Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/0koKkThk6IXcadXwt7E3AJy28Ik.roa
File:                     0koKkThk6IXcadXwt7E3AJy28Ik.roa (raw, json)
Hash identifier:          Z7xELE/WX4fdRKR+UH7lL5PyEeARvsdFYTsRFk9aRjA=
Subject key identifier:   D2:4A:0A:91:38:64:E8:85:DC:69:D5:F0:B7:B1:37:00:9C:B6:F0:89
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB405A27F4FD7BCBF3A47A1962157
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/0koKkThk6IXcadXwt7E3AJy28Ik.roa
Signing time:             Tue 02 Jan 2024 08:29:25 +0000
ROA not before:           Tue 02 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22781
IP address blocks:        83.147.0.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b4:05:a2:7f:4f:d7:bc:bf:3a:47:a1:96:21:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d24a0a913864e885dc69d5f0b7b137009cb6f089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:58:db:37:cb:5d:01:24:1a:81:f5:bf:dd:8f:
                    12:15:1e:5f:dc:b0:4f:ab:76:8a:82:1b:3b:c6:e6:
                    3f:45:ab:d8:ba:eb:cc:61:b4:03:e3:fd:5d:36:e9:
                    04:8e:4c:f4:e1:aa:05:fe:fe:7a:d4:f3:28:5e:3f:
                    fb:e3:2b:65:89:45:0a:d6:87:fa:d3:d9:b0:9e:29:
                    2b:63:37:11:d6:97:69:cd:92:38:23:fb:8f:11:3c:
                    3b:62:86:37:84:f8:bf:8a:4e:10:ac:e5:42:f8:fa:
                    87:0a:ac:f0:8e:dd:c2:a3:98:8d:29:2c:b7:24:be:
                    80:6c:2c:63:9a:d3:31:d9:48:d8:fb:30:44:fb:18:
                    68:3e:4f:6c:e2:c4:af:89:b4:aa:44:69:87:c0:a9:
                    b0:13:7b:4f:aa:db:0f:28:4b:a1:09:cb:84:cf:f3:
                    ad:ac:8f:2d:6c:b0:5c:88:2f:70:4a:67:40:1d:3f:
                    44:80:3e:a6:24:ed:6e:98:08:36:d1:c9:e0:8c:e1:
                    73:6a:7f:fc:c0:6a:b5:39:c1:08:69:5c:d7:37:73:
                    35:25:99:b3:49:5a:fd:be:54:e9:f1:cc:4d:9d:b3:
                    5c:07:10:0d:69:d5:5c:d6:d2:18:1b:be:16:ee:27:
                    91:6a:e1:8d:ba:cf:35:22:39:1e:06:a3:00:98:eb:
                    e6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:4A:0A:91:38:64:E8:85:DC:69:D5:F0:B7:B1:37:00:9C:B6:F0:89
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/0koKkThk6IXcadXwt7E3AJy28Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:fe:96:4a:3d:7e:79:9b:c4:5e:5d:a2:3d:32:99:d4:91:d1:
         28:6d:98:3c:22:68:a8:93:14:2d:cd:1e:c9:4b:3b:3b:df:dd:
         44:b9:d8:03:7c:7a:be:d2:8b:56:f0:f2:c4:cb:21:6c:24:29:
         5b:bd:7c:4e:26:c6:1d:c6:02:a7:9f:d9:84:dc:44:b2:12:ea:
         d5:c3:db:a0:ad:fb:29:6c:3e:c2:a4:8e:c1:19:d5:c3:19:52:
         a5:9d:83:3a:c6:46:0c:0f:11:e9:1e:9b:05:bd:3f:6a:14:0c:
         1c:eb:98:12:4c:90:0a:6c:e5:5c:6f:3e:1d:5e:18:9c:e6:30:
         71:27:cf:22:80:e6:b5:0a:f4:08:bd:f6:23:92:7d:21:d4:74:
         75:b2:20:46:77:24:e2:c2:33:93:8c:09:c8:d9:0d:b6:e1:cb:
         6e:aa:90:0e:d1:29:b9:d2:90:5d:5d:a5:98:45:49:0b:d7:b4:
         8e:cb:d7:f6:eb:55:ab:af:ef:6d:09:83:00:f7:a5:5b:29:b4:
         90:5f:21:62:c2:57:6f:0c:f7:9f:89:f7:0b:db:97:0d:d1:f0:
         a6:5f:a0:80:3d:94:3b:dd:e2:59:48:f1:1b:aa:af:bd:31:dd:
         c6:df:c9:13:3a:8d:7d:6c:4f:52:bf:45:e4:7a:3e:41:6e:8c:
         bc:f1:0c:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrQFon9P17y/OkehliFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjRhMGE5MTM4NjRlODg1ZGM2OWQ1ZjBiN2IxMzcwMDljYjZmMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFjbN8tdASQagfW/3Y8SFR5f3LBP
q3aKghs7xuY/RavYuuvMYbQD4/1dNukEjkz04aoF/v561PMoXj/74ytliUUK1of6
09mwnikrYzcR1pdpzZI4I/uPETw7YoY3hPi/ik4QrOVC+PqHCqzwjt3Co5iNKSy3
JL6AbCxjmtMx2UjY+zBE+xhoPk9s4sSvibSqRGmHwKmwE3tPqtsPKEuhCcuEz/Ot
rI8tbLBciC9wSmdAHT9EgD6mJO1umAg20cngjOFzan/8wGq1OcEIaVzXN3M1JZmz
SVr9vlTp8cxNnbNcBxANadVc1tIYG74W7ieRauGNus81IjkeBqMAmOvmVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJKCpE4ZOiF3GnV8LexNwCctvCJMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvMGtvS2tUaGs2SVhjYWRYd3Q3RTNBSnkyOElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MAMA0G
CSqGSIb3DQEBCwUAA4IBAQB8/pZKPX55m8ReXaI9MpnUkdEobZg8ImiokxQtzR7J
Szs7391EudgDfHq+0otW8PLEyyFsJClbvXxOJsYdxgKnn9mE3ESyEurVw9ugrfsp
bD7CpI7BGdXDGVKlnYM6xkYMDxHpHpsFvT9qFAwc65gSTJAKbOVcbz4dXhic5jBx
J88igOa1CvQIvfYjkn0h1HR1siBGdyTiwjOTjAnI2Q224ctuqpAO0Sm50pBdXaWY
RUkL17SOy9f261Wrr+9tCYMA96VbKbSQXyFiwldvDPefifcL25cN0fCmX6CAPZQ7
3eJZSPEbqq+9Md3G38kTOo19bE9Sv0Xkej5Bboy88QwW
-----END CERTIFICATE-----