Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/duttvXP09WBOesl1XoWL9UdP1nY.roa
File:                     duttvXP09WBOesl1XoWL9UdP1nY.roa (raw, json)
Hash identifier:          o0xpc8fk0e3Z3zYOGqd0KNqGOCgL/Q84EdTJO0fhZbI=
Subject key identifier:   76:EB:6D:BD:73:F4:F5:60:4E:7A:C9:75:5E:85:8B:F5:47:4F:D6:76
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB6B5227B6B9566659A55F8651D07
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/duttvXP09WBOesl1XoWL9UdP1nY.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64073
IP address blocks:        83.147.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b6:b5:22:7b:6b:95:66:65:9a:55:f8:65:1d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76eb6dbd73f4f5604e7ac9755e858bf5474fd676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8d:4e:f3:ec:86:31:14:62:2b:9b:8f:1d:39:
                    fc:6c:b2:16:04:1a:e7:74:20:cf:16:3c:36:a6:85:
                    44:1c:dc:0f:38:89:ac:0f:0c:3b:d0:db:51:b1:95:
                    a6:5d:e4:11:a0:dd:a2:c2:5a:d7:8a:ef:5c:7e:39:
                    64:b5:ac:03:6d:73:bb:0b:c8:72:93:3e:37:12:3b:
                    47:47:12:f7:8f:bd:b1:c8:37:98:15:d5:18:60:a7:
                    71:83:ef:73:bc:df:66:9a:f6:50:e5:df:cd:ad:96:
                    d0:30:5e:5a:c1:26:a3:52:6c:74:dc:c6:b0:d5:ed:
                    79:70:50:e9:56:0c:9b:b8:bf:f4:93:08:85:67:a3:
                    bc:f9:de:20:5d:26:2d:95:c6:19:06:6d:6d:39:f3:
                    b7:89:6c:f3:2f:74:29:2c:41:dd:44:b8:3c:28:c9:
                    cc:85:92:b3:6b:89:27:6c:5b:c7:b5:08:34:47:6f:
                    31:c0:45:f7:10:68:38:ca:21:25:8f:fc:00:31:38:
                    b2:85:c5:24:07:88:40:f0:15:9b:3d:29:ec:b6:9d:
                    fe:81:04:99:3a:85:5c:11:57:6c:30:6d:7e:77:80:
                    3c:f8:f0:6b:2f:b6:54:fd:aa:e3:41:5b:2b:40:fc:
                    4b:e0:0a:21:99:4f:da:6d:9d:92:52:6d:f8:b9:3d:
                    e8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:EB:6D:BD:73:F4:F5:60:4E:7A:C9:75:5E:85:8B:F5:47:4F:D6:76
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/duttvXP09WBOesl1XoWL9UdP1nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:d0:04:ca:3b:95:45:1a:2e:cf:7f:9a:68:1f:be:ae:96:c3:
         c2:ff:89:22:f4:c4:a7:14:9e:bd:82:98:c6:6f:da:e8:2a:74:
         6f:cb:77:de:e6:a8:23:0b:4b:9f:e1:6a:56:0c:44:b0:da:e1:
         3a:2d:68:50:a2:3f:e7:5a:17:c7:85:82:6d:d5:63:4c:56:1d:
         b6:b1:a7:a9:ac:4f:20:3d:18:4b:4f:e3:70:ee:86:9e:79:30:
         a2:6a:4f:c7:82:e8:78:f5:22:ec:0c:e2:05:ca:da:08:b9:44:
         ac:87:7d:20:2e:9c:f0:6f:f8:36:3b:73:9e:78:db:ec:b9:50:
         78:7b:ea:59:41:fd:cc:26:01:62:2c:e5:e8:02:86:73:97:88:
         0b:77:ec:04:2d:09:f5:19:c1:ec:0b:54:f4:e9:2c:ab:db:bc:
         7b:d3:f0:5b:5d:5d:20:de:c0:9d:6f:e7:fb:ab:9f:06:2f:7b:
         44:b2:a0:0f:45:8f:12:96:9c:40:35:6e:1f:00:da:f5:51:eb:
         0d:d5:bb:55:f6:0f:e1:8e:0e:52:63:38:00:99:2d:50:19:a2:
         ad:dc:f0:32:55:d9:76:ed:d0:a3:2e:27:d0:86:61:f4:0b:ca:
         c9:c6:51:67:29:33:c6:12:58:04:bd:d6:dd:86:9a:56:e6:c8:
         dd:26:62:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSra1IntrlWZlmlX4ZR0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmViNmRiZDczZjRmNTYwNGU3YWM5NzU1ZTg1OGJmNTQ3NGZkNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsI1O8+yGMRRiK5uPHTn8bLIWBBrn
dCDPFjw2poVEHNwPOImsDww70NtRsZWmXeQRoN2iwlrXiu9cfjlktawDbXO7C8hy
kz43EjtHRxL3j72xyDeYFdUYYKdxg+9zvN9mmvZQ5d/NrZbQMF5awSajUmx03Maw
1e15cFDpVgybuL/0kwiFZ6O8+d4gXSYtlcYZBm1tOfO3iWzzL3QpLEHdRLg8KMnM
hZKza4knbFvHtQg0R28xwEX3EGg4yiElj/wAMTiyhcUkB4hA8BWbPSnstp3+gQSZ
OoVcEVdsMG1+d4A8+PBrL7ZU/arjQVsrQPxL4AohmU/abZ2SUm34uT3oTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbrbb1z9PVgTnrJdV6Fi/VHT9Z2MB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvZHV0dHZYUDA5V0JPZXNsMVhvV0w5VWRQMW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MEMA0G
CSqGSIb3DQEBCwUAA4IBAQCt0ATKO5VFGi7Pf5poH76ulsPC/4ki9MSnFJ69gpjG
b9roKnRvy3fe5qgjC0uf4WpWDESw2uE6LWhQoj/nWhfHhYJt1WNMVh22saeprE8g
PRhLT+Nw7oaeeTCiak/Hguh49SLsDOIFytoIuUSsh30gLpzwb/g2O3OeeNvsuVB4
e+pZQf3MJgFiLOXoAoZzl4gLd+wELQn1GcHsC1T06Syr27x70/BbXV0g3sCdb+f7
q58GL3tEsqAPRY8SlpxANW4fANr1UesN1btV9g/hjg5SYzgAmS1QGaKt3PAyVdl2
7dCjLifQhmH0C8rJxlFnKTPGElgEvdbdhppW5sjdJmJ7
-----END CERTIFICATE-----