Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/B2U8185AMx60A3kuuwCzdNxkuYs.roa
File:                     B2U8185AMx60A3kuuwCzdNxkuYs.roa (raw, json)
Hash identifier:          +VhjI2OhmUMWWD6M2p9zel23hhtBUkLqsD/vo1UPy6s=
Subject key identifier:   07:65:3C:D7:CE:40:33:1E:B4:03:79:2E:BB:00:B3:74:DC:64:B9:8B
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747F7F19FC091D68B92615C4E79A184
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/B2U8185AMx60A3kuuwCzdNxkuYs.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        83.147.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f7:f1:9f:c0:91:d6:8b:92:61:5c:4e:79:a1:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07653cd7ce40331eb403792ebb00b374dc64b98b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:04:7c:44:e6:8d:b1:4b:df:11:12:a9:2a:5f:
                    5b:a3:76:7e:68:0d:4b:03:e5:d6:7d:20:05:46:1d:
                    bd:aa:fe:16:3a:bb:b7:2c:2c:fc:89:46:2d:62:49:
                    ab:07:0e:12:86:9a:3e:45:e1:2f:b0:d2:5c:5c:09:
                    0b:10:d9:85:e8:53:ab:56:8f:3a:6b:f1:1c:0d:05:
                    7e:64:b9:b5:8a:f0:a3:f7:bf:11:d2:28:15:20:61:
                    cb:fd:54:19:4b:92:aa:d7:ab:de:02:2d:b2:d9:0b:
                    d7:2a:2e:35:3c:ea:33:bb:3d:6b:4c:1f:57:eb:9b:
                    19:5a:01:12:29:92:99:a5:d0:a3:f1:24:62:0c:05:
                    5b:11:97:b8:03:ea:aa:66:95:64:23:5e:45:26:d9:
                    61:63:08:3c:9c:fc:3c:2d:f2:0a:39:fc:48:99:c9:
                    08:72:41:02:5a:de:1e:06:fb:3a:9a:a8:01:4f:92:
                    b6:74:ec:d8:a3:fc:cc:38:73:85:d0:ea:bc:cb:95:
                    ae:6e:df:a7:1e:78:c1:4a:45:b2:2c:c8:a5:df:fa:
                    b6:f7:f5:d6:73:a4:11:34:0d:db:f1:e2:eb:ff:a1:
                    ca:2b:d3:df:28:7a:1f:ed:54:a9:36:77:1c:01:a3:
                    d6:47:81:7c:3f:2d:d8:58:69:21:0b:ce:2c:04:52:
                    8f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:65:3C:D7:CE:40:33:1E:B4:03:79:2E:BB:00:B3:74:DC:64:B9:8B
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/B2U8185AMx60A3kuuwCzdNxkuYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:0d:58:cf:28:c2:3a:0f:6d:2d:c7:38:e8:c6:75:90:e0:23:
         c1:f7:8f:2a:77:8a:4d:0e:fc:08:bd:dd:38:6b:53:d2:ba:c2:
         f0:c2:f6:c3:5d:33:a2:39:85:02:57:8e:b9:d8:15:59:07:10:
         0e:2a:f6:4f:3d:e1:e8:2c:d9:31:77:02:9a:68:a2:c8:9f:99:
         bc:c4:11:44:b2:3b:36:ff:30:1d:b4:bf:a7:e8:14:09:54:65:
         8d:39:2e:b0:7c:8b:90:4a:87:61:9f:8c:a2:bb:00:ab:08:44:
         ef:0c:1c:77:5a:2f:18:e9:8f:d0:4f:76:fd:7f:56:6d:7c:d5:
         13:1c:6e:5c:9d:23:21:3c:a9:fd:64:cd:ba:6d:49:4b:a0:e3:
         a3:79:59:f6:f6:42:e2:27:6d:49:a9:a9:e7:bd:d8:61:3b:95:
         59:d1:85:d9:cd:56:0c:90:6e:77:a6:56:21:5d:63:ad:cb:5b:
         b7:42:54:26:67:a6:25:5d:05:9c:58:d1:a4:4f:65:bf:33:4f:
         41:57:2a:a0:c8:91:d4:59:87:11:6b:93:13:4d:5f:93:1f:49:
         ac:e3:c5:fb:93:33:5c:19:66:ec:32:b2:9a:b1:50:e6:3d:9b:
         7b:2f:f7:3a:12:a5:1a:45:55:b4:02:63:58:5f:e7:4c:c7:0f:
         1f:8e:b2:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/fxn8CR1ouSYVxOeaGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzY1M2NkN2NlNDAzMzFlYjQwMzc5MmViYjAwYjM3NGRjNjRiOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgR8ROaNsUvfERKpKl9bo3Z+aA1L
A+XWfSAFRh29qv4WOru3LCz8iUYtYkmrBw4Shpo+ReEvsNJcXAkLENmF6FOrVo86
a/EcDQV+ZLm1ivCj978R0igVIGHL/VQZS5Kq16veAi2y2QvXKi41POozuz1rTB9X
65sZWgESKZKZpdCj8SRiDAVbEZe4A+qqZpVkI15FJtlhYwg8nPw8LfIKOfxImckI
ckECWt4eBvs6mqgBT5K2dOzYo/zMOHOF0Oq8y5Wubt+nHnjBSkWyLMil3/q29/XW
c6QRNA3b8eLr/6HKK9PfKHof7VSpNnccAaPWR4F8Py3YWGkhC84sBFKP7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdlPNfOQDMetAN5LrsAs3TcZLmLMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvQjJVODE4NUFNeDYwQTNrdXV3Q3pkTnhrdVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MoMA0G
CSqGSIb3DQEBCwUAA4IBAQCADVjPKMI6D20txzjoxnWQ4CPB948qd4pNDvwIvd04
a1PSusLwwvbDXTOiOYUCV4652BVZBxAOKvZPPeHoLNkxdwKaaKLIn5m8xBFEsjs2
/zAdtL+n6BQJVGWNOS6wfIuQSodhn4yiuwCrCETvDBx3Wi8Y6Y/QT3b9f1ZtfNUT
HG5cnSMhPKn9ZM26bUlLoOOjeVn29kLiJ21JqannvdhhO5VZ0YXZzVYMkG53plYh
XWOty1u3QlQmZ6YlXQWcWNGkT2W/M09BVyqgyJHUWYcRa5MTTV+TH0ms48X7kzNc
GWbsMrKasVDmPZt7L/c6EqUaRVW0AmNYX+dMxw8fjrIi
-----END CERTIFICATE-----