Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/TMOIz3dYs2s22uzvNy56L0Qb70g.roa
File:                     TMOIz3dYs2s22uzvNy56L0Qb70g.roa (raw, json)
Hash identifier:          nK7O4SU+HDHi4VS3ejbfkDOfJbuI8+Www1HRoj+t1bc=
Subject key identifier:   4C:C3:88:CF:77:58:B3:6B:36:DA:EC:EF:37:2E:7A:2F:44:1B:EF:48
Certificate issuer:       /CN=0d7901c430ae39fcb05beb5b34267f5224f04f61
Certificate serial:       018CCA9900BC10714B7E2BFA7A18CB910EC0
Authority key identifier: 0D:79:01:C4:30:AE:39:FC:B0:5B:EB:5B:34:26:7F:52:24:F0:4F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/TMOIz3dYs2s22uzvNy56L0Qb70g.roa
Signing time:             Tue 02 Jan 2024 14:34:34 +0000
ROA not before:           Tue 02 Jan 2024 14:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207398
IP address blocks:        185.16.83.0/24 maxlen: 24
                          2a10:3500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:00:bc:10:71:4b:7e:2b:fa:7a:18:cb:91:0e:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7901c430ae39fcb05beb5b34267f5224f04f61
        Validity
            Not Before: Jan  2 14:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc388cf7758b36b36daecef372e7a2f441bef48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:47:cb:74:6b:af:a1:24:c0:aa:0a:0d:f3:54:
                    a2:b2:81:0f:fc:b6:f1:ee:f8:d3:55:88:64:f5:97:
                    c3:6b:00:6a:a6:52:15:18:04:f0:5e:06:c4:bd:14:
                    75:7d:c4:25:3e:54:42:f0:e1:f8:08:4a:c4:0a:1a:
                    a0:98:a1:df:bd:60:84:b9:60:aa:ad:09:e4:10:a8:
                    4d:ad:2f:d8:9a:62:0a:7c:b5:46:a4:72:11:5d:c5:
                    d9:29:14:a6:0d:1e:0d:5a:69:b5:23:13:d1:c2:0a:
                    d5:a5:3a:37:75:37:99:3f:a9:80:48:9b:2e:15:53:
                    2c:e4:55:7e:ab:a0:1d:2a:2f:cd:b9:96:f5:7c:fe:
                    91:12:80:26:e6:3a:a6:d9:dc:20:0f:59:a5:5e:ed:
                    d2:57:c1:f4:fc:8e:11:2d:9f:7e:8c:f4:10:51:82:
                    b9:32:4d:6e:ce:5f:2c:e4:fd:a4:3d:2c:bf:b9:b0:
                    21:29:79:ca:4e:aa:52:f9:74:2b:a3:09:99:1a:93:
                    5f:35:cf:14:19:9b:dd:61:59:5a:a3:b8:8e:98:db:
                    53:0f:6e:d8:44:3f:19:c9:c8:98:c5:a4:c5:6b:bc:
                    00:a2:19:89:6b:73:93:1a:ba:8c:4a:43:f8:29:90:
                    bf:ee:b4:21:17:4b:c7:f9:af:43:c5:c3:6d:2c:e5:
                    20:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C3:88:CF:77:58:B3:6B:36:DA:EC:EF:37:2E:7A:2F:44:1B:EF:48
            X509v3 Authority Key Identifier:
                keyid:0D:79:01:C4:30:AE:39:FC:B0:5B:EB:5B:34:26:7F:52:24:F0:4F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/TMOIz3dYs2s22uzvNy56L0Qb70g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.83.0/24
                IPv6:
                  2a10:3500::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:49:2f:c3:42:8e:69:5a:14:a7:d1:e5:f6:69:9a:66:5c:7e:
         9e:f7:fb:bd:cc:d4:94:ca:32:ae:47:13:ef:e6:f4:42:7a:30:
         c3:d3:4a:2d:9d:df:94:01:6d:62:1d:49:fa:a5:5a:51:90:21:
         8b:1d:8d:02:06:ed:b2:5a:cf:c0:e3:35:3c:13:ce:ec:f0:45:
         fa:fc:2a:db:ad:59:bc:5c:b0:20:69:04:81:c9:92:06:9f:d9:
         3d:2c:9b:93:89:53:6c:1e:55:db:4b:e8:9a:be:60:7e:f2:a5:
         60:bb:40:05:f0:66:8b:2e:0e:70:78:f1:22:9c:10:fd:ca:ea:
         b9:34:8b:ed:e3:be:c0:dc:ab:fb:d9:73:35:eb:50:68:95:5e:
         78:38:cb:16:cb:fd:5e:6e:87:d7:d5:1f:c3:d8:f7:62:0a:dd:
         1f:98:02:b4:f8:29:ec:8a:f6:12:73:e6:7c:9e:ff:b1:5c:5a:
         ab:4a:c1:53:95:cd:25:99:8f:11:03:fc:e9:a8:aa:60:f9:5e:
         47:55:fe:79:0a:39:0c:8a:62:79:51:4e:89:de:67:3c:57:3f:
         3c:9c:e8:1e:a5:93:77:26:4a:40:1f:c6:94:cc:7b:3b:93:8b:
         ef:02:a8:ac:c9:99:e2:0b:cf:20:41:50:a8:11:85:2e:b7:a5:
         a4:88:66:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmQC8EHFLfiv6ehjLkQ7AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzkwMWM0MzBhZTM5ZmNiMDViZWI1YjM0MjY3ZjUyMjRm
MDRmNjEwHhcNMjQwMTAyMTQzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2MzODhjZjc3NThiMzZiMzZkYWVjZWYzNzJlN2EyZjQ0MWJlZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskfLdGuvoSTAqgoN81SisoEP/Lbx
7vjTVYhk9ZfDawBqplIVGATwXgbEvRR1fcQlPlRC8OH4CErEChqgmKHfvWCEuWCq
rQnkEKhNrS/YmmIKfLVGpHIRXcXZKRSmDR4NWmm1IxPRwgrVpTo3dTeZP6mASJsu
FVMs5FV+q6AdKi/NuZb1fP6REoAm5jqm2dwgD1mlXu3SV8H0/I4RLZ9+jPQQUYK5
Mk1uzl8s5P2kPSy/ubAhKXnKTqpS+XQrowmZGpNfNc8UGZvdYVlao7iOmNtTD27Y
RD8ZyciYxaTFa7wAohmJa3OTGrqMSkP4KZC/7rQhF0vH+a9DxcNtLOUgMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEzDiM93WLNrNtrs7zcuei9EG+9IMB8GA1UdIwQY
MBaAFA15AcQwrjn8sFvrWzQmf1Ik8E9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhrQnhEQ3VPZnl3Vy10Yk5DWl9VaVR3VDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS82NDU2ZGUtNzQwYi00MzRkLWI3NjUt
MTcxZDlmMmNjZTNkLzEvVE1PSXozZFlzMnMyMnV6dk55NTZMMFFiNzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS82NDU2ZGUtNzQwYi00MzRkLWI3NjUtMTcxZDlmMmNjZTNk
LzEvRFhrQnhEQ3VPZnl3Vy10Yk5DWl9VaVR3VDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRBTMA0E
AgACMAcDBQAqEDUAMA0GCSqGSIb3DQEBCwUAA4IBAQCLSS/DQo5pWhSn0eX2aZpm
XH6e9/u9zNSUyjKuRxPv5vRCejDD00otnd+UAW1iHUn6pVpRkCGLHY0CBu2yWs/A
4zU8E87s8EX6/CrbrVm8XLAgaQSByZIGn9k9LJuTiVNsHlXbS+iavmB+8qVgu0AF
8GaLLg5wePEinBD9yuq5NIvt477A3Kv72XM161BolV54OMsWy/1ebofX1R/D2Pdi
Ct0fmAK0+CnsivYSc+Z8nv+xXFqrSsFTlc0lmY8RA/zpqKpg+V5HVf55CjkMimJ5
UU6J3mc8Vz88nOgepZN3JkpAH8aUzHs7k4vvAqisyZniC88gQVCoEYUut6WkiGa5
-----END CERTIFICATE-----