Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/2sEXhYtUOnrfPp2mxWToMlBFfAY.roa
File:                     2sEXhYtUOnrfPp2mxWToMlBFfAY.roa (raw, json)
Hash identifier:          fMgYIW30fv5JPXO6NrHuk5XHVvvtHwRQQXTh7AUlt1Q=
Subject key identifier:   DA:C1:17:85:8B:54:3A:7A:DF:3E:9D:A6:C5:64:E8:32:50:45:7C:06
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB8CDB37F950C64648F049329825A
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/2sEXhYtUOnrfPp2mxWToMlBFfAY.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211585
IP address blocks:        83.147.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b8:cd:b3:7f:95:0c:64:64:8f:04:93:29:82:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dac117858b543a7adf3e9da6c564e83250457c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:56:d1:87:3b:47:25:23:cb:de:87:61:f3:42:
                    ae:f5:fd:c5:8b:ea:eb:74:25:27:0f:24:3f:a4:25:
                    5f:f2:db:43:99:58:fd:e4:fe:78:1c:d0:d5:73:e6:
                    03:ad:23:fc:42:1c:74:74:ec:58:99:ba:93:b4:bf:
                    69:c8:61:ef:b9:65:2b:53:da:b9:0e:9c:19:d4:15:
                    67:f6:59:84:1e:71:d9:9d:78:a9:b2:0f:89:0f:41:
                    9b:f3:63:a6:62:ce:4a:2a:80:e1:fb:94:59:7b:8e:
                    d5:48:c2:9d:cb:b8:be:ee:ff:57:f4:a4:a8:8c:92:
                    37:5a:18:79:ce:d3:1c:fe:b2:0a:34:66:42:9f:3e:
                    4a:b4:1a:cd:0f:a7:d1:1d:04:31:9f:89:09:85:96:
                    5c:41:b8:37:1c:17:59:3d:07:23:f0:37:e9:04:5d:
                    38:75:c6:b2:3c:e2:ed:88:d2:69:0b:a7:b5:08:69:
                    05:17:63:6d:6e:67:b6:01:61:53:6e:32:b0:2e:5f:
                    27:23:42:1f:e7:d4:1d:2a:ab:2e:64:ed:90:61:9f:
                    34:59:cd:cd:4f:f2:17:4f:90:e4:63:fc:d5:63:fa:
                    0b:a4:2c:d4:44:3a:16:fd:c4:08:e7:d1:30:96:9a:
                    d8:05:0f:de:f9:a0:eb:3c:4c:6d:e0:6b:a7:95:6a:
                    70:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C1:17:85:8B:54:3A:7A:DF:3E:9D:A6:C5:64:E8:32:50:45:7C:06
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/2sEXhYtUOnrfPp2mxWToMlBFfAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:e3:1e:3e:c5:a4:2d:ee:88:60:15:d8:6b:9c:04:83:2a:db:
         61:17:c8:90:ca:4c:48:59:4d:5e:f5:79:2a:c1:be:7e:1e:5d:
         35:46:27:f0:ef:5a:b8:19:c5:bf:40:48:af:ad:bb:c0:85:5d:
         19:52:df:94:4c:4c:27:03:3a:47:2f:ae:8f:bb:eb:93:b0:49:
         d7:d9:31:ad:c1:22:08:60:0d:e2:44:2b:69:5d:76:02:31:08:
         c6:fc:30:6d:15:f4:42:aa:88:e2:9b:98:4a:7a:ee:2b:95:8c:
         b7:2d:69:bb:6a:b9:a7:36:9d:a7:26:fd:5c:bb:d8:81:8b:d6:
         e4:69:3e:1a:ff:a4:83:18:b7:3d:18:3b:d1:94:81:e3:06:48:
         77:93:71:86:12:5d:92:a8:b3:d2:d5:9a:ed:fc:00:b0:be:a8:
         65:96:ce:97:ea:3c:ba:29:4f:fc:73:9f:29:4a:e2:94:c8:7d:
         43:8b:bf:a2:a3:47:19:6d:71:33:83:66:34:0d:3a:8e:c2:b5:
         bf:34:a8:ce:69:ee:02:fb:98:92:05:03:56:bd:3f:98:f6:c4:
         48:ad:7d:89:af:59:95:40:05:ad:0c:f8:29:16:55:41:43:e4:
         f8:4b:7f:31:ab:bc:f6:85:d9:f6:44:e9:d5:43:73:c3:43:a6:
         e4:56:44:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrjNs3+VDGRkjwSTKYJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWMxMTc4NThiNTQzYTdhZGYzZTlkYTZjNTY0ZTgzMjUwNDU3YzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVbRhztHJSPL3odh80Ku9f3Fi+rr
dCUnDyQ/pCVf8ttDmVj95P54HNDVc+YDrSP8Qhx0dOxYmbqTtL9pyGHvuWUrU9q5
DpwZ1BVn9lmEHnHZnXipsg+JD0Gb82OmYs5KKoDh+5RZe47VSMKdy7i+7v9X9KSo
jJI3Whh5ztMc/rIKNGZCnz5KtBrND6fRHQQxn4kJhZZcQbg3HBdZPQcj8DfpBF04
dcayPOLtiNJpC6e1CGkFF2Ntbme2AWFTbjKwLl8nI0If59QdKqsuZO2QYZ80Wc3N
T/IXT5DkY/zVY/oLpCzURDoW/cQI59EwlprYBQ/e+aDrPExt4GunlWpwJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrBF4WLVDp63z6dpsVk6DJQRXwGMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvMnNFWGhZdFVPbnJmUHAybXhXVG9NbEJGZkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MgMA0G
CSqGSIb3DQEBCwUAA4IBAQAP4x4+xaQt7ohgFdhrnASDKtthF8iQykxIWU1e9Xkq
wb5+Hl01Rifw71q4GcW/QEivrbvAhV0ZUt+UTEwnAzpHL66Pu+uTsEnX2TGtwSII
YA3iRCtpXXYCMQjG/DBtFfRCqojim5hKeu4rlYy3LWm7armnNp2nJv1cu9iBi9bk
aT4a/6SDGLc9GDvRlIHjBkh3k3GGEl2SqLPS1Zrt/ACwvqhlls6X6jy6KU/8c58p
SuKUyH1Di7+io0cZbXEzg2Y0DTqOwrW/NKjOae4C+5iSBQNWvT+Y9sRIrX2Jr1mV
QAWtDPgpFlVBQ+T4S38xq7z2hdn2ROnVQ3PDQ6bkVkTN
-----END CERTIFICATE-----