Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/S9c_l83ZeA_p8BDTHpX3IENYaL8.roa
File:                     S9c_l83ZeA_p8BDTHpX3IENYaL8.roa (raw, json)
Hash identifier:          NY16BW1dZwi5NEee44mY6kP5P2505wt5dVeye132FXI=
Subject key identifier:   4B:D7:3F:97:CD:D9:78:0F:E9:F0:10:D3:1E:95:F7:20:43:58:68:BF
Certificate issuer:       /CN=dc167379b591e95710cf7f31de2ec73ffbfb5ae7
Certificate serial:       018CC86F267A9EE97EE724087961A702F7A6
Authority key identifier: DC:16:73:79:B5:91:E9:57:10:CF:7F:31:DE:2E:C7:3F:FB:FB:5A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BZzebWR6VcQz38x3i7HP_v7Wuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/S9c_l83ZeA_p8BDTHpX3IENYaL8.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216315
IP address blocks:        83.220.30.0/23 maxlen: 23
                          2a13:abc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/3BZzebWR6VcQz38x3i7HP_v7Wuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/3BZzebWR6VcQz38x3i7HP_v7Wuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BZzebWR6VcQz38x3i7HP_v7Wuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:26:7a:9e:e9:7e:e7:24:08:79:61:a7:02:f7:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc167379b591e95710cf7f31de2ec73ffbfb5ae7
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bd73f97cdd9780fe9f010d31e95f720435868bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:55:a9:25:1f:3c:83:57:e3:9f:a7:f7:2a:ac:
                    04:6d:f8:91:58:94:61:96:86:55:ef:db:c6:a5:95:
                    5a:14:e7:17:7f:f2:75:fd:89:85:b3:57:06:09:e7:
                    98:06:49:65:06:de:18:c2:ad:b3:17:68:bb:32:6e:
                    14:3e:85:e6:e7:92:cf:94:e0:50:ec:f6:3a:ec:60:
                    10:6c:e8:d0:29:cf:ec:24:cb:e2:bf:bc:14:81:29:
                    bf:63:85:d7:40:c9:f1:91:5a:fe:ad:75:4d:6d:60:
                    2f:8c:0b:c1:f0:d6:7e:c4:66:4a:86:e5:86:57:49:
                    d2:9b:fa:17:31:4c:85:84:80:9e:4b:4d:2f:20:a4:
                    ad:ab:db:dc:3d:bc:b2:1f:72:53:19:8a:ee:d0:be:
                    68:3c:8b:87:ec:0b:6e:52:14:0e:45:75:d5:80:e7:
                    04:ff:51:6f:1e:be:07:8c:d6:5c:a4:05:ef:ee:dc:
                    05:9b:a6:5e:d2:e1:c9:6c:87:09:30:9e:2b:0f:e2:
                    4b:fc:9f:18:15:62:3d:5f:bf:41:ec:3a:13:25:fb:
                    98:71:60:70:92:ff:e9:83:90:e8:47:8b:d3:78:74:
                    16:e7:66:a8:ac:0b:e4:2d:5d:99:77:78:1c:a3:d6:
                    f0:00:c8:84:94:96:b4:9d:43:2e:bb:33:c0:55:1e:
                    fb:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D7:3F:97:CD:D9:78:0F:E9:F0:10:D3:1E:95:F7:20:43:58:68:BF
            X509v3 Authority Key Identifier:
                keyid:DC:16:73:79:B5:91:E9:57:10:CF:7F:31:DE:2E:C7:3F:FB:FB:5A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BZzebWR6VcQz38x3i7HP_v7Wuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/S9c_l83ZeA_p8BDTHpX3IENYaL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/15abc3-c4e3-4ba9-82ae-5f620b38b908/1/3BZzebWR6VcQz38x3i7HP_v7Wuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.30.0/23
                IPv6:
                  2a13:abc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:3e:9a:e2:a1:72:5b:e5:a8:44:3e:a2:2d:95:f3:ea:4f:02:
         db:3e:26:bc:fa:ab:aa:3c:b3:25:dc:df:ba:cb:a2:41:ad:ec:
         ff:04:ef:1f:b0:ac:3e:26:da:06:8c:71:71:76:c9:c0:ff:54:
         a1:b2:4e:88:f6:0e:54:76:cf:97:f7:4a:69:47:4d:a1:7e:aa:
         9c:72:6b:5a:17:6f:b5:10:d5:43:85:5f:07:71:37:65:09:62:
         6d:ea:5b:33:04:5c:c3:5d:6b:48:08:4c:1e:04:01:d2:76:4e:
         81:96:30:5d:b1:c6:d3:45:86:b8:63:fd:aa:72:6e:f7:0b:3a:
         9b:a5:05:b4:da:1b:24:4e:97:92:db:73:a4:b2:c6:ac:94:e6:
         ed:20:42:5c:8a:52:7b:b5:2c:66:56:3d:d7:ab:fe:22:7d:96:
         e2:15:17:32:e9:d7:4a:6f:71:d5:47:1f:07:b9:cf:93:c4:19:
         b9:23:fc:40:ad:d8:eb:2c:2b:83:e1:f1:3a:e5:a5:8c:37:b7:
         d3:e6:98:f0:79:be:d8:f3:19:d6:b9:4a:49:12:7c:d8:50:c6:
         68:be:ed:51:5e:0c:dc:53:8f:b5:f3:6e:68:05:7b:b1:cd:37:
         24:e3:69:2d:41:4d:3e:91:54:27:ee:d2:db:1d:d9:13:44:0d:
         4f:17:c9:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbyZ6nul+5yQIeWGnAvemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTY3Mzc5YjU5MWU5NTcxMGNmN2YzMWRlMmVjNzNmZmJm
YjVhZTcwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ3M2Y5N2NkZDk3ODBmZTlmMDEwZDMxZTk1ZjcyMDQzNTg2OGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFWpJR88g1fjn6f3KqwEbfiRWJRh
loZV79vGpZVaFOcXf/J1/YmFs1cGCeeYBkllBt4Ywq2zF2i7Mm4UPoXm55LPlOBQ
7PY67GAQbOjQKc/sJMviv7wUgSm/Y4XXQMnxkVr+rXVNbWAvjAvB8NZ+xGZKhuWG
V0nSm/oXMUyFhICeS00vIKStq9vcPbyyH3JTGYru0L5oPIuH7AtuUhQORXXVgOcE
/1FvHr4HjNZcpAXv7twFm6Ze0uHJbIcJMJ4rD+JL/J8YFWI9X79B7DoTJfuYcWBw
kv/pg5DoR4vTeHQW52aorAvkLV2Zd3gco9bwAMiElJa0nUMuuzPAVR77TwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEvXP5fN2XgP6fAQ0x6V9yBDWGi/MB8GA1UdIwQY
MBaAFNwWc3m1kelXEM9/Md4uxz/7+1rnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JaemViV1I2VmNRejM4eDNpN0hQX3Y3V3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8xNWFiYzMtYzRlMy00YmE5LTgyYWUt
NWY2MjBiMzhiOTA4LzEvUzljX2w4M1plQV9wOEJEVEhwWDNJRU5ZYUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8xNWFiYzMtYzRlMy00YmE5LTgyYWUtNWY2MjBiMzhiOTA4
LzEvM0JaemViV1I2VmNRejM4eDNpN0hQX3Y3V3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBU9weMA0E
AgACMAcDBQMqE6vAMA0GCSqGSIb3DQEBCwUAA4IBAQATPprioXJb5ahEPqItlfPq
TwLbPia8+quqPLMl3N+6y6JBrez/BO8fsKw+JtoGjHFxdsnA/1Shsk6I9g5Uds+X
90ppR02hfqqccmtaF2+1ENVDhV8HcTdlCWJt6lszBFzDXWtICEweBAHSdk6BljBd
scbTRYa4Y/2qcm73CzqbpQW02hskTpeS23OkssaslObtIEJcilJ7tSxmVj3Xq/4i
fZbiFRcy6ddKb3HVRx8Huc+TxBm5I/xArdjrLCuD4fE65aWMN7fT5pjweb7Y8xnW
uUpJEnzYUMZovu1RXgzcU4+1825oBXuxzTck42ktQU0+kVQn7tLbHdkTRA1PF8l6
-----END CERTIFICATE-----