Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1D5kDOtrv2obuWxM844iWBsinR4.roa
File:                     1D5kDOtrv2obuWxM844iWBsinR4.roa (raw, json)
Hash identifier:          DoRJgHUeEDNiEK2I3p3Zc1ewmWMe9yI5h2hdTK45RSo=
Subject key identifier:   D4:3E:64:0C:EB:6B:BF:6A:1B:B9:6C:4C:F3:8E:22:58:1B:22:9D:1E
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA93F11F88127DDDEB142DCD3A5B61
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1D5kDOtrv2obuWxM844iWBsinR4.roa
Signing time:             Tue 02 Jan 2024 10:31:37 +0000
ROA not before:           Tue 02 Jan 2024 10:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        83.147.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:93:f1:1f:88:12:7d:dd:eb:14:2d:cd:3a:5b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d43e640ceb6bbf6a1bb96c4cf38e22581b229d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:db:fe:b4:6f:9a:61:fc:26:4d:9e:71:84:aa:
                    0d:6d:36:52:c7:f1:3d:50:41:1a:a6:39:5b:4f:c0:
                    4a:72:04:13:d7:0a:92:4a:6f:41:99:93:c3:9d:98:
                    14:c7:d4:23:58:7d:ae:72:00:30:7e:ac:23:6a:71:
                    da:87:99:56:1e:a5:87:60:35:06:34:0e:12:b7:27:
                    48:80:eb:b5:1a:75:49:df:d5:2b:28:50:35:96:90:
                    c9:d2:c6:54:61:74:3f:f6:29:43:37:66:48:06:0c:
                    ad:c8:c4:57:16:a4:62:27:56:d7:72:42:1c:e7:ee:
                    fa:e6:0d:c2:26:97:1a:7b:f2:e2:6b:ce:bc:2c:a6:
                    93:57:1f:c8:78:6b:ee:03:1b:87:e2:6e:ca:ef:ef:
                    7a:a5:cc:a1:43:34:18:cc:2b:a7:0e:1a:9b:06:94:
                    64:cb:c4:ee:c9:9e:cf:d0:eb:95:67:94:5d:24:f8:
                    1f:fd:84:87:f9:97:a7:0d:d6:b8:db:41:b1:7c:88:
                    d2:ea:da:27:6f:f9:2e:b5:a3:f8:61:8c:80:58:63:
                    9b:8e:1a:ea:dc:97:28:39:eb:08:a1:ba:44:48:6c:
                    84:8e:c5:47:32:31:fb:ce:61:20:00:9a:c5:b8:cd:
                    5b:94:51:66:96:90:19:67:bd:79:56:b0:d8:05:73:
                    b2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:3E:64:0C:EB:6B:BF:6A:1B:B9:6C:4C:F3:8E:22:58:1B:22:9D:1E
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1D5kDOtrv2obuWxM844iWBsinR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:a9:d1:19:83:49:14:fd:74:27:9d:03:8e:b1:5a:88:cc:12:
         41:cf:95:a6:05:33:c3:3f:b4:d8:aa:ae:d4:03:c8:f5:f0:0f:
         1c:a8:d7:7f:f5:58:ff:4d:ab:85:6f:1f:cf:39:d4:1d:c1:b2:
         b8:9f:7c:82:d2:f6:fb:e1:d6:4a:48:91:18:e1:9f:96:2a:4a:
         f4:5e:30:5a:5b:f2:a1:38:ea:90:2a:a0:97:75:e0:48:1a:4b:
         e5:b5:b8:65:bd:16:e8:88:bf:32:0b:3d:8f:01:54:c6:6d:20:
         b8:5b:9e:65:6e:6f:ac:87:a1:92:9c:92:03:09:4b:fb:7d:c4:
         ac:31:9d:30:96:f8:56:49:b3:0d:51:ba:e1:2b:48:02:9a:0b:
         e4:a8:66:3c:9a:ea:85:ef:2e:a8:56:38:fa:74:dd:77:e4:11:
         5c:a3:53:d6:3a:43:0d:a5:83:a8:33:4d:92:3a:50:5b:42:76:
         a0:ee:5a:d8:8b:42:6c:18:23:9e:51:70:b8:f1:4a:f6:b1:c8:
         9e:25:14:0d:79:28:1d:94:11:43:f2:12:72:a4:31:56:38:6f:
         08:a1:38:6e:f6:8d:34:66:72:68:75:45:08:68:c4:2b:b5:2d:
         1b:e1:10:60:29:df:76:cd:20:c5:ba:5c:95:13:b0:a7:e3:7f:
         28:dc:ac:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupPxH4gSfd3rFC3NOlthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDNlNjQwY2ViNmJiZjZhMWJiOTZjNGNmMzhlMjI1ODFiMjI5ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tv+tG+aYfwmTZ5xhKoNbTZSx/E9
UEEapjlbT8BKcgQT1wqSSm9BmZPDnZgUx9QjWH2ucgAwfqwjanHah5lWHqWHYDUG
NA4StydIgOu1GnVJ39UrKFA1lpDJ0sZUYXQ/9ilDN2ZIBgytyMRXFqRiJ1bXckIc
5+765g3CJpcae/Lia868LKaTVx/IeGvuAxuH4m7K7+96pcyhQzQYzCunDhqbBpRk
y8TuyZ7P0OuVZ5RdJPgf/YSH+ZenDda420GxfIjS6tonb/kutaP4YYyAWGObjhrq
3JcoOesIobpESGyEjsVHMjH7zmEgAJrFuM1blFFmlpAZZ715VrDYBXOyeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQ+ZAzra79qG7lsTPOOIlgbIp0eMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvMUQ1a0RPdHJ2Mm9idVd4TTg0NGlXQnNpblI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5P4MA0G
CSqGSIb3DQEBCwUAA4IBAQBYqdEZg0kU/XQnnQOOsVqIzBJBz5WmBTPDP7TYqq7U
A8j18A8cqNd/9Vj/TauFbx/POdQdwbK4n3yC0vb74dZKSJEY4Z+WKkr0XjBaW/Kh
OOqQKqCXdeBIGkvltbhlvRboiL8yCz2PAVTGbSC4W55lbm+sh6GSnJIDCUv7fcSs
MZ0wlvhWSbMNUbrhK0gCmgvkqGY8muqF7y6oVjj6dN135BFco1PWOkMNpYOoM02S
OlBbQnag7lrYi0JsGCOeUXC48Ur2scieJRQNeSgdlBFD8hJypDFWOG8IoThu9o00
ZnJodUUIaMQrtS0b4RBgKd92zSDFulyVE7Cn438o3Ky5
-----END CERTIFICATE-----