e:db:df:79:f8:86:6b:98:7d:2a:fa:20:ff:
                    17:fc:c9:0f:11:e4:5a:ec:8f:9a:39:29:06:82:45:
                    43:ca:8a:6d:5f:3d:9f:a5:8b:87:00:1f:3d:f3:fb:
                    ed:58:e3:f5:87:78:55:ed:50:0d:12:df:9f:e6:c4:
                    ce:89:72:ed:49:25:20:99:02:00:f9:07:b7:5a:c4:
                    33:f7:7a:e5:29:3f:2e:de:7a:94:3f:7e:84:ce:12:
                    6b:49:a0:d6:d1:00:75:a8:97:c3:0f:eb:80:03:c9:
                    de:6f:9d:ff:00:19:ef:6d:9f:15:31:7d:a1:e6:84:
                    2e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:09:E3:4C:E9:9A:4B:87:1A:88:93:D5:0B:C6:34:D7:6A:45:2B:FA
            X509v3 Authority Key Identifier:
                keyid:22:36:ED:5F:56:23:ED:EB:79:10:AC:D3:1D:5F:6E:E8:1E:5C:B1:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IjbtX1Yj7et5EKzTHV9u6B5csX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/eQnjTOmaS4caiJPVC8Y012pFK_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/1d9dda-2adf-46bd-8af7-4d16be9ba132/1/IjbtX1Yj7et5EKzTHV9u6B5csX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.166.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         85:34:b3:4e:c3:38:3e:02:76:41:e9:44:95:56:92:3c:63:d9:
         c2:2c:3a:7c:40:cb:94:f0:98:49:b2:01:b3:e0:2a:47:54:a8:
         cc:7d:45:df:80:f7:cf:03:67:18:cc:d9:f8:32:8c:7e:c8:d1:
         97:f8:0d:21:84:d5:8c:14:c8:90:98:f4:e4:77:8b:4a:32:9d:
         a9:46:d9:b4:a1:c2:ff:bb:8d:a7:04:23:57:99:11:3f:cb:45:
         00:ad:6e:61:aa:3d:e9:da:ce:8e:75:d5:53:22:79:62:78:23:
         22:d9:29:60:a3:fb:fd:df:89:f8:f4:7d:c6:f2:a2:0d:22:99:
         8a:7a:90:4a:18:dd:6d:39:23:b4:3a:2b:7c:05:4a:d0:b0:d9:
         61:df:dc:83:16:f0:dd:2c:4a:eb:74:75:cd:b6:0d:6f:40:64:
         88:2d:00:61:16:83:73:52:54:ef:2c:41:40:50:b6:08:c5:7d:
         13:01:d4:2d:c6:06:3e:86:20:76:3b:fb:bf:59:1a:1e:89:c4:
         0b:9e:b4:c1:c5:8d:7b:8a:79:d5:bf:b4:40:f9:e3:de:18:b8:
         81:a8:e9:8d:64:1e:87:6e:d1:5f:4a:7f:50:33:8b:82:1e:73:
         d1:ce:84:ca:5d:a4:00:2b:95:ae:17:2e:fe:83:68:34:30:4a:
         94:b8:0f:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxff4iTBk4eCBgXQaGOoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzZlZDVmNTYyM2VkZWI3OTEwYWNkMzFkNWY2ZWU4MWU1
Y2IxN2UwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTA5ZTM0Y2U5OWE0Yjg3MWE4ODkzZDUwYmM2MzRkNzZhNDUyYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhThXBY3mu4S79HO78ghhwaJG4wav
MYosOJ87AZWhhze0BcXygKdcH4IMbGaA3TcL8WTUbWHV6WyeF30CYwLQwecZnSg3
FjEGY6FL9dujvUP2rN9/EfKw36Zsyh+88T8hYuiT4jKL2ec5YRx1kg6t272VtYux
QrWStR0xDDBqT6uXDEnDsM/OTD7b33n4hmuYfSr6IP8X/MkPEeRa7I+aOSkGgkVD
yoptXz2fpYuHAB898/vtWOP1h3hV7VANEt+f5sTOiXLtSSUgmQIA+Qe3WsQz93rl
KT8u3nqUP36EzhJrSaDW0QB1qJfDD+uAA8neb53/ABnvbZ8VMX2h5oQuqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkJ40zpmkuHGoiT1QvGNNdqRSv6MB8GA1UdIwQY
MBaAFCI27V9WI+3reRCs0x1fbugeXLF+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpidFgxWWo3ZXQ1RUt6VEhWOXU2QjVjc1g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8xZDlkZGEtMmFkZi00NmJkLThhZjct
NGQxNmJlOWJhMTMyLzEvZVFualRPbWFTNGNhaUpQVkM4WTAxMnBGS19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8xZDlkZGEtMmFkZi00NmJkLThhZjctNGQxNmJlOWJhMTMy
LzEvSWpidFgxWWo3ZXQ1RUt6VEhWOXU2QjVjc1g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU6ZQMA0G
CSqGSIb3DQEBCwUAA4IBAQCFNLNOwzg+AnZB6USVVpI8Y9nCLDp8QMuU8JhJsgGz
4CpHVKjMfUXfgPfPA2cYzNn4Mox+yNGX+A0hhNWMFMiQmPTkd4tKMp2pRtm0ocL/
u42nBCNXmRE/y0UArW5hqj3p2s6OddVTInlieCMi2Slgo/v934n49H3G8qINIpmK
epBKGN1tOSO0Oit8BUrQsNlh39yDFvDdLErrdHXNtg1vQGSILQBhFoNzUlTvLEFA
ULYIxX0TAdQtxgY+hiB2O/u/WRoeicQLnrTBxY17innVv7RA+ePeGLiBqOmNZB6H
btFfSn9QM4uCHnPRzoTKXaQAK5WuFy7+g2g0MEqUuA+v
-----END CERTIFICATE-----