Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/b1015d-4122-4174-82a5-4bbf645b10d3/1/qwZiqHSr4qvvuSMBBgdtej6lAN4.roa
File:                     qwZiqHSr4qvvuSMBBgdtej6lAN4.roa (raw, json)
Hash identifier:          KQdbYnAIvQyctKcukd2XKKvb+TkHzP+7sTxsGTx6U2I=
Subject key identifier:   AB:06:62:A8:74:AB:E2:AB:EF:B9:23:01:06:07:6D:7A:3E:A5:00:DE
Certificate issuer:       /CN=60f72537edf1dc0b7f694453450bca4aeef83f64
Certificate serial:       018CC6B89B115B50D693BEFF7DFB11FA0AAE
Authority key identifier: 60:F7:25:37:ED:F1:DC:0B:7F:69:44:53:45:0B:CA:4A:EE:F8:3F:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPclN-3x3At_aURTRQvKSu74P2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/b1015d-4122-4174-82a5-4bbf645b10d3/1/qwZiqHSr4qvvuSMBBgdtej6lAN4.roa
Signing time:             Mon 01 Jan 2024 20:30:36 +0000
ROA not before:           Mon 01 Jan 2024 20:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213048
IP address blocks:        83.136.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/b1015d-4122-4174-82a5-4bbf645b10d3/1/YPclN-3x3At_aURTRQvKSu74P2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/b1015d-4122-4174-82a5-4bbf645b10d3/1/YPclN-3x3At_aURTRQvKSu74P2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPclN-3x3At_aURTRQvKSu74P2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:9b:11:5b:50:d6:93:be:ff:7d:fb:11:fa:0a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60f72537edf1dc0b7f694453450bca4aeef83f64
        Validity
            Not Before: Jan  1 20:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab0662a874abe2abefb9230106076d7a3ea500de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:17:fd:ac:c1:d0:1d:7a:8e:b9:42:13:60:66:
                    14:bc:12:1e:d5:0d:ae:80:03:24:98:16:e0:f9:37:
                    08:7a:d5:36:5c:48:8a:58:9b:c0:66:3d:0d:e2:12:
                    eb:67:a1:ec:6a:e4:5e:7b:1f:c1:19:5e:40:27:fd:
                    98:12:fe:1e:73:56:10:9a:95:5b:72:f1:fe:99:53:
                    29:c4:30:ec:3e:49:96:95:a5:7e:77:e1:7b:bd:23:
                    a8:3f:e7:85:b1:cf:a6:de:c7:79:cf:cd:31:f7:03:
                    2f:d4:e3:fd:15:19:b4:ba:19:76:a2:c8:4c:c4:12:
                    db:0a:ab:9e:9f:b7:56:69:f0:0c:2b:dc:3f:8b:39:
                    4f:a3:83:7f:d3:2c:57:a3:df:34:8c:70:f3:9e:c9:
                    40:78:a2:11:db:af:14:b8:b9:7d:cb:7a:39:70:b9:
                    9d:ee:73:8b:98:af:2f:95:a9:06:ab:54:a3:f8:a1:
                    98:a6:a2:7b:b1:5f:71:2c:a2:a9:53:00:e3:5b:38:
                    e0:4b:52:ff:e3:97:00:df:e5:af:75:b1:0a:56:f2:
                    ff:d4:f3:ba:74:2d:4c:18:6b:dd:f5:0e:c2:da:3f:
                    51:56:78:3f:90:1d:18:fd:5c:6a:e9:cb:df:9b:32:
                    45:49:f0:a9:64:18:0c:4a:c7:c5:43:1d:dd:f6:27:
                    fe:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:06:62:A8:74:AB:E2:AB:EF:B9:23:01:06:07:6D:7A:3E:A5:00:DE
            X509v3 Authority Key Identifier:
                keyid:60:F7:25:37:ED:F1:DC:0B:7F:69:44:53:45:0B:CA:4A:EE:F8:3F:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPclN-3x3At_aURTRQvKSu74P2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/b1015d-4122-4174-82a5-4bbf645b10d3/1/qwZiqHSr4qvvuSMBBgdtej6lAN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/b1015d-4122-4174-82a5-4bbf645b10d3/1/YPclN-3x3At_aURTRQvKSu74P2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:e0:fc:61:79:0d:d1:d0:e8:42:1b:ff:7f:02:d7:94:71:05:
         e1:9b:84:06:94:36:80:ce:a0:6f:aa:fe:c4:f0:1a:ae:03:5a:
         e5:55:0f:4c:90:de:8e:e2:7f:28:bf:24:1e:3e:96:fe:08:20:
         06:5e:20:f8:3f:7a:e3:68:47:66:e4:9a:3b:4f:db:b0:4f:07:
         56:c1:ae:07:dd:12:2c:d9:c9:e1:10:c9:7f:2d:b2:0a:c7:1e:
         b8:b1:87:25:d3:ba:57:bc:91:3d:47:47:f5:b4:0d:9f:81:2f:
         8b:a9:53:3d:0a:8e:9c:71:18:df:63:39:a1:6d:72:98:05:10:
         a9:dc:69:9d:71:64:58:57:42:a0:bc:59:2c:53:75:ec:10:eb:
         5c:4a:26:a4:3a:d3:5a:57:4d:42:c4:dd:d5:ac:b9:54:05:8c:
         ab:71:67:3f:5e:ef:b7:fa:e1:09:39:e6:17:2d:1f:7e:5e:b5:
         09:92:cf:cb:8b:76:07:55:5e:98:6a:a9:d3:7a:4b:2d:b4:ec:
         79:23:2e:56:05:69:80:a2:ba:2c:10:d5:58:01:a8:f8:b1:c0:
         f4:2a:25:ce:65:54:2b:aa:9c:8a:a1:4a:e5:0b:d5:97:71:31:
         d8:5b:de:54:48:d5:40:7f:01:8d:6e:b4:86:92:17:45:ca:6a:
         bd:32:75:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJsRW1DWk77/ffsR+gquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZjcyNTM3ZWRmMWRjMGI3ZjY5NDQ1MzQ1MGJjYTRhZWVm
ODNmNjQwHhcNMjQwMTAxMjAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA2NjJhODc0YWJlMmFiZWZiOTIzMDEwNjA3NmQ3YTNlYTUwMGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Rf9rMHQHXqOuUITYGYUvBIe1Q2u
gAMkmBbg+TcIetU2XEiKWJvAZj0N4hLrZ6HsauReex/BGV5AJ/2YEv4ec1YQmpVb
cvH+mVMpxDDsPkmWlaV+d+F7vSOoP+eFsc+m3sd5z80x9wMv1OP9FRm0uhl2oshM
xBLbCquen7dWafAMK9w/izlPo4N/0yxXo980jHDznslAeKIR268UuLl9y3o5cLmd
7nOLmK8vlakGq1Sj+KGYpqJ7sV9xLKKpUwDjWzjgS1L/45cA3+WvdbEKVvL/1PO6
dC1MGGvd9Q7C2j9RVng/kB0Y/Vxq6cvfmzJFSfCpZBgMSsfFQx3d9if+uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsGYqh0q+Kr77kjAQYHbXo+pQDeMB8GA1UdIwQY
MBaAFGD3JTft8dwLf2lEU0ULykru+D9kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVBjbE4tM3gzQXRfYVVSVFJRdktTdTc0UDJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9iMTAxNWQtNDEyMi00MTc0LTgyYTUt
NGJiZjY0NWIxMGQzLzEvcXdaaXFIU3I0cXZ2dVNNQkJnZHRlajZsQU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9iMTAxNWQtNDEyMi00MTc0LTgyYTUtNGJiZjY0NWIxMGQz
LzEvWVBjbE4tM3gzQXRfYVVSVFJRdktTdTc0UDJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4jcMA0G
CSqGSIb3DQEBCwUAA4IBAQCi4PxheQ3R0OhCG/9/AteUcQXhm4QGlDaAzqBvqv7E
8BquA1rlVQ9MkN6O4n8ovyQePpb+CCAGXiD4P3rjaEdm5Jo7T9uwTwdWwa4H3RIs
2cnhEMl/LbIKxx64sYcl07pXvJE9R0f1tA2fgS+LqVM9Co6ccRjfYzmhbXKYBRCp
3GmdcWRYV0KgvFksU3XsEOtcSiakOtNaV01CxN3VrLlUBYyrcWc/Xu+3+uEJOeYX
LR9+XrUJks/Li3YHVV6YaqnTeksttOx5Iy5WBWmAorosENVYAaj4scD0KiXOZVQr
qpyKoUrlC9WXcTHYW95USNVAfwGNbrSGkhdFymq9MnVB
-----END CERTIFICATE-----