Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/v17ddVt7a6cgiu-WYx4z58FWkts.roa
File:                     v17ddVt7a6cgiu-WYx4z58FWkts.roa (raw, json)
Hash identifier:          vLqIaFMHwiGlTMbk1mNNtIxctw1K3Zdv8KgYodnJW4A=
Subject key identifier:   BF:5E:DD:75:5B:7B:6B:A7:20:8A:EF:96:63:1E:33:E7:C1:56:92:DB
Certificate issuer:       /CN=ac4f3157599b66f28cbc5a2eed36fba23f03d2ce
Certificate serial:       018CC8DF09F63721D64594882E6DEA148241
Authority key identifier: AC:4F:31:57:59:9B:66:F2:8C:BC:5A:2E:ED:36:FB:A2:3F:03:D2:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rE8xV1mbZvKMvFou7Tb7oj8D0s4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/v17ddVt7a6cgiu-WYx4z58FWkts.roa
Signing time:             Tue 02 Jan 2024 06:31:49 +0000
ROA not before:           Tue 02 Jan 2024 06:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41848
IP address blocks:        83.137.8.0/21 maxlen: 21
                          2a02:ea8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/rE8xV1mbZvKMvFou7Tb7oj8D0s4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/rE8xV1mbZvKMvFou7Tb7oj8D0s4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rE8xV1mbZvKMvFou7Tb7oj8D0s4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:09:f6:37:21:d6:45:94:88:2e:6d:ea:14:82:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac4f3157599b66f28cbc5a2eed36fba23f03d2ce
        Validity
            Not Before: Jan  2 06:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf5edd755b7b6ba7208aef96631e33e7c15692db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:67:39:3d:0b:24:93:ed:83:5d:bf:4b:6d:4e:
                    be:80:79:14:a3:34:1b:73:ff:1a:c9:7b:00:4c:d5:
                    51:ea:ca:73:71:45:a2:ad:fc:ed:49:66:7c:9f:33:
                    7d:2c:ea:51:4a:0b:f5:52:30:00:f7:e9:69:ad:50:
                    66:f4:3b:5a:5a:18:28:a6:a9:83:f9:f7:c8:ac:44:
                    e4:9c:c5:37:bc:b0:44:93:bd:4e:fe:c9:ed:61:4a:
                    6f:7d:43:d9:6d:83:cd:cb:e1:30:83:9a:3e:d7:c7:
                    e5:d6:33:66:01:ca:09:71:1c:d8:81:f8:5f:0e:fa:
                    70:ae:9f:29:42:2a:9d:fc:e2:f7:a4:64:2a:8d:60:
                    1f:60:f3:fb:8b:3a:6f:ce:9c:4d:b8:f0:96:35:c9:
                    8e:4b:d7:c0:4b:97:c4:88:83:09:d7:14:5b:c4:50:
                    86:b1:47:4f:06:70:89:01:ca:4a:bd:29:0b:e3:09:
                    1c:b9:0f:46:8a:8a:0e:b1:47:e8:74:61:0d:19:76:
                    ff:13:ad:f1:e7:7a:31:1a:1e:84:84:1b:71:2d:57:
                    fa:2c:56:a5:08:2f:d5:d5:99:03:43:6a:39:e8:df:
                    70:38:a2:62:10:50:f4:3f:95:11:ed:b5:78:49:5f:
                    9d:e9:05:20:5a:cd:eb:44:47:d5:c5:1e:5c:22:73:
                    3c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:5E:DD:75:5B:7B:6B:A7:20:8A:EF:96:63:1E:33:E7:C1:56:92:DB
            X509v3 Authority Key Identifier:
                keyid:AC:4F:31:57:59:9B:66:F2:8C:BC:5A:2E:ED:36:FB:A2:3F:03:D2:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rE8xV1mbZvKMvFou7Tb7oj8D0s4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/v17ddVt7a6cgiu-WYx4z58FWkts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/rE8xV1mbZvKMvFou7Tb7oj8D0s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.8.0/21
                IPv6:
                  2a02:ea8::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:06:16:00:f5:03:7b:80:7e:6d:f8:a2:b1:fd:76:06:72:e2:
         9f:8e:b4:36:e1:2d:73:32:c4:1e:9d:07:87:62:e9:69:e4:8a:
         00:ce:7c:f6:2b:3c:db:ac:bd:0b:83:f6:dd:38:e0:ab:0d:8c:
         87:b9:ba:d2:8e:ee:01:3d:04:43:73:72:c8:7f:5d:19:69:ba:
         c5:d5:06:5c:f7:9d:1c:5e:46:a1:2f:47:b8:ad:d5:f3:f2:bd:
         65:76:1f:d1:b2:dd:cf:aa:92:e9:82:16:ba:76:f6:38:6d:94:
         6a:3f:b2:8f:d9:65:c3:61:66:33:57:d8:79:81:b5:4b:ad:c4:
         56:79:71:3f:cf:01:0e:ae:48:35:f3:46:8b:ac:ad:d6:6b:e6:
         57:e9:96:f7:e9:ac:f8:bb:f4:db:80:d4:ee:45:e3:9a:0a:8f:
         c4:4f:64:68:84:3b:01:e2:d8:13:64:d4:fe:85:7f:58:93:34:
         f1:7e:51:f3:ff:f8:d7:76:d1:ba:9b:ee:1b:69:36:a9:60:a4:
         8b:72:d1:de:32:1f:2c:c0:f7:2d:dd:03:30:d8:cf:c7:de:c3:
         eb:4b:c6:3b:c2:58:79:6d:22:a4:22:97:b6:dd:33:a9:35:a4:
         a0:17:46:29:99:23:f1:ff:9a:89:28:c5:01:4c:aa:87:32:32:
         87:aa:5f:63
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3wn2NyHWRZSILm3qFIJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNGYzMTU3NTk5YjY2ZjI4Y2JjNWEyZWVkMzZmYmEyM2Yw
M2QyY2UwHhcNMjQwMTAyMDYzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjVlZGQ3NTViN2I2YmE3MjA4YWVmOTY2MzFlMzNlN2MxNTY5MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2c5PQskk+2DXb9LbU6+gHkUozQb
c/8ayXsATNVR6spzcUWirfztSWZ8nzN9LOpRSgv1UjAA9+lprVBm9DtaWhgopqmD
+ffIrETknMU3vLBEk71O/sntYUpvfUPZbYPNy+Ewg5o+18fl1jNmAcoJcRzYgfhf
Dvpwrp8pQiqd/OL3pGQqjWAfYPP7izpvzpxNuPCWNcmOS9fAS5fEiIMJ1xRbxFCG
sUdPBnCJAcpKvSkL4wkcuQ9GiooOsUfodGENGXb/E63x53oxGh6EhBtxLVf6LFal
CC/V1ZkDQ2o56N9wOKJiEFD0P5UR7bV4SV+d6QUgWs3rREfVxR5cInM86QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL9e3XVbe2unIIrvlmMeM+fBVpLbMB8GA1UdIwQY
MBaAFKxPMVdZm2byjLxaLu02+6I/A9LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckU4eFYxbWJadktNdkZvdTdUYjdvajhEMHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8xMTQ4OGQtYzY2YS00MDA2LThmNjIt
MjUwOTgwZTc1YmRmLzEvdjE3ZGRWdDdhNmNnaXUtV1l4NHo1OEZXa3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8xMTQ4OGQtYzY2YS00MDA2LThmNjItMjUwOTgwZTc1YmRm
LzEvckU4eFYxbWJadktNdkZvdTdUYjdvajhEMHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4kIMA0E
AgACMAcDBQAqAg6oMA0GCSqGSIb3DQEBCwUAA4IBAQCkBhYA9QN7gH5t+KKx/XYG
cuKfjrQ24S1zMsQenQeHYulp5IoAznz2KzzbrL0Lg/bdOOCrDYyHubrSju4BPQRD
c3LIf10ZabrF1QZc950cXkahL0e4rdXz8r1ldh/Rst3PqpLpgha6dvY4bZRqP7KP
2WXDYWYzV9h5gbVLrcRWeXE/zwEOrkg180aLrK3Wa+ZX6Zb36az4u/TbgNTuReOa
Co/ET2RohDsB4tgTZNT+hX9YkzTxflHz//jXdtG6m+4baTapYKSLctHeMh8swPct
3QMw2M/H3sPrS8Y7wlh5bSKkIpe23TOpNaSgF0YpmSPx/5qJKMUBTKqHMjKHql9j
-----END CERTIFICATE-----