Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/cQVUyfKIf45mjaBVHlBcxMHGCOA.roa
File:                     cQVUyfKIf45mjaBVHlBcxMHGCOA.roa (raw, json)
Hash identifier:          R9yWqJWybcyGpXZSrUqkWRViZehU+wuI4JUghchOkv4=
Subject key identifier:   71:05:54:C9:F2:88:7F:8E:66:8D:A0:55:1E:50:5C:C4:C1:C6:08:E0
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94ABA51D32379B67FCBF3B4F36735B5
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/cQVUyfKIf45mjaBVHlBcxMHGCOA.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272649
IP address blocks:        83.147.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:ba:51:d3:23:79:b6:7f:cb:f3:b4:f3:67:35:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=710554c9f2887f8e668da0551e505cc4c1c608e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:c5:4f:86:fa:3f:1a:b9:b7:db:fa:1f:6c:
                    c5:11:d1:0f:fe:7d:68:67:68:bb:99:8c:53:66:9c:
                    46:9c:25:95:2d:c4:d4:28:90:94:2e:3a:91:f4:3b:
                    60:07:d8:e5:60:25:de:06:16:57:fc:f7:9e:24:6d:
                    db:ff:bd:4c:f9:23:e1:53:2b:b8:de:8c:0a:c9:0a:
                    08:bd:bb:04:6c:c3:f6:d8:a3:b3:1f:3b:68:f9:93:
                    33:b5:a9:72:35:aa:85:ef:e9:75:da:e6:6b:fa:d0:
                    b3:80:06:d8:f6:d6:cf:c9:97:7b:69:44:02:91:b7:
                    82:ce:57:b1:06:68:91:0a:4b:57:f1:fc:3c:3d:da:
                    e6:ef:b0:f2:46:0c:c9:57:f8:e5:a2:0e:c6:7a:e1:
                    0e:68:c5:b7:ca:0c:d8:01:56:ef:16:10:32:99:76:
                    4a:07:2e:0d:93:f9:19:20:39:19:d4:a4:da:61:e0:
                    f9:f8:2a:e0:a7:53:7d:b4:79:c8:5a:3c:09:66:b1:
                    7c:b9:25:76:b6:3b:7c:7b:f6:23:73:5c:5e:4f:1e:
                    b9:3e:be:f1:e9:ba:ee:2a:d7:c3:2a:d4:7e:7a:2d:
                    7f:0c:a0:a2:ea:e5:7b:5f:97:2d:7d:35:48:cc:72:
                    7c:2b:18:ea:bc:16:22:79:3a:ed:b6:6b:0d:0b:5a:
                    a8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:05:54:C9:F2:88:7F:8E:66:8D:A0:55:1E:50:5C:C4:C1:C6:08:E0
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/cQVUyfKIf45mjaBVHlBcxMHGCOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:ad:f3:e0:e7:e0:bd:66:4f:20:2c:60:45:e9:72:38:e2:f9:
         d0:48:36:96:4b:19:97:d0:09:89:6d:b1:bb:dc:7a:b6:99:8d:
         bd:08:55:11:f0:06:b3:c2:41:2f:99:86:2f:69:84:a7:3e:b6:
         72:0c:6b:cd:4a:0d:8e:7b:59:72:53:51:75:e2:8a:7c:89:46:
         86:89:0a:75:99:25:78:2e:8d:16:a8:f5:38:20:69:b7:ed:d3:
         9b:69:04:ea:62:c9:fc:60:19:98:54:53:ca:fc:49:9f:9c:e1:
         8e:60:f5:f5:63:90:25:f4:b1:2f:1d:c8:7d:6d:db:9d:e4:93:
         d6:dc:4d:44:d4:98:d7:91:48:68:b3:fd:0a:57:c7:21:fb:a6:
         e9:a0:be:84:a3:3b:c7:1f:fb:3c:03:16:8b:07:06:03:c3:d6:
         e7:52:90:75:bf:17:6d:c2:09:5f:5c:ba:a2:b8:05:76:9c:5a:
         78:14:c2:5e:49:d9:4d:44:eb:07:41:53:9f:c6:a3:cd:a9:ce:
         d3:6f:40:fe:34:81:37:96:36:4d:58:fd:9b:10:24:e3:26:46:
         eb:8c:8b:7b:25:40:6d:3b:4d:ab:cd:87:0d:b3:dd:6b:50:87:
         e2:aa:e6:e3:d0:69:2e:b2:99:3f:af:69:a8:d7:51:be:c8:e8:
         da:37:49:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrpR0yN5tn/L87TzZzW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTA1NTRjOWYyODg3ZjhlNjY4ZGEwNTUxZTUwNWNjNGMxYzYwOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMzFT4b6Pxq5t9v6H2zFEdEP/n1o
Z2i7mYxTZpxGnCWVLcTUKJCULjqR9DtgB9jlYCXeBhZX/PeeJG3b/71M+SPhUyu4
3owKyQoIvbsEbMP22KOzHzto+ZMztalyNaqF7+l12uZr+tCzgAbY9tbPyZd7aUQC
kbeCzlexBmiRCktX8fw8Pdrm77DyRgzJV/jlog7GeuEOaMW3ygzYAVbvFhAymXZK
By4Nk/kZIDkZ1KTaYeD5+Crgp1N9tHnIWjwJZrF8uSV2tjt8e/Yjc1xeTx65Pr7x
6bruKtfDKtR+ei1/DKCi6uV7X5ctfTVIzHJ8KxjqvBYieTrttmsNC1qoswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEFVMnyiH+OZo2gVR5QXMTBxgjgMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvY1FWVXlmS0lmNDVtamFCVkhsQmN4TUhHQ09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MaMA0G
CSqGSIb3DQEBCwUAA4IBAQA/rfPg5+C9Zk8gLGBF6XI44vnQSDaWSxmX0AmJbbG7
3Hq2mY29CFUR8AazwkEvmYYvaYSnPrZyDGvNSg2Oe1lyU1F14op8iUaGiQp1mSV4
Lo0WqPU4IGm37dObaQTqYsn8YBmYVFPK/EmfnOGOYPX1Y5Al9LEvHch9bdud5JPW
3E1E1JjXkUhos/0KV8ch+6bpoL6EozvHH/s8AxaLBwYDw9bnUpB1vxdtwglfXLqi
uAV2nFp4FMJeSdlNROsHQVOfxqPNqc7Tb0D+NIE3ljZNWP2bECTjJkbrjIt7JUBt
O02rzYcNs91rUIfiqubj0Gkuspk/r2mo11G+yOjaN0lB
-----END CERTIFICATE-----