Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/0QAnnNeRCHbjQIKIbapE3K_mn2A.roa
File:                     0QAnnNeRCHbjQIKIbapE3K_mn2A.roa (raw, json)
Hash identifier:          BGoMp2YKt5XWHP/tLve0xBIrFEUyuT55R0sBaL3EegA=
Subject key identifier:   D1:00:27:9C:D7:91:08:76:E3:40:82:88:6D:AA:44:DC:AF:E6:9F:60
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942748005E39E0D3EC917AD42F5EE670AC
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/0QAnnNeRCHbjQIKIbapE3K_mn2A.roa
Signing time:             Thu 02 Jan 2025 13:50:17 +0000
ROA not before:           Thu 02 Jan 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        83.147.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:00:5e:39:e0:d3:ec:91:7a:d4:2f:5e:e6:70:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d100279cd7910876e34082886daa44dcafe69f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9c:c0:8e:a6:53:3e:2d:e4:7b:2e:40:93:4a:
                    2f:fa:39:bd:4c:6f:1c:d7:66:9c:63:4a:97:2d:5c:
                    12:25:a3:d6:22:42:27:92:48:d0:2b:36:d5:8a:6e:
                    9b:d6:ba:b0:70:f2:82:a4:dc:3d:59:e3:ad:20:69:
                    16:01:8b:55:0f:ef:04:07:4b:13:3e:d6:51:b4:cc:
                    16:52:7a:b3:94:90:ff:49:ec:b1:23:dc:8c:67:66:
                    5c:14:4c:d0:d5:6d:a4:90:ff:3d:10:83:50:0c:19:
                    1d:b6:e5:9d:2a:31:f3:05:19:3a:aa:9f:3e:ec:59:
                    ed:6d:ea:e2:19:04:53:a6:f1:b7:34:77:f3:96:cb:
                    ca:9f:61:9d:f5:d1:61:f4:6d:b5:f6:72:d8:77:60:
                    f4:26:b2:47:16:ef:e7:25:8c:1f:25:e2:8d:7d:7a:
                    c0:52:8b:f0:44:c3:40:2f:1a:83:9d:81:16:94:c8:
                    f9:a4:30:c9:44:7b:2c:ef:6e:3e:bc:60:79:b6:64:
                    15:78:95:98:a0:b9:b3:ae:52:93:af:cc:1f:6f:83:
                    bb:58:d7:3b:62:e2:81:38:e2:e1:e4:8c:47:24:a6:
                    58:94:37:48:23:b7:9c:b0:68:d6:a9:0d:0f:56:30:
                    38:a4:90:32:4e:be:2d:f8:4c:85:fb:f8:e7:4d:f0:
                    15:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:00:27:9C:D7:91:08:76:E3:40:82:88:6D:AA:44:DC:AF:E6:9F:60
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/0QAnnNeRCHbjQIKIbapE3K_mn2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:e0:34:5e:e1:88:1d:40:65:06:89:e8:b4:23:5f:7d:40:28:
         e7:e8:19:ac:eb:e2:be:c9:f5:71:a0:10:f5:5c:89:ee:84:10:
         3b:22:da:ab:13:fa:56:1d:2c:08:03:5a:f9:78:89:9d:eb:0b:
         ad:17:1a:16:49:7b:be:40:f6:8b:d3:66:0a:f0:75:54:b0:bc:
         a4:6d:0c:50:fc:cf:6d:36:5e:af:e4:b2:87:20:8f:66:be:16:
         5c:31:ee:e3:d5:c6:62:67:29:44:1b:bf:0c:f2:df:d0:e7:9c:
         7d:81:7c:e4:21:54:e2:33:f7:ea:7b:43:85:ec:a1:a3:1f:94:
         2b:bf:e3:f1:0b:e8:f5:d7:c8:74:40:85:a3:a6:12:fd:17:b1:
         e7:38:4b:98:2f:16:84:a8:26:1a:e4:2c:3d:ba:e6:85:2c:1b:
         45:ea:0e:1b:ed:0b:15:1b:e7:6b:36:56:5f:5d:6c:bb:4f:3f:
         99:de:28:e5:d6:fd:82:04:8b:5e:6f:f5:6e:d9:fc:d2:2d:f4:
         bc:10:11:58:c5:c3:47:d8:7c:d2:3e:27:0d:da:de:87:f0:97:
         91:2e:06:eb:c6:58:b8:f8:fa:f3:61:1a:7a:03:e2:72:ce:d9:
         35:a4:e4:be:6a:ff:53:2d:29:f2:b6:ab:15:5f:f1:8b:f5:ed:
         b8:d2:ea:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSABeOeDT7JF61C9e5nCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTAwMjc5Y2Q3OTEwODc2ZTM0MDgyODg2ZGFhNDRkY2FmZTY5ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZzAjqZTPi3key5Ak0ov+jm9TG8c
12acY0qXLVwSJaPWIkInkkjQKzbVim6b1rqwcPKCpNw9WeOtIGkWAYtVD+8EB0sT
PtZRtMwWUnqzlJD/SeyxI9yMZ2ZcFEzQ1W2kkP89EINQDBkdtuWdKjHzBRk6qp8+
7FntberiGQRTpvG3NHfzlsvKn2Gd9dFh9G219nLYd2D0JrJHFu/nJYwfJeKNfXrA
UovwRMNALxqDnYEWlMj5pDDJRHss724+vGB5tmQVeJWYoLmzrlKTr8wfb4O7WNc7
YuKBOOLh5IxHJKZYlDdII7ecsGjWqQ0PVjA4pJAyTr4t+EyF+/jnTfAVpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEAJ5zXkQh240CCiG2qRNyv5p9gMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvMFFBbm5OZVJDSGJqUUlLSWJhcEUzS19tbjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MeMA0G
CSqGSIb3DQEBCwUAA4IBAQAD4DRe4YgdQGUGiei0I199QCjn6Bms6+K+yfVxoBD1
XInuhBA7ItqrE/pWHSwIA1r5eImd6wutFxoWSXu+QPaL02YK8HVUsLykbQxQ/M9t
Nl6v5LKHII9mvhZcMe7j1cZiZylEG78M8t/Q55x9gXzkIVTiM/fqe0OF7KGjH5Qr
v+PxC+j118h0QIWjphL9F7HnOEuYLxaEqCYa5Cw9uuaFLBtF6g4b7QsVG+drNlZf
XWy7Tz+Z3ijl1v2CBIteb/Vu2fzSLfS8EBFYxcNH2HzSPicN2t6H8JeRLgbrxli4
+PrzYRp6A+Jyztk1pOS+av9TLSnytqsVX/GL9e240uq5
-----END CERTIFICATE-----