Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/g9dcPno2NUZWy0-tdhy0zhhTKmk.roa
File:                     g9dcPno2NUZWy0-tdhy0zhhTKmk.roa (raw, json)
Hash identifier:          5jFFoTGDgprcEjZVgjRxevKlpNnVIMQBafl1DWbMpgg=
Subject key identifier:   83:D7:5C:3E:7A:36:35:46:56:CB:4F:AD:76:1C:B4:CE:18:53:2A:69
Certificate issuer:       /CN=3283151e838675754629260425bffce929d8a8ed
Certificate serial:       018CC801A9EF624E921412269ABFA9395048
Authority key identifier: 32:83:15:1E:83:86:75:75:46:29:26:04:25:BF:FC:E9:29:D8:A8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MoMVHoOGdXVGKSYEJb_86SnYqO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/g9dcPno2NUZWy0-tdhy0zhhTKmk.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12388
IP address blocks:        83.220.192.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/MoMVHoOGdXVGKSYEJb_86SnYqO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/MoMVHoOGdXVGKSYEJb_86SnYqO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MoMVHoOGdXVGKSYEJb_86SnYqO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a9:ef:62:4e:92:14:12:26:9a:bf:a9:39:50:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3283151e838675754629260425bffce929d8a8ed
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83d75c3e7a36354656cb4fad761cb4ce18532a69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d0:84:72:8c:c1:5a:1c:d0:7b:5e:69:d0:5b:
                    92:ca:08:59:55:07:21:17:f3:b6:01:5b:c0:66:b0:
                    2a:c1:c3:40:ea:53:6f:94:82:8d:11:b3:85:4f:b3:
                    e6:26:2c:93:0c:8a:27:02:9d:f6:4a:71:2a:d5:80:
                    af:e8:9a:4a:ef:a6:da:9f:29:63:87:98:7a:91:25:
                    be:33:f2:a2:74:a4:59:7d:ce:f5:b2:96:7f:d5:91:
                    37:d4:b4:b0:89:23:f4:99:d4:94:1f:68:18:da:50:
                    90:43:53:60:22:87:cb:a8:01:a4:81:08:31:70:91:
                    dd:d2:5f:b0:9a:39:bc:35:b6:0c:9c:e2:fc:bf:dc:
                    99:45:d0:39:86:b5:47:a2:b3:4c:31:84:8d:e2:80:
                    0a:4c:df:a4:e2:81:44:ba:2c:71:b8:91:f3:46:47:
                    c0:c8:42:8e:04:02:29:e8:8a:e3:6b:20:d7:2b:f3:
                    83:ec:02:8f:79:ad:a2:78:73:8f:60:85:a9:71:18:
                    51:f2:28:8a:22:6c:55:12:d4:2b:d0:9a:d8:33:5c:
                    60:ec:ff:67:1c:4a:9e:e1:44:27:c3:b0:26:40:ab:
                    9d:e4:e8:05:21:4f:2a:9d:38:14:e1:76:46:09:9e:
                    a5:9f:ca:bd:ae:94:10:c7:39:e1:96:d4:e9:69:71:
                    77:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D7:5C:3E:7A:36:35:46:56:CB:4F:AD:76:1C:B4:CE:18:53:2A:69
            X509v3 Authority Key Identifier:
                keyid:32:83:15:1E:83:86:75:75:46:29:26:04:25:BF:FC:E9:29:D8:A8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MoMVHoOGdXVGKSYEJb_86SnYqO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/g9dcPno2NUZWy0-tdhy0zhhTKmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7df50a-2d87-4d09-b9ac-05821d4099b8/1/MoMVHoOGdXVGKSYEJb_86SnYqO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         30:4d:8f:ed:7a:72:60:db:98:26:8c:1a:52:02:bd:72:68:fb:
         dc:e4:a4:50:48:d8:75:3f:9e:f2:d6:22:4f:ac:ec:75:9f:d2:
         22:ca:2e:c8:88:a6:20:b4:0b:d4:a7:21:74:f1:cd:3e:13:b2:
         35:fd:fa:5a:55:9b:d7:7b:4c:15:3c:52:74:80:5b:cf:0e:6a:
         da:11:72:cb:62:76:20:05:ab:68:a0:95:90:84:d9:95:cc:4b:
         cd:19:75:41:64:c9:d1:98:48:3f:a4:73:2d:ee:92:4d:bf:35:
         23:ec:8f:87:d1:11:e7:e6:b8:95:f3:de:56:a1:64:c1:ee:20:
         a0:fc:87:a1:ff:66:b3:ca:7a:73:49:63:c8:80:d8:a3:73:2e:
         fa:be:01:f5:96:c4:c3:38:73:96:21:12:ce:7a:ef:13:03:11:
         19:ab:c5:bf:5c:cd:b8:a8:90:e0:0c:cf:17:4a:3f:6d:c4:a5:
         4f:fb:d1:16:0b:74:ee:3e:21:ef:86:ac:f5:64:bb:01:48:cb:
         f0:fa:a7:57:ff:9a:a7:55:31:28:59:c0:b2:9f:79:05:7b:63:
         10:b0:15:15:aa:86:cb:a4:86:e7:0a:d9:a7:68:04:1c:38:34:
         6f:9e:cb:1c:d1:d6:a7:a7:7b:de:4b:47:70:f6:51:72:fd:78:
         a5:6c:85:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAanvYk6SFBImmr+pOVBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyODMxNTFlODM4Njc1NzU0NjI5MjYwNDI1YmZmY2U5Mjlk
OGE4ZWQwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q3NWMzZTdhMzYzNTQ2NTZjYjRmYWQ3NjFjYjRjZTE4NTMyYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdCEcozBWhzQe15p0FuSyghZVQch
F/O2AVvAZrAqwcNA6lNvlIKNEbOFT7PmJiyTDIonAp32SnEq1YCv6JpK76banylj
h5h6kSW+M/KidKRZfc71spZ/1ZE31LSwiSP0mdSUH2gY2lCQQ1NgIofLqAGkgQgx
cJHd0l+wmjm8NbYMnOL8v9yZRdA5hrVHorNMMYSN4oAKTN+k4oFEuixxuJHzRkfA
yEKOBAIp6IrjayDXK/OD7AKPea2ieHOPYIWpcRhR8iiKImxVEtQr0JrYM1xg7P9n
HEqe4UQnw7AmQKud5OgFIU8qnTgU4XZGCZ6ln8q9rpQQxznhltTpaXF3DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPXXD56NjVGVstPrXYctM4YUyppMB8GA1UdIwQY
MBaAFDKDFR6DhnV1RikmBCW//Okp2KjtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW9NVkhvT0dkWFZHS1NZRUpiXzg2U25ZcU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ZGY1MGEtMmQ4Ny00ZDA5LWI5YWMt
MDU4MjFkNDA5OWI4LzEvZzlkY1BubzJOVVpXeTAtdGRoeTB6aGhUS21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ZGY1MGEtMmQ4Ny00ZDA5LWI5YWMtMDU4MjFkNDA5OWI4
LzEvTW9NVkhvT0dkWFZHS1NZRUpiXzg2U25ZcU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFU9zAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwTY/tenJg25gmjBpSAr1yaPvc5KRQSNh1P57y1iJP
rOx1n9Iiyi7IiKYgtAvUpyF08c0+E7I1/fpaVZvXe0wVPFJ0gFvPDmraEXLLYnYg
BatooJWQhNmVzEvNGXVBZMnRmEg/pHMt7pJNvzUj7I+H0RHn5riV895WoWTB7iCg
/Ieh/2azynpzSWPIgNijcy76vgH1lsTDOHOWIRLOeu8TAxEZq8W/XM24qJDgDM8X
Sj9txKVP+9EWC3TuPiHvhqz1ZLsBSMvw+qdX/5qnVTEoWcCyn3kFe2MQsBUVqobL
pIbnCtmnaAQcODRvnssc0danp3veS0dw9lFy/XilbIXO
-----END CERTIFICATE-----