Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/aRkukqB4BZ5q7lxT5i2V1ZA4HU4.roa
File:                     aRkukqB4BZ5q7lxT5i2V1ZA4HU4.roa (raw, json)
Hash identifier:          f4pYHODh51OZ0UNgNYsHpp2AddV1GqnGWOTO3kyolR4=
Subject key identifier:   69:19:2E:92:A0:78:05:9E:6A:EE:5C:53:E6:2D:95:D5:90:38:1D:4E
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       0191731F16A30A83D9CFE2EC55592DAAE411
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/aRkukqB4BZ5q7lxT5i2V1ZA4HU4.roa
Signing time:             Wed 21 Aug 2024 04:08:22 +0000
ROA not before:           Wed 21 Aug 2024 04:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        83.147.0.0/22 maxlen: 24
                          83.147.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:73:1f:16:a3:0a:83:d9:cf:e2:ec:55:59:2d:aa:e4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Aug 21 04:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69192e92a078059e6aee5c53e62d95d590381d4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:12:1d:68:ec:cc:c3:e1:e7:5e:58:38:2e:b1:
                    0f:be:9d:05:ae:66:d8:e4:76:35:57:df:8f:7a:b7:
                    8d:fa:13:aa:fa:3e:44:50:cf:1a:85:05:e8:4f:59:
                    10:6d:d8:94:a5:8b:76:fb:8d:31:a8:c7:3b:ba:cc:
                    43:aa:39:2b:47:f0:3b:81:e4:82:c8:7b:e7:7e:a5:
                    b9:f1:db:b3:9c:aa:ca:5c:d2:14:d4:db:0a:93:48:
                    e2:ef:c2:dd:76:93:95:54:19:d2:ea:c9:43:9d:14:
                    78:01:49:8f:fb:89:28:62:ac:c2:84:5e:bc:0e:29:
                    39:bc:da:6d:2f:a4:c4:15:f5:15:3a:ac:b8:06:b9:
                    48:23:05:d0:a4:5c:6a:0b:d3:57:f0:29:d2:65:96:
                    34:3a:be:74:84:bb:64:e7:f0:5e:50:fe:f8:ea:a6:
                    18:ea:21:6b:35:1e:12:b9:e4:cc:15:6a:29:ce:2c:
                    87:a6:51:33:e5:65:17:2f:37:0c:c4:0d:99:47:78:
                    5e:e7:99:82:df:fb:5f:2b:ad:ac:b0:ca:f9:90:06:
                    b0:1e:71:be:35:8e:1e:e5:91:b6:2b:9a:02:9d:23:
                    ab:6a:84:19:4f:1d:3a:89:46:be:87:9b:24:b6:51:
                    2e:df:a5:26:09:c6:0f:11:3d:c2:63:ae:7d:2e:71:
                    61:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:19:2E:92:A0:78:05:9E:6A:EE:5C:53:E6:2D:95:D5:90:38:1D:4E
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/aRkukqB4BZ5q7lxT5i2V1ZA4HU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.0.0/22
                  83.147.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:94:4f:e3:c7:ec:cf:82:6a:37:60:8a:68:af:c4:7d:70:09:
         b5:af:16:56:a9:fc:d6:fc:54:3a:60:16:dc:f1:b2:c7:f9:89:
         c7:59:0e:c8:7f:4a:7c:82:c5:2b:a3:3d:19:96:5e:92:f4:b5:
         53:83:d8:fb:51:27:f7:a5:e2:9e:30:02:22:47:ca:c6:45:66:
         a7:1b:a4:5a:3e:8b:ac:44:1f:f4:cc:30:47:5b:16:1d:a8:fc:
         c7:a6:3f:09:ed:de:ee:02:e2:b4:53:67:ea:96:53:42:ca:0e:
         78:fe:94:6e:38:5c:04:23:52:c0:dc:62:32:28:d5:fd:e7:38:
         b7:a5:e5:59:5a:0d:fa:62:c1:1b:f8:34:f9:3e:26:31:51:28:
         1f:4e:4b:b4:8b:37:1a:42:92:9b:64:9c:25:8f:5d:24:13:ef:
         12:c3:16:f8:91:41:d4:c0:44:d3:88:7c:ea:cf:3d:f3:d9:a5:
         3a:0d:36:c2:ad:a7:d3:f3:32:30:af:a3:57:91:16:e9:29:47:
         f0:6c:1e:31:73:99:d5:6f:f0:d0:40:d4:d0:64:e9:6a:0b:13:
         68:b9:ce:86:ce:a3:8e:18:a6:e4:68:f5:5c:05:68:82:69:45:
         9e:1b:58:a2:ca:0e:67:96:04:91:ab:4d:e0:ba:49:66:b7:a7:
         51:c2:a1:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFzHxajCoPZz+LsVVktquQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwODIxMDQwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTE5MmU5MmEwNzgwNTllNmFlZTVjNTNlNjJkOTVkNTkwMzgxZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRIdaOzMw+HnXlg4LrEPvp0FrmbY
5HY1V9+PereN+hOq+j5EUM8ahQXoT1kQbdiUpYt2+40xqMc7usxDqjkrR/A7geSC
yHvnfqW58duznKrKXNIU1NsKk0ji78LddpOVVBnS6slDnRR4AUmP+4koYqzChF68
Dik5vNptL6TEFfUVOqy4BrlIIwXQpFxqC9NX8CnSZZY0Or50hLtk5/BeUP746qYY
6iFrNR4SueTMFWopziyHplEz5WUXLzcMxA2ZR3he55mC3/tfK62ssMr5kAawHnG+
NY4e5ZG2K5oCnSOraoQZTx06iUa+h5sktlEu36UmCcYPET3CY659LnFhqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGkZLpKgeAWeau5cU+YtldWQOB1OMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvYVJrdWtxQjRCWjVxN2x4VDVpMlYxWkE0SFU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5MAAwQC
U5MMMA0GCSqGSIb3DQEBCwUAA4IBAQCalE/jx+zPgmo3YIpor8R9cAm1rxZWqfzW
/FQ6YBbc8bLH+YnHWQ7If0p8gsUroz0Zll6S9LVTg9j7USf3peKeMAIiR8rGRWan
G6RaPousRB/0zDBHWxYdqPzHpj8J7d7uAuK0U2fqllNCyg54/pRuOFwEI1LA3GIy
KNX95zi3peVZWg36YsEb+DT5PiYxUSgfTku0izcaQpKbZJwlj10kE+8Swxb4kUHU
wETTiHzqzz3z2aU6DTbCrafT8zIwr6NXkRbpKUfwbB4xc5nVb/DQQNTQZOlqCxNo
uc6GzqOOGKbkaPVcBWiCaUWeG1iiyg5nlgSRq03guklmt6dRwqGH
-----END CERTIFICATE-----