Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/3rpcreUpgSAFi1XMCSt63ibm5QQ.roa
File:                     3rpcreUpgSAFi1XMCSt63ibm5QQ.roa (raw, json)
Hash identifier:          Uwz2U3BqXe66zOnJXX5h/bDxGfp7fLj/QpRNlb3SN1I=
Subject key identifier:   DE:BA:5C:AD:E5:29:81:20:05:8B:55:CC:09:2B:7A:DE:26:E6:E5:04
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94ABB0593D5535C1E89A9F8B58488F9
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/3rpcreUpgSAFi1XMCSt63ibm5QQ.roa
Signing time:             Tue 02 Jan 2024 08:29:27 +0000
ROA not before:           Tue 02 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        83.147.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:bb:05:93:d5:53:5c:1e:89:a9:f8:b5:84:88:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=deba5cade5298120058b55cc092b7ade26e6e504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5a:30:ac:07:b1:19:a7:44:c4:4b:86:5d:cc:
                    c2:f6:78:6d:27:70:b8:d0:60:72:c8:33:59:ae:7d:
                    1b:58:a4:3d:04:18:d5:06:2a:cd:d4:74:55:4a:fb:
                    e6:91:b9:42:b2:76:df:9a:4e:e6:50:f4:83:77:9c:
                    5d:0c:cf:23:7d:07:f3:02:b2:e5:41:cc:0f:c9:2a:
                    0c:4f:b0:83:e3:a1:18:fa:de:0f:80:2d:7e:82:02:
                    71:b6:aa:fe:bd:26:49:39:6a:3e:da:3a:bf:d8:3e:
                    ad:c1:ee:31:38:87:80:5f:9c:89:8d:1b:32:76:61:
                    6e:50:70:6d:28:a9:f3:42:05:e3:df:4f:18:1a:c2:
                    6e:fe:59:19:5b:0a:71:cf:68:9a:79:9a:4b:bd:a2:
                    11:4d:52:7b:48:41:b2:51:c1:2a:28:6e:f6:dd:42:
                    7f:fa:de:25:13:78:fc:18:1a:c5:48:79:59:a4:f2:
                    0a:fc:47:62:61:fc:d1:a6:44:24:61:b4:a3:eb:a3:
                    54:e7:b7:f9:d1:9b:6f:a9:b0:7c:19:d6:ec:b1:31:
                    9b:3c:1f:1e:53:d3:15:dd:a4:06:f9:9f:fb:66:e2:
                    ad:98:84:b8:37:aa:b4:2e:68:13:08:6b:11:5d:d8:
                    11:f7:d5:2b:4c:05:26:df:01:1f:13:af:a9:d7:82:
                    fd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BA:5C:AD:E5:29:81:20:05:8B:55:CC:09:2B:7A:DE:26:E6:E5:04
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/3rpcreUpgSAFi1XMCSt63ibm5QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:92:43:f6:9e:15:77:a6:87:fe:f3:c4:a0:0b:6d:a7:ec:f7:
         be:4e:66:aa:d6:39:17:27:b7:e0:66:1e:20:39:90:da:c8:7c:
         a9:70:0a:bc:3b:9e:41:ed:6a:db:75:b9:5c:e6:dd:67:3e:4d:
         2b:23:c7:6f:6d:ac:99:a8:13:d5:10:08:e2:73:56:8a:ee:10:
         38:1b:26:c1:83:45:e2:f4:7e:a7:6f:50:cb:5b:65:25:74:68:
         b0:4c:58:d7:cb:20:47:a3:00:f2:3a:d3:b0:c0:e9:49:f0:36:
         21:09:77:94:7d:95:2c:bd:9c:c1:7a:83:cc:5b:a1:69:86:20:
         10:f3:7c:09:9f:7a:98:73:04:a6:36:c0:8c:40:c1:ca:9c:f1:
         0e:c4:6a:27:85:f5:a1:98:f6:5c:c9:d7:56:2b:82:f5:27:bc:
         70:5a:95:a9:00:9b:4a:d6:04:f8:8c:5b:36:c9:20:ee:41:52:
         45:ee:59:9a:23:ee:38:58:3b:20:6e:0b:91:41:d8:51:29:9c:
         0a:ec:d1:3d:d4:2e:e8:90:89:e0:17:c1:4d:d1:07:7d:59:e7:
         bf:d2:d0:ef:6c:0c:41:38:b9:45:5e:36:a7:53:df:52:23:c2:
         79:0c:36:c2:66:32:4a:bc:28:66:c8:9f:8f:bb:77:9f:41:df:
         00:b3:d0:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrsFk9VTXB6Jqfi1hIj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJhNWNhZGU1Mjk4MTIwMDU4YjU1Y2MwOTJiN2FkZTI2ZTZlNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklowrAexGadExEuGXczC9nhtJ3C4
0GByyDNZrn0bWKQ9BBjVBirN1HRVSvvmkblCsnbfmk7mUPSDd5xdDM8jfQfzArLl
QcwPySoMT7CD46EY+t4PgC1+ggJxtqr+vSZJOWo+2jq/2D6twe4xOIeAX5yJjRsy
dmFuUHBtKKnzQgXj308YGsJu/lkZWwpxz2iaeZpLvaIRTVJ7SEGyUcEqKG723UJ/
+t4lE3j8GBrFSHlZpPIK/EdiYfzRpkQkYbSj66NU57f50ZtvqbB8GdbssTGbPB8e
U9MV3aQG+Z/7ZuKtmIS4N6q0LmgTCGsRXdgR99UrTAUm3wEfE6+p14L9SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN66XK3lKYEgBYtVzAkret4m5uUEMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvM3JwY3JlVXBnU0FGaTFYTUNTdDYzaWJtNVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MeMA0G
CSqGSIb3DQEBCwUAA4IBAQARkkP2nhV3pof+88SgC22n7Pe+Tmaq1jkXJ7fgZh4g
OZDayHypcAq8O55B7Wrbdblc5t1nPk0rI8dvbayZqBPVEAjic1aK7hA4GybBg0Xi
9H6nb1DLW2UldGiwTFjXyyBHowDyOtOwwOlJ8DYhCXeUfZUsvZzBeoPMW6FphiAQ
83wJn3qYcwSmNsCMQMHKnPEOxGonhfWhmPZcyddWK4L1J7xwWpWpAJtK1gT4jFs2
ySDuQVJF7lmaI+44WDsgbguRQdhRKZwK7NE91C7okIngF8FN0Qd9Wee/0tDvbAxB
OLlFXjanU99SI8J5DDbCZjJKvChmyJ+Pu3efQd8As9CD
-----END CERTIFICATE-----