Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/iEPP6YEyDzqMiAxNLcrvVhwJAMQ.roa
File:                     iEPP6YEyDzqMiAxNLcrvVhwJAMQ.roa (raw, json)
Hash identifier:          zv89PrUB3OhJXpjzLqoX7b8mVtRu1J0hQZuBEKgMzVY=
Subject key identifier:   88:43:CF:E9:81:32:0F:3A:8C:88:0C:4D:2D:CA:EF:56:1C:09:00:C4
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018D8534F14780F6F2E824E9C1EA0E1A0F14
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/iEPP6YEyDzqMiAxNLcrvVhwJAMQ.roa
Signing time:             Wed 07 Feb 2024 20:14:15 +0000
ROA not before:           Wed 07 Feb 2024 20:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        83.147.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:85:34:f1:47:80:f6:f2:e8:24:e9:c1:ea:0e:1a:0f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Feb  7 20:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8843cfe981320f3a8c880c4d2dcaef561c0900c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4a:9f:71:d0:26:a4:73:f2:5c:75:1b:8d:b8:
                    b3:5d:73:11:7c:49:19:61:85:2e:61:9f:1e:7f:ce:
                    f5:87:f9:71:9b:92:69:fe:3b:9a:9d:38:c4:49:0e:
                    69:b4:da:a5:84:08:11:82:23:02:b4:e9:91:d8:d5:
                    d4:fe:6c:e2:0a:b5:33:67:0e:0b:9b:f6:16:e7:d5:
                    52:90:34:44:fb:92:58:e8:1f:5d:88:95:55:b8:43:
                    73:5f:7b:b5:c2:20:62:0d:31:40:ce:e1:b1:3b:8a:
                    43:15:94:45:62:44:46:30:26:97:e8:1d:2d:4b:f8:
                    9e:2e:5b:66:d3:eb:55:6b:5f:8f:04:c3:5c:5b:09:
                    ea:6b:9a:a6:6c:61:08:24:c4:67:77:ab:76:37:e7:
                    cd:3d:f4:ca:83:3c:28:67:d3:87:1e:37:20:8b:c8:
                    e5:37:75:ec:72:a6:79:be:06:f4:86:79:0f:c1:42:
                    ba:10:61:99:f4:64:98:4e:4e:a2:19:34:77:53:19:
                    4d:56:bf:ea:5c:e7:0e:d6:42:fd:73:fd:75:ac:57:
                    7b:bd:37:78:06:91:74:1e:62:96:89:6f:77:e1:70:
                    f5:50:50:8e:36:80:76:12:2c:6c:cd:9a:74:23:49:
                    db:02:92:78:bd:48:2a:1e:78:8d:91:8a:2d:d4:47:
                    c1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:43:CF:E9:81:32:0F:3A:8C:88:0C:4D:2D:CA:EF:56:1C:09:00:C4
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/iEPP6YEyDzqMiAxNLcrvVhwJAMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:e6:11:83:7d:98:41:75:26:74:a1:3c:0c:62:2f:88:b8:41:
         eb:4b:46:8e:b8:f1:1e:fc:1c:d5:7a:60:40:af:03:4b:24:52:
         c8:c5:f9:c3:63:70:92:87:e9:ee:15:2b:85:bb:5a:c4:1b:a0:
         7d:26:f4:aa:98:6e:e2:e9:c3:76:c3:f3:17:1a:63:aa:2f:9b:
         36:81:28:7f:84:fb:50:19:fb:7a:8b:8c:c1:1b:89:c9:6b:6c:
         05:dd:68:90:bc:be:ab:63:63:2c:d3:46:d5:f5:62:af:f0:8a:
         b0:f7:19:0b:71:53:3a:2e:5e:c2:f0:7f:18:1b:cc:1e:c0:2f:
         3b:a7:df:a9:7f:ed:e7:48:b1:57:08:8d:6c:6f:b8:40:a1:d7:
         81:db:de:7e:5a:cb:de:44:3d:5a:cb:de:01:3b:42:99:34:cc:
         aa:83:f6:c3:7e:3d:f7:ef:c0:27:de:5e:22:81:2c:c0:2a:44:
         49:ac:75:b2:f4:f0:88:1f:f2:22:15:6d:b5:48:59:98:f4:e0:
         1c:60:fc:69:a4:87:ba:a6:f2:33:d1:38:8d:02:18:63:d6:ec:
         55:cb:65:c7:db:4d:66:5c:49:6d:5a:8c:13:3c:e8:e3:bd:01:
         ea:38:0d:71:5d:e2:e5:26:46:22:10:15:b3:8f:53:49:7d:0f:
         25:7b:a0:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2FNPFHgPby6CTpweoOGg8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjA3MjAxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODQzY2ZlOTgxMzIwZjNhOGM4ODBjNGQyZGNhZWY1NjFjMDkwMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkqfcdAmpHPyXHUbjbizXXMRfEkZ
YYUuYZ8ef871h/lxm5Jp/juanTjESQ5ptNqlhAgRgiMCtOmR2NXU/mziCrUzZw4L
m/YW59VSkDRE+5JY6B9diJVVuENzX3u1wiBiDTFAzuGxO4pDFZRFYkRGMCaX6B0t
S/ieLltm0+tVa1+PBMNcWwnqa5qmbGEIJMRnd6t2N+fNPfTKgzwoZ9OHHjcgi8jl
N3XscqZ5vgb0hnkPwUK6EGGZ9GSYTk6iGTR3UxlNVr/qXOcO1kL9c/11rFd7vTd4
BpF0HmKWiW934XD1UFCONoB2EixszZp0I0nbApJ4vUgqHniNkYot1EfBmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhDz+mBMg86jIgMTS3K71YcCQDEMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvaUVQUDZZRXlEenFNaUF4TkxjcnZWaHdKQU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5P8MA0G
CSqGSIb3DQEBCwUAA4IBAQAQ5hGDfZhBdSZ0oTwMYi+IuEHrS0aOuPEe/BzVemBA
rwNLJFLIxfnDY3CSh+nuFSuFu1rEG6B9JvSqmG7i6cN2w/MXGmOqL5s2gSh/hPtQ
Gft6i4zBG4nJa2wF3WiQvL6rY2Ms00bV9WKv8Iqw9xkLcVM6Ll7C8H8YG8wewC87
p9+pf+3nSLFXCI1sb7hAodeB295+WsveRD1ay94BO0KZNMyqg/bDfj3378An3l4i
gSzAKkRJrHWy9PCIH/IiFW21SFmY9OAcYPxppIe6pvIz0TiNAhhj1uxVy2XH201m
XEltWowTPOjjvQHqOA1xXeLlJkYiEBWzj1NJfQ8le6Ce
-----END CERTIFICATE-----