Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/6C4v3yHbTw0aO5aZgTMJEvBUcV0.roa
File:                     6C4v3yHbTw0aO5aZgTMJEvBUcV0.roa (raw, json)
Hash identifier:          EDgW0V7+i+9hXHvcuAuDRCg3pVuVRfo08QJDiQISL94=
Subject key identifier:   E8:2E:2F:DF:21:DB:4F:0D:1A:3B:96:99:81:33:09:12:F0:54:71:5D
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB6784BA1DB2D1701AE8FCC6E3D5D
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/6C4v3yHbTw0aO5aZgTMJEvBUcV0.roa
Signing time:             Tue 02 Jan 2024 08:29:25 +0000
ROA not before:           Tue 02 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62816
IP address blocks:        83.147.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b6:78:4b:a1:db:2d:17:01:ae:8f:cc:6e:3d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e82e2fdf21db4f0d1a3b969981330912f054715d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a1:94:24:8b:3f:6c:a5:27:83:14:b6:b9:00:
                    5a:bb:0d:80:c5:05:a0:e6:5b:e2:27:d5:45:7a:ed:
                    37:5a:a9:76:f9:d7:0b:69:dc:79:0d:fe:6d:db:5d:
                    a9:e8:ea:f0:a9:44:cf:13:f4:2b:3f:2b:48:7f:27:
                    50:64:9d:97:ef:b6:85:9d:74:01:1f:dc:e3:ae:d3:
                    0a:98:60:cf:56:ca:68:ae:87:37:6f:c7:dd:69:08:
                    76:9f:9e:6f:d6:dd:c5:77:e0:a3:7a:c0:9d:5f:f4:
                    0a:ad:5f:9f:fa:f6:3c:26:1f:0a:8d:bd:ea:8e:98:
                    ae:34:8c:e8:e9:e0:d8:8f:b3:1d:f4:a8:2f:e7:08:
                    62:51:31:84:4c:60:5e:13:43:f4:b6:6d:02:93:dc:
                    86:80:13:d0:78:49:9c:6f:f1:e4:60:df:f4:21:b7:
                    ba:4b:bb:2d:b8:ab:b7:fb:de:2e:db:3b:eb:92:d9:
                    fd:b3:45:f2:68:9a:57:51:d7:af:75:7e:3a:c0:da:
                    21:5d:53:4c:50:e2:83:86:95:5d:49:cd:50:82:e4:
                    ee:c7:c6:72:4b:d8:d8:f4:9e:f8:93:29:97:e1:9d:
                    bb:a2:6a:0a:e8:d9:87:33:3a:9f:79:8c:94:dd:f9:
                    90:50:f8:b8:97:f9:e7:65:4a:23:5d:42:3c:d8:a7:
                    3a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:2E:2F:DF:21:DB:4F:0D:1A:3B:96:99:81:33:09:12:F0:54:71:5D
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/6C4v3yHbTw0aO5aZgTMJEvBUcV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:d7:25:33:1f:f0:21:e5:7e:ae:12:94:76:96:e6:af:45:94:
         c8:bb:34:22:4d:c6:02:69:5f:b1:ed:f8:89:5a:d2:6e:85:a8:
         f9:74:51:c8:cb:f8:de:d6:89:60:f7:2b:26:40:18:98:46:fd:
         da:0d:6c:95:e4:f8:a9:8c:16:b8:da:57:54:16:44:9e:c8:0a:
         6a:b7:10:a2:23:a1:c0:f9:db:40:a4:07:64:d5:4f:3d:58:5d:
         26:c4:a4:da:ae:35:96:5c:e4:05:53:71:fa:22:28:3d:e6:bb:
         c7:09:9f:38:3b:df:34:25:b3:09:a8:3c:17:65:8a:0e:0f:92:
         31:65:f4:b6:b7:18:d5:23:c5:9b:dd:d8:0d:68:60:88:95:bd:
         47:c1:16:0b:be:b8:67:67:09:b6:72:15:ab:85:13:bf:28:d8:
         c5:09:75:a8:4c:a7:a0:40:0f:eb:b0:f3:97:79:f1:64:ab:96:
         82:94:81:07:5a:c2:b4:bd:a6:f8:9e:95:bc:0f:b5:b6:5d:30:
         5d:96:ce:ca:e9:37:a2:84:0b:b4:5b:b9:f6:5d:7b:ce:96:e1:
         d8:9d:30:ac:a2:b7:b5:29:da:ae:99:4d:85:91:ce:6b:cb:22:
         06:ac:e1:c7:6a:07:9f:29:b1:f1:8e:53:ee:09:17:8a:1d:32:
         4a:db:0c:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrZ4S6HbLRcBro/Mbj1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODJlMmZkZjIxZGI0ZjBkMWEzYjk2OTk4MTMzMDkxMmYwNTQ3MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKGUJIs/bKUngxS2uQBauw2AxQWg
5lviJ9VFeu03Wql2+dcLadx5Df5t212p6OrwqUTPE/QrPytIfydQZJ2X77aFnXQB
H9zjrtMKmGDPVsporoc3b8fdaQh2n55v1t3Fd+CjesCdX/QKrV+f+vY8Jh8Kjb3q
jpiuNIzo6eDYj7Md9Kgv5whiUTGETGBeE0P0tm0Ck9yGgBPQeEmcb/HkYN/0Ibe6
S7stuKu3+94u2zvrktn9s0XyaJpXUdevdX46wNohXVNMUOKDhpVdSc1QguTux8Zy
S9jY9J74kymX4Z27omoK6NmHMzqfeYyU3fmQUPi4l/nnZUojXUI82Kc6iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOguL98h208NGjuWmYEzCRLwVHFdMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvNkM0djN5SGJUdzBhTzVhWmdUTUpFdkJVY1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5MXMA0G
CSqGSIb3DQEBCwUAA4IBAQBs1yUzH/Ah5X6uEpR2luavRZTIuzQiTcYCaV+x7fiJ
WtJuhaj5dFHIy/je1olg9ysmQBiYRv3aDWyV5PipjBa42ldUFkSeyApqtxCiI6HA
+dtApAdk1U89WF0mxKTarjWWXOQFU3H6Iig95rvHCZ84O980JbMJqDwXZYoOD5Ix
ZfS2txjVI8Wb3dgNaGCIlb1HwRYLvrhnZwm2chWrhRO/KNjFCXWoTKegQA/rsPOX
efFkq5aClIEHWsK0vab4npW8D7W2XTBdls7K6TeihAu0W7n2XXvOluHYnTCsore1
KdqumU2Fkc5ryyIGrOHHagefKbHxjlPuCReKHTJK2ww/
-----END CERTIFICATE-----