Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/f7zcH5KbMBNIi-GELxsjiKh2ntc.roa
File:                     f7zcH5KbMBNIi-GELxsjiKh2ntc.roa (raw, json)
Hash identifier:          T2x+lX2vLACVZbrUGATthJVfavEFtJpPRj8efiKT2Qs=
Subject key identifier:   7F:BC:DC:1F:92:9B:30:13:48:8B:E1:84:2F:1B:23:88:A8:76:9E:D7
Certificate issuer:       /CN=000d0fee2cd566965ca08db550663cb20b412343
Certificate serial:       018CC3489FB5ABD2D1F3F112A579C5F6C157
Authority key identifier: 00:0D:0F:EE:2C:D5:66:96:5C:A0:8D:B5:50:66:3C:B2:0B:41:23:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AA0P7izVZpZcoI21UGY8sgtBI0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/f7zcH5KbMBNIi-GELxsjiKh2ntc.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208623
IP address blocks:        83.138.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/AA0P7izVZpZcoI21UGY8sgtBI0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/AA0P7izVZpZcoI21UGY8sgtBI0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AA0P7izVZpZcoI21UGY8sgtBI0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9f:b5:ab:d2:d1:f3:f1:12:a5:79:c5:f6:c1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=000d0fee2cd566965ca08db550663cb20b412343
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fbcdc1f929b3013488be1842f1b2388a8769ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6f:a9:63:5e:c4:c2:02:4f:dc:e2:18:44:42:
                    db:3c:01:00:c8:29:b9:47:da:7a:ca:18:d8:a5:7c:
                    89:15:e3:ee:ec:1f:b9:51:a9:dc:f1:94:6f:79:44:
                    6a:3b:76:e5:28:52:e3:cc:07:93:f0:0a:60:c3:de:
                    59:ed:f9:e7:6b:45:89:bd:53:97:22:e2:85:62:b4:
                    f5:fd:a7:e3:c0:16:45:91:62:5f:37:ac:d0:f4:f1:
                    ed:e5:9f:fb:ad:39:34:38:6f:a2:41:6b:11:c9:40:
                    4c:7b:9b:ed:ce:29:c3:1b:00:3b:a2:09:f5:2c:4f:
                    b7:d4:6f:36:92:d8:d3:88:a7:86:e4:1e:bf:a2:34:
                    0c:97:42:5c:ea:0b:fe:e8:34:5d:b2:8c:75:f1:2d:
                    3f:cb:4f:e8:9d:de:5b:b0:d4:9c:4f:58:5a:65:a1:
                    fe:a3:65:90:c0:a0:38:4e:36:c9:8f:2c:b8:c0:d4:
                    61:35:43:c3:62:ae:d5:64:29:d5:02:85:67:27:9f:
                    07:c6:f0:02:24:7b:cf:48:9d:f0:91:12:43:1e:f2:
                    d3:d4:4d:c4:f5:f8:a6:d9:4f:97:ed:48:e8:c3:3e:
                    f5:d7:02:db:a4:58:d7:91:d8:48:09:63:49:8a:30:
                    a7:c6:14:34:93:0d:52:be:d0:01:89:0b:fd:1b:fa:
                    bc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BC:DC:1F:92:9B:30:13:48:8B:E1:84:2F:1B:23:88:A8:76:9E:D7
            X509v3 Authority Key Identifier:
                keyid:00:0D:0F:EE:2C:D5:66:96:5C:A0:8D:B5:50:66:3C:B2:0B:41:23:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AA0P7izVZpZcoI21UGY8sgtBI0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/f7zcH5KbMBNIi-GELxsjiKh2ntc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/e6fe09-c22d-45b7-a599-b941ba921b3f/1/AA0P7izVZpZcoI21UGY8sgtBI0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.138.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:8f:53:e1:f4:ef:6f:f9:8c:fb:61:10:88:55:1e:c2:76:8d:
         ff:1b:46:7a:0e:04:ac:98:ef:96:2a:c6:35:d9:ce:02:6a:97:
         38:76:4a:d9:66:e7:3a:8a:3d:54:13:27:97:99:0c:2d:8e:d1:
         4f:d2:23:65:fe:52:66:0b:4e:8a:d1:b4:49:01:0d:80:89:eb:
         a1:5e:04:20:a2:48:b4:c3:b0:f2:70:5d:a0:51:95:29:0d:08:
         d3:3a:00:bd:b3:c3:66:56:b8:b6:c9:14:11:49:64:ac:1e:70:
         e2:8c:b5:f9:ac:f0:08:df:db:8c:a0:85:35:a9:cd:fd:33:de:
         e7:4d:c1:a0:73:2d:8a:ef:7a:99:81:b9:8e:14:47:84:0d:20:
         90:9b:29:8c:53:7c:27:23:f0:cc:c5:eb:32:a1:29:11:63:03:
         b8:ff:48:2f:2f:63:ca:57:c0:85:6b:bf:96:a1:47:45:e8:e2:
         41:31:e5:dc:3e:91:81:66:cc:60:0f:96:fc:fb:0e:5d:61:a2:
         9e:64:93:db:0f:8b:95:32:a0:26:35:4a:46:74:cf:c9:b1:db:
         af:3d:33:71:fb:59:b4:4c:73:4d:52:19:49:a4:f3:8a:d7:35:
         b8:d2:69:66:2d:de:fe:34:f5:59:cb:6c:4e:51:6f:a0:bc:aa:
         f1:98:16:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJ+1q9LR8/ESpXnF9sFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMGQwZmVlMmNkNTY2OTY1Y2EwOGRiNTUwNjYzY2IyMGI0
MTIzNDMwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJjZGMxZjkyOWIzMDEzNDg4YmUxODQyZjFiMjM4OGE4NzY5ZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhm+pY17EwgJP3OIYRELbPAEAyCm5
R9p6yhjYpXyJFePu7B+5Uanc8ZRveURqO3blKFLjzAeT8Apgw95Z7fnna0WJvVOX
IuKFYrT1/afjwBZFkWJfN6zQ9PHt5Z/7rTk0OG+iQWsRyUBMe5vtzinDGwA7ogn1
LE+31G82ktjTiKeG5B6/ojQMl0Jc6gv+6DRdsox18S0/y0/ond5bsNScT1haZaH+
o2WQwKA4TjbJjyy4wNRhNUPDYq7VZCnVAoVnJ58HxvACJHvPSJ3wkRJDHvLT1E3E
9fim2U+X7Ujowz711wLbpFjXkdhICWNJijCnxhQ0kw1SvtABiQv9G/q8mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+83B+SmzATSIvhhC8bI4iodp7XMB8GA1UdIwQY
MBaAFAAND+4s1WaWXKCNtVBmPLILQSNDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUEwUDdpelZacFpjb0kyMVVHWThzZ3RCSTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9lNmZlMDktYzIyZC00NWI3LWE1OTkt
Yjk0MWJhOTIxYjNmLzEvZjd6Y0g1S2JNQk5JaS1HRUx4c2ppS2gybnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9lNmZlMDktYzIyZC00NWI3LWE1OTktYjk0MWJhOTIxYjNm
LzEvQUEwUDdpelZacFpjb0kyMVVHWThzZ3RCSTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4oSMA0G
CSqGSIb3DQEBCwUAA4IBAQB3j1Ph9O9v+Yz7YRCIVR7Cdo3/G0Z6DgSsmO+WKsY1
2c4Capc4dkrZZuc6ij1UEyeXmQwtjtFP0iNl/lJmC06K0bRJAQ2AieuhXgQgoki0
w7DycF2gUZUpDQjTOgC9s8NmVri2yRQRSWSsHnDijLX5rPAI39uMoIU1qc39M97n
TcGgcy2K73qZgbmOFEeEDSCQmymMU3wnI/DMxesyoSkRYwO4/0gvL2PKV8CFa7+W
oUdF6OJBMeXcPpGBZsxgD5b8+w5dYaKeZJPbD4uVMqAmNUpGdM/JsduvPTNx+1m0
THNNUhlJpPOK1zW40mlmLd7+NPVZy2xOUW+gvKrxmBb5
-----END CERTIFICATE-----