Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7B4t3xKdAEsO0Oagglr9OxEV818.roa
File:                     7B4t3xKdAEsO0Oagglr9OxEV818.roa (raw, json)
Hash identifier:          Dr/Vnv6Ovz4rO3TqddbEYb/kqUauUf9dC1lf5zzFHuE=
Subject key identifier:   EC:1E:2D:DF:12:9D:00:4B:0E:D0:E6:A0:82:5A:FD:3B:11:15:F3:5F
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6B9B4CAE14FFF368CDAEEF61276A5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7B4t3xKdAEsO0Oagglr9OxEV818.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43043
IP address blocks:        83.137.154.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b9:b4:ca:e1:4f:ff:36:8c:da:ee:f6:12:76:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec1e2ddf129d004b0ed0e6a0825afd3b1115f35f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a5:89:83:8c:b2:82:fd:00:53:28:2d:65:10:
                    1e:e9:49:b3:ec:81:04:57:fe:e1:c3:bd:f8:2e:79:
                    70:8e:06:62:68:17:8f:96:30:dd:c2:05:c1:f0:31:
                    f0:10:ef:da:8a:5f:1a:53:7b:a3:59:56:d4:77:c6:
                    b0:6f:23:a2:31:7b:f6:cd:4c:40:a0:e8:8a:9a:3c:
                    7a:00:f6:3a:c6:22:22:e3:66:24:33:f8:6e:14:00:
                    06:23:8f:7a:d2:67:ce:93:b1:2f:d2:02:26:a2:ff:
                    61:0b:3b:da:15:ce:fc:9c:6b:f7:cf:50:aa:24:c4:
                    b4:f6:a2:dd:d5:34:ac:2b:24:5d:9d:de:b3:e8:cc:
                    f0:a8:ad:4a:3d:a6:bd:32:e1:ca:a9:8a:9d:19:06:
                    fc:94:a6:c1:31:f9:36:14:c5:04:36:e0:2f:6f:3a:
                    bd:93:a0:fb:16:3d:1a:68:ac:86:64:c4:d3:76:69:
                    a5:c9:9c:e3:19:9a:79:22:43:bf:58:eb:2a:d7:df:
                    bf:a2:ea:6d:56:ed:32:12:cb:23:99:97:75:4b:4b:
                    ad:df:3b:c0:97:84:1c:c3:df:78:e7:70:9e:c2:09:
                    95:25:ad:c4:82:67:1b:a2:7a:e0:45:11:ee:45:b8:
                    91:5c:00:86:12:27:a3:1d:98:f1:ab:d1:c8:82:d6:
                    26:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:1E:2D:DF:12:9D:00:4B:0E:D0:E6:A0:82:5A:FD:3B:11:15:F3:5F
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7B4t3xKdAEsO0Oagglr9OxEV818.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:ec:d6:92:db:f8:25:23:c3:44:4a:03:a5:10:58:01:ad:94:
         55:50:dd:2b:27:f4:94:d4:39:34:4f:d2:35:ce:1e:e5:1d:48:
         ff:74:3b:da:94:92:c2:b0:8f:44:2f:9b:8d:ca:3d:d0:b2:c7:
         fa:7d:bd:d1:93:ec:77:6f:81:53:c0:f5:1c:7c:62:75:d8:41:
         e4:93:31:8b:d0:4c:fb:49:2a:c4:be:81:b8:32:0c:f4:d1:34:
         c4:e4:2e:22:43:d5:ef:52:b7:12:cc:a5:3e:e8:1b:87:72:37:
         60:bc:3c:6c:b3:a7:7d:54:cc:2f:fa:00:6d:6e:ad:37:aa:b0:
         57:5e:c1:b4:87:9f:d0:ea:ec:b8:15:f2:f9:19:9f:84:b9:01:
         0a:5f:55:03:24:cc:4d:92:6f:a8:24:f9:70:5c:f4:03:72:4f:
         83:7d:21:d5:3b:14:32:e2:6a:f1:27:2d:67:12:ad:ab:33:43:
         8d:ae:b2:07:51:bc:cf:97:48:c1:fc:6f:e5:82:a6:69:58:2b:
         89:00:ec:e2:7d:66:f6:5f:2f:c9:9b:fe:2d:69:46:7c:ae:26:
         96:7c:d8:d4:2f:f6:5c:5d:87:75:76:c5:63:27:e5:7e:b5:12:
         24:7f:3c:4c:d3:0b:11:7a:c1:71:49:d6:df:03:6c:f6:ca:2e:
         52:37:c4:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrm0yuFP/zaM2u72EnalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzFlMmRkZjEyOWQwMDRiMGVkMGU2YTA4MjVhZmQzYjExMTVmMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaWJg4yygv0AUygtZRAe6Umz7IEE
V/7hw734LnlwjgZiaBePljDdwgXB8DHwEO/ail8aU3ujWVbUd8awbyOiMXv2zUxA
oOiKmjx6APY6xiIi42YkM/huFAAGI4960mfOk7Ev0gImov9hCzvaFc78nGv3z1Cq
JMS09qLd1TSsKyRdnd6z6MzwqK1KPaa9MuHKqYqdGQb8lKbBMfk2FMUENuAvbzq9
k6D7Fj0aaKyGZMTTdmmlyZzjGZp5IkO/WOsq19+/ouptVu0yEssjmZd1S0ut3zvA
l4Qcw99453CewgmVJa3EgmcbonrgRRHuRbiRXACGEiejHZjxq9HIgtYm6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOweLd8SnQBLDtDmoIJa/TsRFfNfMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN0I0dDN4S2RBRXNPME9hZ2dscjlPeEVWODE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU4maMA0G
CSqGSIb3DQEBCwUAA4IBAQBs7NaS2/glI8NESgOlEFgBrZRVUN0rJ/SU1Dk0T9I1
zh7lHUj/dDvalJLCsI9EL5uNyj3Qssf6fb3Rk+x3b4FTwPUcfGJ12EHkkzGL0Ez7
SSrEvoG4Mgz00TTE5C4iQ9XvUrcSzKU+6BuHcjdgvDxss6d9VMwv+gBtbq03qrBX
XsG0h5/Q6uy4FfL5GZ+EuQEKX1UDJMxNkm+oJPlwXPQDck+DfSHVOxQy4mrxJy1n
Eq2rM0ONrrIHUbzPl0jB/G/lgqZpWCuJAOzifWb2Xy/Jm/4taUZ8riaWfNjUL/Zc
XYd1dsVjJ+V+tRIkfzxM0wsResFxSdbfA2z2yi5SN8S4
-----END CERTIFICATE-----