Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/__pvKJQOQQW6FR7INc7Qcd9efxA.roa
File:                     __pvKJQOQQW6FR7INc7Qcd9efxA.roa (raw, json)
Hash identifier:          Txa4x52Dl4WEpJC1an3mSWtEgEJJX0FGiJ+04HmSVnc=
Subject key identifier:   FF:FA:6F:28:94:0E:41:05:BA:15:1E:C8:35:CE:D0:71:DF:5E:7F:10
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       0190F2F07BF3B079AB6FD02D2593A2AB1510
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/__pvKJQOQQW6FR7INc7Qcd9efxA.roa
Signing time:             Sat 27 Jul 2024 06:46:05 +0000
ROA not before:           Sat 27 Jul 2024 06:46:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        83.147.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f2:f0:7b:f3:b0:79:ab:6f:d0:2d:25:93:a2:ab:15:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jul 27 06:46:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fffa6f28940e4105ba151ec835ced071df5e7f10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:85:9f:72:b1:93:c0:16:6b:a6:0e:bb:af:75:
                    d1:de:48:22:3c:2e:ad:ab:2f:7d:e3:c4:65:92:69:
                    ac:39:01:96:08:03:da:bc:f0:b3:18:1c:f2:e6:6e:
                    4a:4b:92:ce:a0:03:14:a3:70:38:fd:a0:74:25:9e:
                    bb:6b:2f:8d:9c:42:27:50:1f:76:a6:8d:72:1f:16:
                    cf:2c:8d:cf:1a:f1:ab:57:ad:0e:8c:40:16:1c:94:
                    5c:b5:6f:f3:00:06:3f:b8:2a:a7:a7:33:82:38:1f:
                    c2:a2:60:65:66:f5:08:c7:5f:40:45:99:e6:3e:93:
                    b4:f9:f7:11:f3:93:9f:b5:06:ee:80:c8:ca:80:25:
                    bf:53:1b:f1:84:d6:d4:68:fa:d6:c2:f1:46:2f:2e:
                    89:f6:96:ad:55:f5:72:02:23:47:de:58:1c:9b:8e:
                    74:c6:c8:61:34:85:e1:ad:8c:a3:dc:a2:0b:b6:7d:
                    bc:fa:39:7f:71:a0:d8:a8:62:1f:1c:7c:e1:b7:a6:
                    a0:d8:8d:af:9a:e4:13:ee:31:b9:e6:b0:d4:34:a3:
                    e0:ac:f1:6a:55:cd:6a:35:cd:5c:9e:c5:20:38:52:
                    7a:2d:f1:a5:8f:e3:e7:19:c5:4c:a1:4f:63:df:19:
                    c4:98:38:86:f1:4a:81:d0:bf:a7:a7:d5:6c:b4:0e:
                    94:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:FA:6F:28:94:0E:41:05:BA:15:1E:C8:35:CE:D0:71:DF:5E:7F:10
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/__pvKJQOQQW6FR7INc7Qcd9efxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:93:ea:4f:a9:45:0a:74:82:77:82:fe:53:59:d1:cf:48:91:
         82:88:a8:56:78:2f:4b:6a:d1:58:9f:e8:78:52:0f:d3:53:00:
         a6:7c:f2:13:f8:ac:56:a2:a7:aa:36:44:0b:44:88:56:b4:62:
         26:8a:cb:a9:4b:36:6d:f2:85:86:3b:d5:1f:0b:ce:b3:be:4c:
         a5:a3:fa:2d:81:5b:ba:31:11:22:43:a3:97:f0:87:ea:1d:20:
         a1:29:d1:1a:50:d4:e6:8a:0f:36:1b:68:fb:9e:54:0e:6a:36:
         e4:7c:32:e1:70:83:25:64:48:97:8e:a1:b2:18:70:f3:77:9a:
         02:88:3a:06:f3:92:9b:77:d0:54:b2:45:61:c2:4c:fd:d4:72:
         26:58:e5:b6:3e:92:cd:5d:99:c0:c2:a0:3c:07:97:0a:dc:c9:
         62:0d:c5:c3:5c:b1:0c:1d:77:65:aa:ab:fb:d9:0a:40:d5:66:
         05:e9:5e:05:bf:82:a4:ec:1d:fb:47:0c:d6:9c:b8:70:2f:8a:
         ab:7c:d9:83:ad:68:83:57:9a:7b:4c:1b:5a:7c:ec:68:41:ab:
         58:67:43:ed:42:c3:d1:6c:5f:26:05:b5:15:9f:c3:80:ac:da:
         78:8e:15:9d:00:74:67:89:73:44:29:eb:a8:e9:01:cd:bc:38:
         3b:98:7e:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDy8HvzsHmrb9AtJZOiqxUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNzI3MDY0NjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmZhNmYyODk0MGU0MTA1YmExNTFlYzgzNWNlZDA3MWRmNWU3ZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoWfcrGTwBZrpg67r3XR3kgiPC6t
qy9948RlkmmsOQGWCAPavPCzGBzy5m5KS5LOoAMUo3A4/aB0JZ67ay+NnEInUB92
po1yHxbPLI3PGvGrV60OjEAWHJRctW/zAAY/uCqnpzOCOB/ComBlZvUIx19ARZnm
PpO0+fcR85OftQbugMjKgCW/UxvxhNbUaPrWwvFGLy6J9patVfVyAiNH3lgcm450
xshhNIXhrYyj3KILtn28+jl/caDYqGIfHHzht6ag2I2vmuQT7jG55rDUNKPgrPFq
Vc1qNc1cnsUgOFJ6LfGlj+PnGcVMoU9j3xnEmDiG8UqB0L+np9VstA6UYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/6byiUDkEFuhUeyDXO0HHfXn8QMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvX19wdktKUU9RUVc2RlI3SU5jN1FjZDllZnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PYMA0G
CSqGSIb3DQEBCwUAA4IBAQCZk+pPqUUKdIJ3gv5TWdHPSJGCiKhWeC9LatFYn+h4
Ug/TUwCmfPIT+KxWoqeqNkQLRIhWtGImisupSzZt8oWGO9UfC86zvkylo/otgVu6
MREiQ6OX8IfqHSChKdEaUNTmig82G2j7nlQOajbkfDLhcIMlZEiXjqGyGHDzd5oC
iDoG85Kbd9BUskVhwkz91HImWOW2PpLNXZnAwqA8B5cK3MliDcXDXLEMHXdlqqv7
2QpA1WYF6V4Fv4Kk7B37RwzWnLhwL4qrfNmDrWiDV5p7TBtafOxoQatYZ0PtQsPR
bF8mBbUVn8OArNp4jhWdAHRniXNEKeuo6QHNvDg7mH5a
-----END CERTIFICATE-----