Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/07agGmgPPrm5JDES_azj4nluqaM.roa
File:                     07agGmgPPrm5JDES_azj4nluqaM.roa (raw, json)
Hash identifier:          aCigQiZJVTk+uHrbSRonZSVu1+AGgp6/faKGwKI9cAE=
Subject key identifier:   D3:B6:A0:1A:68:0F:3E:B9:B9:24:31:12:FD:AC:E3:E2:79:6E:A9:A3
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB2C130DE8EC217EAB00AD79C2D6D
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/07agGmgPPrm5JDES_azj4nluqaM.roa
Signing time:             Tue 02 Jan 2024 08:29:24 +0000
ROA not before:           Tue 02 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        83.147.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b2:c1:30:de:8e:c2:17:ea:b0:0a:d7:9c:2d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3b6a01a680f3eb9b9243112fdace3e2796ea9a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c9:7f:94:7a:d4:c0:89:72:fc:0a:05:63:d3:
                    98:e3:76:2a:cc:c7:17:17:1d:66:ba:eb:3f:86:96:
                    38:f5:8b:bb:70:73:99:8a:85:fd:c6:38:9b:af:8a:
                    3c:a5:fa:b9:fe:2f:f0:b1:d4:bd:57:e5:9a:e2:b2:
                    24:f4:29:2e:94:bc:a5:5d:b2:6b:73:b9:5a:33:c4:
                    25:3b:71:80:48:6c:60:45:a1:c0:b0:18:dd:7b:98:
                    17:f5:e1:c3:b4:f5:12:04:df:3e:88:80:dd:2c:90:
                    b6:66:9a:d5:c3:65:72:52:f3:dc:90:05:76:4e:9e:
                    50:41:06:0f:ee:b9:37:3a:fa:a3:f5:1f:45:2a:73:
                    ee:fd:c4:ca:c6:50:c7:9b:9a:2f:3d:21:eb:1e:3a:
                    40:9b:bf:0a:fe:84:a1:5d:6a:7b:0b:4f:62:d4:a6:
                    73:e1:20:c4:68:3b:aa:81:00:7c:6c:9e:52:c9:55:
                    34:8a:14:c0:80:68:90:4f:c4:4e:c2:a5:22:48:82:
                    e4:dc:d9:ba:16:6e:97:e2:0b:d2:a2:14:80:2e:13:
                    20:e4:ab:d7:e3:c1:2c:df:9f:7d:de:00:ad:83:f0:
                    79:75:b0:d5:5d:9b:1c:b0:32:60:f1:1a:af:a7:f9:
                    7c:87:87:db:cd:bb:5b:c7:03:5b:3e:6d:17:fb:07:
                    38:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B6:A0:1A:68:0F:3E:B9:B9:24:31:12:FD:AC:E3:E2:79:6E:A9:A3
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/07agGmgPPrm5JDES_azj4nluqaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:f5:84:7a:26:e4:db:77:b1:b4:c6:78:02:d2:5f:96:30:c0:
         6a:96:9b:56:4a:58:3f:91:f3:23:a9:0e:44:4f:8e:af:0a:77:
         49:76:ea:50:af:00:7a:54:49:03:18:9d:b6:b4:7a:35:88:55:
         04:1d:40:24:de:f2:8b:76:e3:eb:fc:14:0b:84:23:19:a8:c7:
         c5:71:0d:96:3d:de:0f:da:58:a3:16:03:60:d4:f3:8e:7c:7b:
         ba:ac:53:39:c7:72:b3:4f:d5:40:de:6a:67:8b:ed:52:69:20:
         ae:f9:c6:d2:38:23:f0:04:fd:50:81:93:b3:e0:8a:5d:e4:d6:
         72:3a:76:27:1f:c2:51:f0:55:4b:8f:3a:a1:2a:7f:60:6b:b3:
         bf:36:4f:2e:7c:70:53:27:bd:d9:36:9a:92:5b:1e:58:43:fb:
         2b:5a:a2:06:d8:e7:b9:88:18:54:41:f3:08:67:94:32:0d:bd:
         c9:29:4d:06:19:c8:8c:bd:cf:4e:45:4c:a2:53:9a:48:a1:8a:
         5e:da:05:93:ba:f6:b1:6b:d9:77:d1:df:4f:df:63:c7:ef:0b:
         9e:54:ff:14:44:43:6b:a5:7c:79:74:d2:ab:ef:03:e7:50:56:
         21:e6:91:fa:ff:87:28:92:57:99:27:55:b6:27:d8:ee:94:3f:
         3c:84:a2:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrLBMN6OwhfqsArXnC1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I2YTAxYTY4MGYzZWI5YjkyNDMxMTJmZGFjZTNlMjc5NmVhOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsl/lHrUwIly/AoFY9OY43YqzMcX
Fx1muus/hpY49Yu7cHOZioX9xjibr4o8pfq5/i/wsdS9V+Wa4rIk9CkulLylXbJr
c7laM8QlO3GASGxgRaHAsBjde5gX9eHDtPUSBN8+iIDdLJC2ZprVw2VyUvPckAV2
Tp5QQQYP7rk3Ovqj9R9FKnPu/cTKxlDHm5ovPSHrHjpAm78K/oShXWp7C09i1KZz
4SDEaDuqgQB8bJ5SyVU0ihTAgGiQT8ROwqUiSILk3Nm6Fm6X4gvSohSALhMg5KvX
48Es35993gCtg/B5dbDVXZscsDJg8Rqvp/l8h4fbzbtbxwNbPm0X+wc4xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO2oBpoDz65uSQxEv2s4+J5bqmjMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvMDdhZ0dtZ1BQcm01SkRFU19hemo0bmx1cWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5M4MA0G
CSqGSIb3DQEBCwUAA4IBAQA09YR6JuTbd7G0xngC0l+WMMBqlptWSlg/kfMjqQ5E
T46vCndJdupQrwB6VEkDGJ22tHo1iFUEHUAk3vKLduPr/BQLhCMZqMfFcQ2WPd4P
2lijFgNg1POOfHu6rFM5x3KzT9VA3mpni+1SaSCu+cbSOCPwBP1QgZOz4Ipd5NZy
OnYnH8JR8FVLjzqhKn9ga7O/Nk8ufHBTJ73ZNpqSWx5YQ/srWqIG2Oe5iBhUQfMI
Z5QyDb3JKU0GGciMvc9ORUyiU5pIoYpe2gWTuvaxa9l30d9P32PH7wueVP8URENr
pXx5dNKr7wPnUFYh5pH6/4cokleZJ1W2J9julD88hKIr
-----END CERTIFICATE-----