Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/iKI5RgMZxu7__wgKS1DsKDYOpjE.roa
File:                     iKI5RgMZxu7__wgKS1DsKDYOpjE.roa (raw, json)
Hash identifier:          aXmrvfdN6GEOP1YxjVK5atbF96yriXZAbanqlxpF/Ik=
Subject key identifier:   88:A2:39:46:03:19:C6:EE:FF:FF:08:0A:4B:50:EC:28:36:0E:A6:31
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018E7B2D8740E6E6B4C09CD37BE7E3F4BC27
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/iKI5RgMZxu7__wgKS1DsKDYOpjE.roa
Signing time:             Tue 26 Mar 2024 14:32:45 +0000
ROA not before:           Tue 26 Mar 2024 14:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215311
IP address blocks:        83.147.17.0/24 maxlen: 24
                          83.147.18.0/24 maxlen: 24
                          83.147.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:2d:87:40:e6:e6:b4:c0:9c:d3:7b:e7:e3:f4:bc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Mar 26 14:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88a239460319c6eeffff080a4b50ec28360ea631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:49:aa:ae:86:4c:0a:af:52:f2:f7:2c:d3:26:
                    10:a1:23:ba:11:d8:cb:50:3b:bd:ce:12:9d:88:f4:
                    2e:e8:32:14:d6:b0:98:5d:28:e1:e2:3a:c3:17:d2:
                    09:d1:f6:7b:86:2b:f3:46:10:7c:fe:f4:d3:f4:4e:
                    60:56:14:92:5f:0b:f6:6a:9f:e0:be:d2:b6:73:c5:
                    4d:a1:2a:18:91:8d:03:59:97:93:e3:fb:7e:91:4b:
                    36:92:39:74:a6:2f:19:73:3f:7a:13:7c:36:26:5a:
                    8e:2f:ad:58:4f:ed:a3:b4:97:3c:de:3e:95:ed:fc:
                    62:09:b7:ba:07:50:82:6a:cf:ca:f3:22:6c:61:23:
                    1f:89:bb:22:3b:20:fc:00:19:ff:03:9b:91:d9:3a:
                    84:8d:bb:39:0f:8d:dd:19:e6:d7:78:b7:34:b7:d7:
                    1d:d7:7c:64:f4:d1:83:2d:24:33:88:66:96:17:47:
                    17:ef:b8:67:cd:11:77:4c:e9:e7:e7:b3:35:8c:86:
                    07:34:03:d6:14:e7:56:a0:65:5d:4f:66:7e:93:04:
                    39:25:62:75:71:b8:5e:e2:94:8c:be:ed:fb:f9:7b:
                    ad:93:ba:89:e0:e8:2d:d0:4c:f2:c9:3f:d7:cd:ea:
                    8f:29:62:a0:56:e3:ab:dc:81:bc:c7:c0:51:22:02:
                    65:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A2:39:46:03:19:C6:EE:FF:FF:08:0A:4B:50:EC:28:36:0E:A6:31
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/iKI5RgMZxu7__wgKS1DsKDYOpjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.17.0-83.147.19.255

    Signature Algorithm: sha256WithRSAEncryption
         b0:ca:e0:0e:55:fb:bd:69:66:72:42:ec:ab:27:4f:7d:2a:ab:
         98:1a:a7:85:88:7b:2b:de:94:25:dc:0e:c4:6b:31:e0:4c:6b:
         49:c2:95:b8:25:00:e2:38:9a:72:1f:7a:77:9e:a4:57:2a:ed:
         b9:71:0a:42:16:02:82:65:b1:e2:67:69:b4:db:b7:d0:09:d8:
         2f:e7:82:f2:31:6c:6f:bf:2c:42:13:22:d7:48:05:5d:e5:3a:
         91:ce:22:38:80:ad:da:03:93:6a:c2:8d:cc:d0:d4:24:16:55:
         72:34:2d:7b:40:6e:3d:9a:f6:12:ad:0f:e7:51:1f:f3:5c:d8:
         90:2f:64:d4:af:6f:8e:3e:32:89:3e:ff:0a:1b:c5:e8:f1:f6:
         14:33:fc:e1:7b:12:45:76:25:b4:ea:9f:0c:ce:d0:66:ed:40:
         00:e8:db:2a:8a:37:bd:9f:82:79:d2:2c:d2:1e:b5:07:ad:ff:
         dc:cc:17:6d:16:89:78:c4:e8:9b:ea:3c:7c:41:0d:e0:8c:95:
         c9:79:e4:fb:00:11:01:42:5e:7f:59:55:39:98:20:c3:04:af:
         22:5a:87:18:0e:65:d4:a3:d7:15:d9:54:bd:62:63:ee:6a:1c:
         cf:5e:c2:ad:14:c3:7c:25:dd:5b:2c:dc:87:3a:64:33:87:52:
         65:44:65:f5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY57LYdA5ua0wJzTe+fj9LwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMzI2MTQzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEyMzk0NjAzMTljNmVlZmZmZjA4MGE0YjUwZWMyODM2MGVhNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0mqroZMCq9S8vcs0yYQoSO6EdjL
UDu9zhKdiPQu6DIU1rCYXSjh4jrDF9IJ0fZ7hivzRhB8/vTT9E5gVhSSXwv2ap/g
vtK2c8VNoSoYkY0DWZeT4/t+kUs2kjl0pi8Zcz96E3w2JlqOL61YT+2jtJc83j6V
7fxiCbe6B1CCas/K8yJsYSMfibsiOyD8ABn/A5uR2TqEjbs5D43dGebXeLc0t9cd
13xk9NGDLSQziGaWF0cX77hnzRF3TOnn57M1jIYHNAPWFOdWoGVdT2Z+kwQ5JWJ1
cbhe4pSMvu37+Xutk7qJ4Ogt0EzyyT/XzeqPKWKgVuOr3IG8x8BRIgJlVwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIiiOUYDGcbu//8ICktQ7Cg2DqYxMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvaUtJNVJnTVp4dTdfX3dnS1MxRHNLRFlPcGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABTkxED
BAJTkxAwDQYJKoZIhvcNAQELBQADggEBALDK4A5V+71pZnJC7KsnT30qq5gap4WI
eyvelCXcDsRrMeBMa0nClbglAOI4mnIfeneepFcq7blxCkIWAoJlseJnabTbt9AJ
2C/ngvIxbG+/LEITItdIBV3lOpHOIjiArdoDk2rCjczQ1CQWVXI0LXtAbj2a9hKt
D+dRH/Nc2JAvZNSvb44+Mok+/wobxejx9hQz/OF7EkV2JbTqnwzO0GbtQADo2yqK
N72fgnnSLNIetQet/9zMF20WiXjE6JvqPHxBDeCMlcl55PsAEQFCXn9ZVTmYIMME
ryJahxgOZdSj1xXZVL1iY+5qHM9ewq0Uw3wl3Vss3Ic6ZDOHUmVEZfU=
-----END CERTIFICATE-----