Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/PhEGyYKmuFAoUARYyOVL7TVsl7A.roa
File:                     PhEGyYKmuFAoUARYyOVL7TVsl7A.roa (raw, json)
Hash identifier:          /bo+pJOHylrhpeZmgnXGk46FmFesyPn3aQp/aYNPYRw=
Subject key identifier:   3E:11:06:C9:82:A6:B8:50:28:50:04:58:C8:E5:4B:ED:35:6C:97:B0
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       018CC9BC97807FD828E7BA652027FAECB581
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/PhEGyYKmuFAoUARYyOVL7TVsl7A.roa
Signing time:             Tue 02 Jan 2024 10:33:49 +0000
ROA not before:           Tue 02 Jan 2024 10:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200088
IP address blocks:        83.168.112.0/24 maxlen: 24
                          83.168.113.0/24 maxlen: 24
                          83.168.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:97:80:7f:d8:28:e7:ba:65:20:27:fa:ec:b5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Jan  2 10:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e1106c982a6b85028500458c8e54bed356c97b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:03:06:4a:c5:d6:5e:b9:30:cd:00:c2:c4:aa:
                    43:b2:e0:75:32:85:e0:71:d8:46:90:de:22:86:85:
                    d6:15:21:3c:c3:32:22:2c:87:e9:66:d5:f5:4d:33:
                    be:cc:6e:98:c5:f0:1f:87:d0:5a:0b:81:b9:4a:6c:
                    11:cf:31:ea:1f:97:cc:80:29:78:48:58:14:68:06:
                    7b:0f:69:55:f3:6a:3d:70:5f:70:8e:ce:ab:e7:db:
                    fe:fe:e8:6d:c9:50:1f:2a:7e:55:db:a1:b3:3d:88:
                    4f:a4:74:81:e9:58:64:1b:f4:ad:f0:6a:60:8a:52:
                    75:cd:2d:0e:45:ec:5a:f8:e5:66:06:c4:87:e4:00:
                    66:94:40:c4:ac:7b:07:30:e7:34:49:9a:42:a6:ff:
                    58:c3:f1:93:88:0a:7f:9d:9e:9b:d5:35:6f:ba:4a:
                    a3:f5:ee:a9:64:b9:03:72:bb:33:d2:ff:c9:37:3a:
                    b2:15:04:03:bc:17:ae:7c:7c:d9:f1:90:62:2d:3d:
                    73:8b:98:49:54:78:9e:f8:7d:90:1a:ee:12:a8:07:
                    88:97:fb:e2:fd:2d:60:e8:b7:33:b9:5d:f7:76:5a:
                    04:40:ed:54:ef:14:4e:93:25:ea:4c:fe:ca:2c:7d:
                    e7:55:cb:9c:ca:92:cc:e0:d8:97:ef:38:02:23:dc:
                    a0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:11:06:C9:82:A6:B8:50:28:50:04:58:C8:E5:4B:ED:35:6C:97:B0
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/PhEGyYKmuFAoUARYyOVL7TVsl7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.112.0/23
                  83.168.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:43:78:af:d5:cb:31:fa:71:44:f3:4d:95:02:7a:0f:11:c7:
         60:b2:0e:47:09:f9:2e:f6:fc:cc:98:5f:65:a6:43:51:47:66:
         e3:b0:a0:f5:ef:8c:f8:1d:bb:da:e7:0a:fd:7f:c9:3a:ba:be:
         7b:07:e9:d6:15:93:d8:35:da:42:dd:f1:d2:14:2c:4b:95:6f:
         54:5a:b1:51:b5:63:48:05:7a:78:9d:15:11:ba:36:30:66:8f:
         b9:b4:9d:f3:a4:a8:78:80:3f:84:39:b8:7d:79:7c:36:a2:3a:
         54:9a:a7:b0:c9:c1:0a:07:50:86:9f:52:8a:53:dc:d4:75:96:
         9b:14:12:8e:07:7e:cc:b9:3f:6b:f2:7f:53:df:f5:c3:f2:fb:
         b4:d8:d6:24:ff:11:32:62:f2:19:41:83:a9:e6:00:70:98:21:
         54:14:07:4f:ad:20:8b:48:0f:02:cc:88:76:fb:81:85:30:06:
         71:b0:45:82:fc:71:79:3a:19:42:e9:eb:5d:a8:c9:44:5e:dc:
         a0:17:18:1f:1c:76:cc:15:8d:51:58:31:1a:8f:c6:02:e8:f2:
         d0:dc:51:09:8a:7e:d4:65:2a:eb:69:fd:43:9b:b0:7a:be:1e:
         9e:82:09:67:c0:f4:08:58:94:42:e5:4f:11:48:7a:43:39:fe:
         3a:42:a0:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvJeAf9go57plICf67LWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjQwMTAyMTAzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTExMDZjOTgyYTZiODUwMjg1MDA0NThjOGU1NGJlZDM1NmM5N2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAMGSsXWXrkwzQDCxKpDsuB1MoXg
cdhGkN4ihoXWFSE8wzIiLIfpZtX1TTO+zG6YxfAfh9BaC4G5SmwRzzHqH5fMgCl4
SFgUaAZ7D2lV82o9cF9wjs6r59v+/uhtyVAfKn5V26GzPYhPpHSB6VhkG/St8Gpg
ilJ1zS0ORexa+OVmBsSH5ABmlEDErHsHMOc0SZpCpv9Yw/GTiAp/nZ6b1TVvukqj
9e6pZLkDcrsz0v/JNzqyFQQDvBeufHzZ8ZBiLT1zi5hJVHie+H2QGu4SqAeIl/vi
/S1g6LczuV33dloEQO1U7xROkyXqTP7KLH3nVcucypLM4NiX7zgCI9ygOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD4RBsmCprhQKFAEWMjlS+01bJewMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvUGhFR3lZS211RkFvVUFSWXlPVkw3VFZzbDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBU6hwAwQA
U6h7MA0GCSqGSIb3DQEBCwUAA4IBAQAgQ3iv1csx+nFE802VAnoPEcdgsg5HCfku
9vzMmF9lpkNRR2bjsKD174z4Hbva5wr9f8k6ur57B+nWFZPYNdpC3fHSFCxLlW9U
WrFRtWNIBXp4nRURujYwZo+5tJ3zpKh4gD+EObh9eXw2ojpUmqewycEKB1CGn1KK
U9zUdZabFBKOB37MuT9r8n9T3/XD8vu02NYk/xEyYvIZQYOp5gBwmCFUFAdPrSCL
SA8CzIh2+4GFMAZxsEWC/HF5OhlC6etdqMlEXtygFxgfHHbMFY1RWDEaj8YC6PLQ
3FEJin7UZSrraf1Dm7B6vh6egglnwPQIWJRC5U8RSHpDOf46QqCI
-----END CERTIFICATE-----