Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/904a2a-6dd1-4974-bb29-4c92cec08ba8/1/6bpPSNIzV2-XP9o8Eom7-Ds4Ph0.roa
File:                     6bpPSNIzV2-XP9o8Eom7-Ds4Ph0.roa (raw, json)
Hash identifier:          UnhPQ75UmpoUKeWsVSHTUnHUA6l0ylS71ijBknPh0qs=
Subject key identifier:   E9:BA:4F:48:D2:33:57:6F:97:3F:DA:3C:12:89:BB:F8:3B:38:3E:1D
Certificate issuer:       /CN=58f7d27ebc269bf14b8d6895791affd429f70222
Certificate serial:       018CC8015A4B03E7A999F9DD3BC1036A032C
Authority key identifier: 58:F7:D2:7E:BC:26:9B:F1:4B:8D:68:95:79:1A:FF:D4:29:F7:02:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WPfSfrwmm_FLjWiVeRr_1Cn3AiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/904a2a-6dd1-4974-bb29-4c92cec08ba8/1/6bpPSNIzV2-XP9o8Eom7-Ds4Ph0.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209835
IP address blocks:        83.143.109.0/24 maxlen: 24
                          83.143.110.0/24 maxlen: 24
                          83.143.108.0/24 maxlen: 24
                          83.143.111.0/24 maxlen: 24
                          83.143.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/904a2a-6dd1-4974-bb29-4c92cec08ba8/1/WPfSfrwmm_FLjWiVeRr_1Cn3AiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/904a2a-6dd1-4974-bb29-4c92cec08ba8/1/WPfSfrwmm_FLjWiVeRr_1Cn3AiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WPfSfrwmm_FLjWiVeRr_1Cn3AiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5a:4b:03:e7:a9:99:f9:dd:3b:c1:03:6a:03:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58f7d27ebc269bf14b8d6895791affd429f70222
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9ba4f48d233576f973fda3c1289bbf83b383e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9b:8c:a3:2d:9f:87:c3:ba:b7:2c:13:e7:6f:
                    05:ab:f1:fd:53:e5:f0:f6:e8:66:b2:f4:bc:12:97:
                    7e:2d:89:bd:b7:e9:fe:d1:4e:b0:cf:42:9e:7b:02:
                    bc:34:fc:52:be:70:e4:4b:6a:9e:4a:71:5b:76:8f:
                    c5:21:05:ab:71:e3:4c:d0:d6:3d:a3:53:53:29:1c:
                    d3:3d:94:5e:a5:5d:8a:5c:aa:09:05:db:f6:8f:67:
                    5e:54:c3:b3:5b:e6:bc:12:d0:0f:09:be:9c:ac:0b:
                    76:f5:fd:c3:f6:e7:e0:8e:b1:b5:59:06:3b:0d:f1:
                    33:8c:59:b0:de:dc:e5:73:76:62:db:7b:24:83:79:
                    69:90:f5:63:23:97:4c:2a:4a:5c:b8:ae:08:6b:6d:
                    c0:e5:af:77:5b:6d:18:93:8a:2c:c9:00:b3:69:fb:
                    3f:6b:a1:5e:fb:7f:18:65:12:71:02:4d:30:77:3f:
                    82:18:d4:45:d3:75:d6:49:34:4d:89:50:eb:37:e2:
                    88:5d:dd:b3:53:75:95:bf:aa:96:e6:d1:b9:a1:d0:
                    41:a7:0a:01:dd:09:a3:16:9a:0f:9c:aa:aa:4d:f7:
                    dd:9a:03:d8:92:c3:21:8d:d2:90:ca:b4:84:03:03:
                    50:a4:06:bc:be:cf:d9:9b:97:bf:ba:54:79:a6:de:
                    08:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:BA:4F:48:D2:33:57:6F:97:3F:DA:3C:12:89:BB:F8:3B:38:3E:1D
            X509v3 Authority Key Identifier:
                keyid:58:F7:D2:7E:BC:26:9B:F1:4B:8D:68:95:79:1A:FF:D4:29:F7:02:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WPfSfrwmm_FLjWiVeRr_1Cn3AiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/904a2a-6dd1-4974-bb29-4c92cec08ba8/1/6bpPSNIzV2-XP9o8Eom7-Ds4Ph0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/904a2a-6dd1-4974-bb29-4c92cec08ba8/1/WPfSfrwmm_FLjWiVeRr_1Cn3AiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:24:a6:d1:7a:d4:94:fd:45:aa:29:b1:87:25:bd:f3:b1:18:
         38:a3:f4:dc:a4:4e:cf:57:15:1b:e0:5e:07:e4:6c:1d:70:56:
         80:9a:8c:05:5b:a6:7e:67:b6:bb:1b:82:75:d2:2f:63:c0:4b:
         a5:b8:9a:72:b7:9c:a8:75:e0:17:bc:5c:05:1a:b7:fe:33:59:
         da:25:73:66:02:b5:d7:4a:35:9e:b1:be:a7:f7:8c:01:61:c8:
         fa:6f:3d:e7:ca:9e:63:89:63:72:86:d2:a8:e0:66:67:19:94:
         47:24:73:55:a4:33:6a:62:df:d0:a9:0f:37:e9:c5:f2:9e:1a:
         cb:20:43:03:e6:71:4b:e7:90:a0:dc:55:4d:30:b0:3b:44:fd:
         d8:84:96:64:f7:6e:b1:53:f7:7a:5d:e3:66:58:96:87:ae:ba:
         8f:e5:e9:06:20:7b:7d:cd:11:63:74:f9:a1:86:f5:51:57:df:
         36:0f:a6:bf:4e:00:81:9d:c2:13:0c:fb:74:4f:aa:bc:dd:b4:
         89:a2:56:bb:e2:3b:60:72:a5:df:d2:85:3b:a8:ad:bd:f6:ae:
         19:b8:05:10:f7:43:c6:8a:3b:c7:94:1c:5c:d7:ca:fe:53:fe:
         59:c5:53:4d:32:c0:44:a9:3b:bf:02:f2:47:e7:88:44:e1:01:
         a4:48:30:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVpLA+epmfndO8EDagMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZjdkMjdlYmMyNjliZjE0YjhkNjg5NTc5MWFmZmQ0Mjlm
NzAyMjIwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWJhNGY0OGQyMzM1NzZmOTczZmRhM2MxMjg5YmJmODNiMzgzZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpuMoy2fh8O6tywT528Fq/H9U+Xw
9uhmsvS8Epd+LYm9t+n+0U6wz0KeewK8NPxSvnDkS2qeSnFbdo/FIQWrceNM0NY9
o1NTKRzTPZRepV2KXKoJBdv2j2deVMOzW+a8EtAPCb6crAt29f3D9ufgjrG1WQY7
DfEzjFmw3tzlc3Zi23skg3lpkPVjI5dMKkpcuK4Ia23A5a93W20Yk4osyQCzafs/
a6Fe+38YZRJxAk0wdz+CGNRF03XWSTRNiVDrN+KIXd2zU3WVv6qW5tG5odBBpwoB
3QmjFpoPnKqqTffdmgPYksMhjdKQyrSEAwNQpAa8vs/Zm5e/ulR5pt4IywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOm6T0jSM1dvlz/aPBKJu/g7OD4dMB8GA1UdIwQY
MBaAFFj30n68JpvxS41olXka/9Qp9wIiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1BmU2Zyd21tX0ZMaldpVmVScl8xQ24zQWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC85MDRhMmEtNmRkMS00OTc0LWJiMjkt
NGM5MmNlYzA4YmE4LzEvNmJwUFNOSXpWMi1YUDlvOEVvbTctRHM0UGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC85MDRhMmEtNmRkMS00OTc0LWJiMjktNGM5MmNlYzA4YmE4
LzEvV1BmU2Zyd21tX0ZMaldpVmVScl8xQ24zQWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU49sMA0G
CSqGSIb3DQEBCwUAA4IBAQBeJKbRetSU/UWqKbGHJb3zsRg4o/TcpE7PVxUb4F4H
5GwdcFaAmowFW6Z+Z7a7G4J10i9jwEuluJpyt5yodeAXvFwFGrf+M1naJXNmArXX
SjWesb6n94wBYcj6bz3nyp5jiWNyhtKo4GZnGZRHJHNVpDNqYt/QqQ836cXynhrL
IEMD5nFL55Cg3FVNMLA7RP3YhJZk926xU/d6XeNmWJaHrrqP5ekGIHt9zRFjdPmh
hvVRV982D6a/TgCBncITDPt0T6q83bSJola74jtgcqXf0oU7qK299q4ZuAUQ90PG
ijvHlBxc18r+U/5ZxVNNMsBEqTu/AvJH54hE4QGkSDDs
-----END CERTIFICATE-----