Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/VtZZSmyJvVpaBjvnkYFvs6OHYCA.roa
File:                     VtZZSmyJvVpaBjvnkYFvs6OHYCA.roa (raw, json)
Hash identifier:          CojK875vFvi7dhN7VSdzEvnnXy122BzCH34JLSROt8Q=
Subject key identifier:   56:D6:59:4A:6C:89:BD:5A:5A:06:3B:E7:91:81:6F:B3:A3:87:60:20
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94ABAB93B9DAA65EC0EF413C64EE45F
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/VtZZSmyJvVpaBjvnkYFvs6OHYCA.roa
Signing time:             Tue 02 Jan 2024 08:29:27 +0000
ROA not before:           Tue 02 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399486
IP address blocks:        83.147.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ba:b9:3b:9d:aa:65:ec:0e:f4:13:c6:4e:e4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56d6594a6c89bd5a5a063be791816fb3a3876020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a6:29:fc:0d:56:0e:ef:8e:f4:f9:53:12:d0:
                    82:f5:2d:2b:3e:94:4f:ae:ca:2a:82:e6:0b:cb:d0:
                    b7:9c:b9:3f:e3:b3:f3:53:a6:f7:ae:3e:40:22:87:
                    ee:16:2e:44:02:49:89:f8:cb:1c:8b:98:03:5c:7c:
                    d0:61:f9:e3:e6:d4:20:cc:0b:84:51:c7:35:54:a9:
                    55:4a:81:5c:25:0b:05:32:82:83:f6:2e:fd:8b:9a:
                    ae:de:33:6c:82:89:03:cc:6e:e4:f3:39:8a:22:1e:
                    a6:74:57:f5:19:74:ef:7f:b4:01:9e:31:d7:e4:2f:
                    58:17:a6:5c:98:5f:84:f2:02:38:d2:c0:12:92:9f:
                    c5:5e:0f:35:ac:2a:f8:25:39:93:c5:b5:8b:0c:5b:
                    5f:a4:23:de:1e:a2:2a:1f:1b:74:3d:fc:b1:76:57:
                    d4:dc:3e:86:40:03:e8:43:a2:13:81:19:08:92:55:
                    01:57:b1:dc:7d:85:60:5f:a4:8c:d8:86:65:72:e6:
                    1a:6c:8f:a9:87:27:72:af:33:82:ea:5a:52:20:c2:
                    72:a6:9c:e3:49:95:95:49:6d:ca:a8:a7:3e:c7:3b:
                    96:61:c9:aa:46:70:95:41:3f:4d:03:81:d4:ee:ef:
                    13:4b:d8:a3:68:7c:c6:10:ce:29:83:f8:91:03:dd:
                    01:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:D6:59:4A:6C:89:BD:5A:5A:06:3B:E7:91:81:6F:B3:A3:87:60:20
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/VtZZSmyJvVpaBjvnkYFvs6OHYCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:d7:61:d9:05:6c:a8:c5:10:99:6e:7b:16:66:f8:83:74:b6:
         07:57:52:4c:fc:c0:07:e1:32:7b:80:30:90:7a:27:5a:93:d5:
         e0:51:97:4c:2f:fd:53:e0:c7:9c:b3:73:76:5d:a5:ed:f5:64:
         ba:3f:d7:0a:7e:c4:83:c2:75:99:a0:6d:a7:4a:c5:84:ac:93:
         a8:53:72:48:80:1e:de:89:04:bb:73:73:62:f7:14:f4:0b:28:
         4f:c0:60:b2:5a:03:db:a2:ba:9f:81:8b:74:53:9a:06:ec:a9:
         d5:d7:49:a2:17:d4:93:69:70:3a:97:83:9a:a6:8b:85:9d:5b:
         a9:6b:5f:0e:ad:15:29:dd:17:e6:4d:e9:4c:82:9f:48:37:6a:
         66:92:92:52:6f:0c:7c:ee:6a:fc:49:d1:8a:c8:51:e7:8e:bd:
         09:b5:d0:06:f6:c6:d7:d8:21:c2:0e:ae:eb:97:21:cd:ff:89:
         c8:01:89:6f:cb:8d:14:6f:7b:88:04:6e:d9:b9:ea:4c:46:16:
         79:ae:34:cb:64:e9:8d:8d:b8:16:b8:15:45:b1:b1:a9:9f:49:
         2a:2d:b7:f6:1c:ba:10:6c:18:38:9e:a3:40:53:9c:e5:11:e3:
         ec:5a:8c:83:4f:e3:15:29:36:fd:ed:71:10:f2:ac:43:ea:e3:
         d7:35:32:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrq5O52qZewO9BPGTuRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ2NTk0YTZjODliZDVhNWEwNjNiZTc5MTgxNmZiM2EzODc2MDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaYp/A1WDu+O9PlTEtCC9S0rPpRP
rsoqguYLy9C3nLk/47PzU6b3rj5AIofuFi5EAkmJ+Msci5gDXHzQYfnj5tQgzAuE
Ucc1VKlVSoFcJQsFMoKD9i79i5qu3jNsgokDzG7k8zmKIh6mdFf1GXTvf7QBnjHX
5C9YF6ZcmF+E8gI40sASkp/FXg81rCr4JTmTxbWLDFtfpCPeHqIqHxt0PfyxdlfU
3D6GQAPoQ6ITgRkIklUBV7HcfYVgX6SM2IZlcuYabI+phydyrzOC6lpSIMJyppzj
SZWVSW3KqKc+xzuWYcmqRnCVQT9NA4HU7u8TS9ijaHzGEM4pg/iRA90BGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbWWUpsib1aWgY755GBb7Ojh2AgMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvVnRaWlNteUp2VnBhQmp2bmtZRnZzNk9IWUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5M0MA0G
CSqGSIb3DQEBCwUAA4IBAQAT12HZBWyoxRCZbnsWZviDdLYHV1JM/MAH4TJ7gDCQ
eidak9XgUZdML/1T4Mecs3N2XaXt9WS6P9cKfsSDwnWZoG2nSsWErJOoU3JIgB7e
iQS7c3Ni9xT0CyhPwGCyWgPborqfgYt0U5oG7KnV10miF9STaXA6l4OapouFnVup
a18OrRUp3RfmTelMgp9IN2pmkpJSbwx87mr8SdGKyFHnjr0JtdAG9sbX2CHCDq7r
lyHN/4nIAYlvy40Ub3uIBG7ZuepMRhZ5rjTLZOmNjbgWuBVFsbGpn0kqLbf2HLoQ
bBg4nqNAU5zlEePsWoyDT+MVKTb97XEQ8qxD6uPXNTKv
-----END CERTIFICATE-----