Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/7076a2-295f-45ec-b7c8-c5c9c689b745/1/A0enIuNHSeOD5MONijIejGswAY4.roa
File:                     A0enIuNHSeOD5MONijIejGswAY4.roa (raw, json)
Hash identifier:          5KTSxzpbEwlehNdaZ8cToYvMvy5417iULyA9f0ndiAo=
Subject key identifier:   03:47:A7:22:E3:47:49:E3:83:E4:C3:8D:8A:32:1E:8C:6B:30:01:8E
Certificate issuer:       /CN=dcfa86863c55865700634e1135e617e4079af8b9
Certificate serial:       018CC2DB3567F995D6980010593B4EE440A9
Authority key identifier: DC:FA:86:86:3C:55:86:57:00:63:4E:11:35:E6:17:E4:07:9A:F8:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3PqGhjxVhlcAY04RNeYX5Aea-Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/7076a2-295f-45ec-b7c8-c5c9c689b745/1/A0enIuNHSeOD5MONijIejGswAY4.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207280
IP address blocks:        83.136.223.0/24 maxlen: 32
                          2a10:f00::/48 maxlen: 128
                          2a10:f00:1::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/7076a2-295f-45ec-b7c8-c5c9c689b745/1/3PqGhjxVhlcAY04RNeYX5Aea-Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/7076a2-295f-45ec-b7c8-c5c9c689b745/1/3PqGhjxVhlcAY04RNeYX5Aea-Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3PqGhjxVhlcAY04RNeYX5Aea-Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:35:67:f9:95:d6:98:00:10:59:3b:4e:e4:40:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfa86863c55865700634e1135e617e4079af8b9
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0347a722e34749e383e4c38d8a321e8c6b30018e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:de:76:98:a4:22:ae:ff:86:eb:c2:7b:c9:1b:
                    55:6c:e7:dc:7e:52:df:ac:93:72:82:25:9c:64:e3:
                    3b:dc:57:10:85:0d:02:f4:31:bb:e3:71:73:bc:d4:
                    9d:b6:6d:35:f1:a0:e2:24:44:cd:c7:f7:6a:e1:f6:
                    6e:ba:e3:07:5c:cc:49:42:6a:68:6c:8b:9d:6b:e3:
                    c7:06:b8:7b:b1:11:d1:72:ac:84:ac:93:08:1e:55:
                    84:ed:de:f1:9e:28:07:07:fd:0c:a8:f2:bc:19:08:
                    65:27:f2:8d:ed:5d:40:a2:a9:b0:0d:61:0f:b6:f4:
                    c1:e5:93:fb:d7:e5:e9:00:72:b4:74:fd:90:80:c6:
                    8e:2f:37:47:a2:4e:b5:66:c4:5e:de:8e:67:05:e3:
                    bd:a5:17:99:98:17:32:96:52:e5:2d:e3:38:ea:38:
                    36:d5:99:cd:05:ad:be:ce:42:6a:7b:72:a2:cf:ae:
                    b1:47:e7:8f:2e:af:ab:59:7c:e6:7e:04:9a:88:93:
                    e7:68:d5:93:57:ae:82:de:16:65:44:b4:2c:90:2e:
                    0b:3a:b0:6c:0e:cc:cb:fd:bc:da:fc:e3:52:10:de:
                    39:76:a4:30:cf:76:77:f2:99:eb:8d:39:91:40:16:
                    2c:a2:cf:dd:a7:6a:df:cf:a1:4b:24:3c:35:e2:3a:
                    46:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:47:A7:22:E3:47:49:E3:83:E4:C3:8D:8A:32:1E:8C:6B:30:01:8E
            X509v3 Authority Key Identifier:
                keyid:DC:FA:86:86:3C:55:86:57:00:63:4E:11:35:E6:17:E4:07:9A:F8:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3PqGhjxVhlcAY04RNeYX5Aea-Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7076a2-295f-45ec-b7c8-c5c9c689b745/1/A0enIuNHSeOD5MONijIejGswAY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/7076a2-295f-45ec-b7c8-c5c9c689b745/1/3PqGhjxVhlcAY04RNeYX5Aea-Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.223.0/24
                IPv6:
                  2a10:f00::/47

    Signature Algorithm: sha256WithRSAEncryption
         63:80:b7:c2:3d:49:0c:2b:3c:0b:3c:02:fc:d2:ac:8c:3c:a6:
         0d:33:4f:6a:ff:0f:a5:26:91:46:55:2e:7d:af:ba:44:89:cd:
         da:41:42:dd:52:df:43:58:38:6f:e5:28:b3:2e:99:bb:3d:37:
         d6:b2:2a:7c:b4:a5:c9:81:a2:fc:e2:c3:bd:4e:92:2e:53:09:
         c1:bb:5c:7f:f8:44:08:cd:81:96:59:14:69:bf:ae:2f:83:6a:
         f6:0d:c7:5b:6b:2d:8a:42:f3:6e:19:17:a8:2c:8a:43:59:1c:
         4d:b4:d5:3e:2b:fc:97:73:fc:f7:c3:23:da:ec:87:76:d8:79:
         12:a3:7e:7c:eb:6f:1f:5b:f1:a4:81:54:e0:33:14:aa:bd:00:
         a0:0e:29:e9:14:89:8e:aa:ba:da:cc:4e:d0:37:ca:6c:91:e0:
         bf:83:76:fa:2c:49:2b:cb:5a:98:94:dc:1a:31:6f:be:54:5e:
         16:f1:d6:be:ff:c0:c6:d4:8f:fb:a6:3d:20:ce:fb:a5:d1:bc:
         a8:40:01:c1:3e:1d:e1:a3:5e:87:17:71:89:53:e7:bd:0e:4a:
         3c:01:5f:1b:65:65:40:bd:cc:46:42:ab:68:d0:3d:48:d1:b9:
         5e:b3:77:60:e3:83:12:98:45:f5:71:04:89:66:6a:51:a9:7e:
         b0:c2:30:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2zVn+ZXWmAAQWTtO5ECpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmE4Njg2M2M1NTg2NTcwMDYzNGUxMTM1ZTYxN2U0MDc5
YWY4YjkwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ3YTcyMmUzNDc0OWUzODNlNGMzOGQ4YTMyMWU4YzZiMzAwMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAld52mKQirv+G68J7yRtVbOfcflLf
rJNygiWcZOM73FcQhQ0C9DG743FzvNSdtm018aDiJETNx/dq4fZuuuMHXMxJQmpo
bIuda+PHBrh7sRHRcqyErJMIHlWE7d7xnigHB/0MqPK8GQhlJ/KN7V1AoqmwDWEP
tvTB5ZP71+XpAHK0dP2QgMaOLzdHok61ZsRe3o5nBeO9pReZmBcyllLlLeM46jg2
1ZnNBa2+zkJqe3Kiz66xR+ePLq+rWXzmfgSaiJPnaNWTV66C3hZlRLQskC4LOrBs
DszL/bza/ONSEN45dqQwz3Z38pnrjTmRQBYsos/dp2rfz6FLJDw14jpG/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFANHpyLjR0njg+TDjYoyHoxrMAGOMB8GA1UdIwQY
MBaAFNz6hoY8VYZXAGNOETXmF+QHmvi5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BxR2hqeFZobGNBWTA0Uk5lWVg1QWVhLUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83MDc2YTItMjk1Zi00NWVjLWI3Yzgt
YzVjOWM2ODliNzQ1LzEvQTBlbkl1TkhTZU9ENU1PTmlqSWVqR3N3QVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83MDc2YTItMjk1Zi00NWVjLWI3YzgtYzVjOWM2ODliNzQ1
LzEvM1BxR2hqeFZobGNBWTA0Uk5lWVg1QWVhLUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAU4jfMA8E
AgACMAkDBwEqEA8AAAAwDQYJKoZIhvcNAQELBQADggEBAGOAt8I9SQwrPAs8AvzS
rIw8pg0zT2r/D6UmkUZVLn2vukSJzdpBQt1S30NYOG/lKLMumbs9N9ayKny0pcmB
ovziw71Oki5TCcG7XH/4RAjNgZZZFGm/ri+DavYNx1trLYpC824ZF6gsikNZHE20
1T4r/Jdz/PfDI9rsh3bYeRKjfnzrbx9b8aSBVOAzFKq9AKAOKekUiY6qutrMTtA3
ymyR4L+DdvosSSvLWpiU3Boxb75UXhbx1r7/wMbUj/umPSDO+6XRvKhAAcE+HeGj
XocXcYlT570OSjwBXxtlZUC9zEZCq2jQPUjRuV6zd2DjgxKYRfVxBIlmalGpfrDC
MA8=
-----END CERTIFICATE-----