Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/p80z00r5kgGrzIwAS38wYB4wubQ.roa
File:                     p80z00r5kgGrzIwAS38wYB4wubQ.roa (raw, json)
Hash identifier:          SVvtTP3b4s98YqeVzUifeJI7sdom1E7KtkV+ptWAkqE=
Subject key identifier:   A7:CD:33:D3:4A:F9:92:01:AB:CC:8C:00:4B:7F:30:60:1E:30:B9:B4
Certificate issuer:       /CN=7e5555f1a2cee89b7134656086f054d796353c1e
Certificate serial:       018CC5000D9E62AF110545C7EF99E8E9EF9B
Authority key identifier: 7E:55:55:F1:A2:CE:E8:9B:71:34:65:60:86:F0:54:D7:96:35:3C:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flVV8aLO6JtxNGVghvBU15Y1PB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/p80z00r5kgGrzIwAS38wYB4wubQ.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12213
IP address blocks:        193.93.84.0/22 maxlen: 22
                          83.142.64.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/flVV8aLO6JtxNGVghvBU15Y1PB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/flVV8aLO6JtxNGVghvBU15Y1PB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flVV8aLO6JtxNGVghvBU15Y1PB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0d:9e:62:af:11:05:45:c7:ef:99:e8:e9:ef:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e5555f1a2cee89b7134656086f054d796353c1e
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7cd33d34af99201abcc8c004b7f30601e30b9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e6:c9:30:76:35:ba:05:6e:f3:1c:51:0d:12:
                    bb:f1:ee:5c:cd:89:85:73:11:64:b1:16:23:03:f0:
                    85:79:f4:86:3a:68:7a:39:43:e8:e9:dd:a5:2e:ab:
                    f4:0e:2d:29:85:12:3f:0e:11:d3:5a:84:36:1b:83:
                    65:8e:ae:ea:9f:a3:fa:7d:8b:52:f7:14:5c:e8:b0:
                    00:f0:e0:63:dd:17:40:6d:04:48:cc:53:ba:d4:68:
                    23:a2:59:b1:b6:c4:2f:80:99:a8:0f:84:1e:06:33:
                    db:ad:5f:53:45:bf:66:b3:07:3c:ce:7e:26:07:45:
                    37:14:33:86:4f:75:41:3d:03:61:db:96:ea:7f:28:
                    aa:27:91:67:4d:68:07:1f:8d:52:4c:23:c7:54:0d:
                    a2:31:05:05:76:51:e3:2c:61:7c:cf:36:ad:83:dc:
                    4f:d4:31:3c:24:5c:86:e0:25:e4:4c:c1:b8:ef:3b:
                    c9:e0:03:1b:77:d0:ab:dc:d1:3f:08:41:cd:53:15:
                    3b:5f:a1:af:b5:bb:2e:f7:a6:0c:b0:2d:45:d3:09:
                    cc:b2:01:dc:b3:82:f8:b3:d1:26:a6:b6:36:0b:b9:
                    cc:a5:e0:65:3a:22:f2:bd:0b:42:ba:f7:dc:1d:a2:
                    6a:d5:0a:7a:ae:24:4a:f7:56:58:3f:3a:25:a6:6a:
                    f7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:CD:33:D3:4A:F9:92:01:AB:CC:8C:00:4B:7F:30:60:1E:30:B9:B4
            X509v3 Authority Key Identifier:
                keyid:7E:55:55:F1:A2:CE:E8:9B:71:34:65:60:86:F0:54:D7:96:35:3C:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flVV8aLO6JtxNGVghvBU15Y1PB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/p80z00r5kgGrzIwAS38wYB4wubQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/05a1ca-33c5-4aef-9c9a-f50fd99373ec/1/flVV8aLO6JtxNGVghvBU15Y1PB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.142.64.0/21
                  193.93.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:bb:9c:b5:8c:66:57:cd:77:65:63:8d:7f:f3:15:07:34:54:
         e9:8e:56:49:ba:41:c2:3b:b3:f6:a9:13:5b:7e:a7:4f:c0:8b:
         30:fa:cf:08:ea:35:d0:c1:68:81:42:cf:67:cd:7c:44:b9:81:
         0c:b0:09:38:9c:3d:13:08:0a:b9:21:c5:21:c5:d1:d0:98:1d:
         9f:05:f1:28:78:20:90:67:df:2e:68:93:fb:b6:10:f7:f7:bf:
         30:30:99:99:11:3b:3c:3b:f5:eb:d0:ae:48:88:a8:3d:db:31:
         b8:18:c6:8b:79:9d:64:ea:71:55:91:e0:f6:d7:52:1c:af:f4:
         60:4b:96:7d:8f:c9:9c:8e:65:4b:72:7d:f8:89:e1:9e:24:85:
         62:62:94:77:2b:0b:6e:5c:cf:5a:33:d3:5d:19:7c:05:36:19:
         15:64:a9:91:00:37:9e:8a:76:26:bd:58:b5:41:9f:1f:c4:df:
         b2:63:b2:d7:8e:46:6d:1c:06:65:05:a6:79:91:34:aa:7b:f6:
         cf:05:70:5d:6e:39:df:ff:72:25:0d:5f:cc:ab:97:e4:78:c9:
         12:c5:ac:d6:78:1d:6b:05:8f:74:69:c6:16:46:dc:ff:64:e0:
         ca:67:ed:7b:cd:7d:23:aa:3d:be:7a:e1:71:1c:5e:09:03:7f:
         f6:02:3b:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAA2eYq8RBUXH75no6e+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNTU1NWYxYTJjZWU4OWI3MTM0NjU2MDg2ZjA1NGQ3OTYz
NTNjMWUwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2NkMzNkMzRhZjk5MjAxYWJjYzhjMDA0YjdmMzA2MDFlMzBiOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+bJMHY1ugVu8xxRDRK78e5czYmF
cxFksRYjA/CFefSGOmh6OUPo6d2lLqv0Di0phRI/DhHTWoQ2G4Nljq7qn6P6fYtS
9xRc6LAA8OBj3RdAbQRIzFO61GgjolmxtsQvgJmoD4QeBjPbrV9TRb9mswc8zn4m
B0U3FDOGT3VBPQNh25bqfyiqJ5FnTWgHH41STCPHVA2iMQUFdlHjLGF8zzatg9xP
1DE8JFyG4CXkTMG47zvJ4AMbd9Cr3NE/CEHNUxU7X6Gvtbsu96YMsC1F0wnMsgHc
s4L4s9EmprY2C7nMpeBlOiLyvQtCuvfcHaJq1Qp6riRK91ZYPzolpmr3VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKfNM9NK+ZIBq8yMAEt/MGAeMLm0MB8GA1UdIwQY
MBaAFH5VVfGizuibcTRlYIbwVNeWNTweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmxWVjhhTE82SnR4TkdWZ2h2QlUxNVkxUEI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wNWExY2EtMzNjNS00YWVmLTljOWEt
ZjUwZmQ5OTM3M2VjLzEvcDgwejAwcjVrZ0dyekl3QVMzOHdZQjR3dWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wNWExY2EtMzNjNS00YWVmLTljOWEtZjUwZmQ5OTM3M2Vj
LzEvZmxWVjhhTE82SnR4TkdWZ2h2QlUxNVkxUEI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDU45AAwQC
wV1UMA0GCSqGSIb3DQEBCwUAA4IBAQCLu5y1jGZXzXdlY41/8xUHNFTpjlZJukHC
O7P2qRNbfqdPwIsw+s8I6jXQwWiBQs9nzXxEuYEMsAk4nD0TCAq5IcUhxdHQmB2f
BfEoeCCQZ98uaJP7thD3978wMJmZETs8O/Xr0K5IiKg92zG4GMaLeZ1k6nFVkeD2
11Icr/RgS5Z9j8mcjmVLcn34ieGeJIViYpR3KwtuXM9aM9NdGXwFNhkVZKmRADee
inYmvVi1QZ8fxN+yY7LXjkZtHAZlBaZ5kTSqe/bPBXBdbjnf/3IlDV/Mq5fkeMkS
xazWeB1rBY90acYWRtz/ZODKZ+17zX0jqj2+euFxHF4JA3/2AjvY
-----END CERTIFICATE-----