Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/Pv8R2g3YQiREicw9ezYojXP1bI8.roa
File:                     Pv8R2g3YQiREicw9ezYojXP1bI8.roa (raw, json)
Hash identifier:          Q5Me7mq977MJBtoVkF7BzMCD7W2NdjOfsAnxaPB4EB4=
Subject key identifier:   3E:FF:11:DA:0D:D8:42:24:44:89:CC:3D:7B:36:28:8D:73:F5:6C:8F
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747F72455F7809446CD624D8E3FD036
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/Pv8R2g3YQiREicw9ezYojXP1bI8.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9087
IP address blocks:        83.147.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f7:24:55:f7:80:94:46:cd:62:4d:8e:3f:d0:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eff11da0dd842244489cc3d7b36288d73f56c8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:61:df:66:d7:c5:19:fb:80:17:b0:d1:ce:5b:
                    a4:99:cd:ca:37:13:f0:85:dc:53:07:d4:df:46:33:
                    f1:e5:14:d9:f6:d2:03:67:d5:19:8a:8f:07:7b:e8:
                    ff:e7:be:df:c8:f9:2e:a3:da:e8:8e:ae:06:db:52:
                    c3:23:2f:19:e1:7d:ec:45:4c:fa:fe:dd:83:03:f1:
                    ca:74:c9:d7:82:55:1f:4d:f7:20:d1:7e:91:a3:24:
                    6d:74:df:fe:c1:8b:18:04:c3:5f:88:86:ea:ee:d4:
                    8d:2b:18:fb:88:e3:03:7b:e3:82:02:6a:5e:e0:7e:
                    d9:3f:dc:7d:5b:0f:05:ad:16:fc:4d:91:f2:04:d3:
                    45:64:e2:0b:ad:eb:be:27:c6:c7:49:31:b4:6c:73:
                    ec:1e:9a:ae:34:bf:c8:0e:eb:30:88:7b:79:7d:36:
                    7b:8c:43:8f:34:ec:6f:0e:be:0c:b0:c8:4c:10:46:
                    9c:db:76:b5:ec:fb:c4:fa:8a:08:4b:71:48:8c:89:
                    e7:b8:35:58:71:4e:fd:ef:53:4b:41:bb:3c:e7:fe:
                    9a:92:a6:cf:e4:68:e7:9f:8b:83:aa:b0:2f:57:fa:
                    86:23:e6:56:6b:35:6f:cf:9d:93:6b:40:b7:2f:48:
                    53:35:ae:18:67:e7:cf:c3:51:64:89:c4:98:43:09:
                    04:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:FF:11:DA:0D:D8:42:24:44:89:CC:3D:7B:36:28:8D:73:F5:6C:8F
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/Pv8R2g3YQiREicw9ezYojXP1bI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:3e:c1:a0:ae:67:fe:68:f2:af:46:68:64:76:39:ac:00:df:
         97:41:80:4b:c1:ac:6b:d3:89:48:b1:a3:0c:fa:36:d8:5e:ad:
         ca:22:3c:b4:ec:14:4e:78:80:97:e4:21:a9:89:9f:4c:3c:04:
         16:04:f5:ab:23:a7:9a:6f:db:c9:9d:44:97:14:17:08:64:d9:
         ba:cb:27:90:3e:88:4b:12:fb:af:76:b0:4c:8c:65:3c:c8:37:
         d3:f9:1e:52:65:4d:a5:7d:f4:31:1b:08:ef:49:39:b8:2a:0d:
         eb:ca:4f:4e:49:63:d4:31:65:f0:76:57:ef:0a:d0:49:4d:b1:
         c0:31:99:9d:5d:ac:16:34:92:e5:c0:e0:c0:29:2b:d7:75:3a:
         eb:b1:01:ea:45:47:c3:0f:50:67:8c:e2:10:e4:cc:d7:78:ef:
         5a:66:ef:00:7a:dd:37:d5:f4:4b:e8:b2:fa:42:41:5b:9c:43:
         99:a9:33:e3:b4:14:7a:67:5b:f1:8d:08:e5:71:8c:ad:a5:1a:
         43:dd:10:82:60:b9:1d:f0:50:90:33:9b:37:78:df:47:2a:2d:
         b1:73:ea:c1:3f:bc:1d:f4:1a:7a:1b:42:ef:7b:46:63:cc:cd:
         28:6f:53:2a:fd:52:f7:f2:0a:6e:e5:89:27:74:51:50:c5:ac:
         4a:53:02:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/ckVfeAlEbNYk2OP9A2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWZmMTFkYTBkZDg0MjI0NDQ4OWNjM2Q3YjM2Mjg4ZDczZjU2YzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWHfZtfFGfuAF7DRzlukmc3KNxPw
hdxTB9TfRjPx5RTZ9tIDZ9UZio8He+j/577fyPkuo9rojq4G21LDIy8Z4X3sRUz6
/t2DA/HKdMnXglUfTfcg0X6RoyRtdN/+wYsYBMNfiIbq7tSNKxj7iOMDe+OCAmpe
4H7ZP9x9Ww8FrRb8TZHyBNNFZOILreu+J8bHSTG0bHPsHpquNL/IDuswiHt5fTZ7
jEOPNOxvDr4MsMhMEEac23a17PvE+ooIS3FIjInnuDVYcU7971NLQbs85/6akqbP
5Gjnn4uDqrAvV/qGI+ZWazVvz52Ta0C3L0hTNa4YZ+fPw1FkicSYQwkEEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7/EdoN2EIkRInMPXs2KI1z9WyPMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvUHY4UjJnM1lRaVJFaWN3OWV6WW9qWFAxYkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MeMA0G
CSqGSIb3DQEBCwUAA4IBAQC7PsGgrmf+aPKvRmhkdjmsAN+XQYBLwaxr04lIsaMM
+jbYXq3KIjy07BROeICX5CGpiZ9MPAQWBPWrI6eab9vJnUSXFBcIZNm6yyeQPohL
EvuvdrBMjGU8yDfT+R5SZU2lffQxGwjvSTm4Kg3ryk9OSWPUMWXwdlfvCtBJTbHA
MZmdXawWNJLlwODAKSvXdTrrsQHqRUfDD1BnjOIQ5MzXeO9aZu8Aet031fRL6LL6
QkFbnEOZqTPjtBR6Z1vxjQjlcYytpRpD3RCCYLkd8FCQM5s3eN9HKi2xc+rBP7wd
9Bp6G0Lve0ZjzM0ob1Mq/VL38gpu5YkndFFQxaxKUwKh
-----END CERTIFICATE-----