Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/O9buYQP9glcrTxFO9STSoUwF2W8.roa
File:                     O9buYQP9glcrTxFO9STSoUwF2W8.roa (raw, json)
Hash identifier:          C79UDhNrgspPk/NaOrHJGMCcygtK+y1tNicUz5md3+k=
Subject key identifier:   3B:D6:EE:61:03:FD:82:57:2B:4F:11:4E:F5:24:D2:A1:4C:05:D9:6F
Certificate issuer:       /CN=dc167379b591e95710cf7f31de2ec73ffbfb5ae7
Certificate serial:       018FE2F7E49E7D183CF69C91B1A201EA2D59
Authority key identifier: DC:16:73:79:B5:91:E9:57:10:CF:7F:31:DE:2E:C7:3F:FB:FB:5A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BZzebWR6VcQz38x3i7HP_v7Wuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/O9buYQP9glcrTxFO9STSoUwF2W8.roa
Signing time:             Tue 04 Jun 2024 11:17:27 +0000
ROA not before:           Tue 04 Jun 2024 11:17:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216315
IP address blocks:        83.220.30.0/24 maxlen: 24
                          83.220.31.0/24 maxlen: 24
                          2a13:abc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/3BZzebWR6VcQz38x3i7HP_v7Wuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/3BZzebWR6VcQz38x3i7HP_v7Wuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BZzebWR6VcQz38x3i7HP_v7Wuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:f7:e4:9e:7d:18:3c:f6:9c:91:b1:a2:01:ea:2d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc167379b591e95710cf7f31de2ec73ffbfb5ae7
        Validity
            Not Before: Jun  4 11:17:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bd6ee6103fd82572b4f114ef524d2a14c05d96f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3d:cc:45:33:ae:aa:6c:c4:68:b6:fe:6f:07:
                    f4:6c:dd:ed:c8:6f:42:6b:7e:ab:5c:3d:b6:90:47:
                    e0:ef:73:93:b2:f1:32:e7:ba:70:5a:5b:4a:27:22:
                    50:3d:9f:bb:89:1c:fc:83:1a:fb:8f:df:b5:89:65:
                    18:bd:b2:9d:e3:bb:f9:9a:94:03:63:06:8c:3f:c7:
                    de:fa:3a:a7:32:c8:49:4b:cf:f1:5f:9f:59:0c:a3:
                    e4:95:59:82:ff:c2:88:e5:18:ba:32:bd:0e:9c:e6:
                    57:9d:18:87:c9:88:3b:63:56:9d:c7:15:65:32:bf:
                    91:44:69:b5:54:c7:b4:23:04:12:73:f5:b6:1e:a0:
                    fd:7a:b0:20:a9:70:d5:4f:2e:93:e1:bf:f6:21:29:
                    ce:f4:e6:79:6a:a1:3f:7f:5f:b7:ab:45:d1:67:e6:
                    cb:ef:56:95:20:17:0c:7b:6f:08:2e:db:5d:2a:b0:
                    5e:37:f8:0e:6b:e6:93:36:9d:98:38:61:da:ac:4e:
                    a6:ce:1f:cd:8c:10:42:ec:13:6e:65:34:a9:a0:21:
                    c6:89:5e:5a:b6:1e:07:63:b0:56:c7:9b:e7:2c:c7:
                    ab:ca:d6:20:83:be:75:93:e5:eb:ab:22:ff:11:2e:
                    e9:73:1f:07:25:a4:74:88:fb:f3:1a:56:99:3c:ff:
                    50:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D6:EE:61:03:FD:82:57:2B:4F:11:4E:F5:24:D2:A1:4C:05:D9:6F
            X509v3 Authority Key Identifier:
                keyid:DC:16:73:79:B5:91:E9:57:10:CF:7F:31:DE:2E:C7:3F:FB:FB:5A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BZzebWR6VcQz38x3i7HP_v7Wuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/O9buYQP9glcrTxFO9STSoUwF2W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/3BZzebWR6VcQz38x3i7HP_v7Wuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.30.0/23
                IPv6:
                  2a13:abc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:a8:59:fb:3c:42:5d:ea:f2:fc:56:84:9a:a4:e5:2f:c6:14:
         8d:f0:84:bf:37:4c:5a:1e:ee:18:f9:ec:47:2f:c3:a5:f6:18:
         6e:8c:b2:92:4a:52:61:6c:6c:f5:f4:7e:83:91:9a:83:19:e9:
         01:bb:d3:3e:8b:48:f6:11:76:12:18:86:82:35:e2:f4:f1:3f:
         75:29:7c:8c:5e:91:0e:e0:29:50:15:dd:6d:39:1d:9a:dc:5a:
         21:2d:79:fb:05:b3:0a:74:6c:30:b6:d2:f2:d5:f9:a5:b0:20:
         be:85:63:8e:c7:74:11:8c:e1:f6:db:ce:e9:2f:3f:39:39:a0:
         2f:02:83:32:8e:a3:98:5e:28:aa:7b:cc:d6:04:ae:26:90:46:
         d9:5e:b1:e3:20:19:6c:b7:4d:f5:c0:c1:32:38:30:ef:61:af:
         db:fa:e0:f3:7b:0d:f0:6a:aa:42:19:f7:e4:0f:b4:7a:66:16:
         3b:36:8e:be:ef:65:7a:7e:06:6c:d0:9e:46:67:56:27:60:1d:
         30:13:d8:70:93:19:94:da:79:db:00:ab:aa:be:6b:b0:e3:69:
         c8:e7:15:27:5e:07:99:50:85:50:15:4d:ce:ae:f1:e7:24:ae:
         43:e4:e4:fb:27:05:10:17:90:65:a6:5a:95:61:db:ff:78:c5:
         e5:9d:fc:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/i9+SefRg89pyRsaIB6i1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTY3Mzc5YjU5MWU5NTcxMGNmN2YzMWRlMmVjNzNmZmJm
YjVhZTcwHhcNMjQwNjA0MTExNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQ2ZWU2MTAzZmQ4MjU3MmI0ZjExNGVmNTI0ZDJhMTRjMDVkOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT3MRTOuqmzEaLb+bwf0bN3tyG9C
a36rXD22kEfg73OTsvEy57pwWltKJyJQPZ+7iRz8gxr7j9+1iWUYvbKd47v5mpQD
YwaMP8fe+jqnMshJS8/xX59ZDKPklVmC/8KI5Ri6Mr0OnOZXnRiHyYg7Y1adxxVl
Mr+RRGm1VMe0IwQSc/W2HqD9erAgqXDVTy6T4b/2ISnO9OZ5aqE/f1+3q0XRZ+bL
71aVIBcMe28ILttdKrBeN/gOa+aTNp2YOGHarE6mzh/NjBBC7BNuZTSpoCHGiV5a
th4HY7BWx5vnLMerytYgg751k+XrqyL/ES7pcx8HJaR0iPvzGlaZPP9QowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDvW7mED/YJXK08RTvUk0qFMBdlvMB8GA1UdIwQY
MBaAFNwWc3m1kelXEM9/Md4uxz/7+1rnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JaemViV1I2VmNRejM4eDNpN0hQX3Y3V3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8xNWFiYzMtYzRlMy00YmE5LTgyYWUt
NWY2MjBiMzhiOTA4LzEvTzlidVlRUDlnbGNyVHhGTzlTVFNvVXdGMlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8xNWFiYzMtYzRlMy00YmE5LTgyYWUtNWY2MjBiMzhiOTA4
LzEvM0JaemViV1I2VmNRejM4eDNpN0hQX3Y3V3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBU9weMA0E
AgACMAcDBQMqE6vAMA0GCSqGSIb3DQEBCwUAA4IBAQBkqFn7PEJd6vL8VoSapOUv
xhSN8IS/N0xaHu4Y+exHL8Ol9hhujLKSSlJhbGz19H6DkZqDGekBu9M+i0j2EXYS
GIaCNeL08T91KXyMXpEO4ClQFd1tOR2a3FohLXn7BbMKdGwwttLy1fmlsCC+hWOO
x3QRjOH2287pLz85OaAvAoMyjqOYXiiqe8zWBK4mkEbZXrHjIBlst031wMEyODDv
Ya/b+uDzew3waqpCGffkD7R6ZhY7No6+72V6fgZs0J5GZ1YnYB0wE9hwkxmU2nnb
AKuqvmuw42nI5xUnXgeZUIVQFU3OrvHnJK5D5OT7JwUQF5BlplqVYdv/eMXlnfyj
-----END CERTIFICATE-----