Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/jmAH1Mx-E2Z7pdOPoeNy_XX3_08.roa
File:                     jmAH1Mx-E2Z7pdOPoeNy_XX3_08.roa (raw, json)
Hash identifier:          beVJYboGOGkef8KkS9oQz2qzmrc5Np2ii/2Y3/kP6SE=
Subject key identifier:   8E:60:07:D4:CC:7E:13:66:7B:A5:D3:8F:A1:E3:72:FD:75:F7:FF:4F
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018CC94AB26DE7D412EFFB0E1730C376904D
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/jmAH1Mx-E2Z7pdOPoeNy_XX3_08.roa
Signing time:             Tue 02 Jan 2024 08:29:24 +0000
ROA not before:           Tue 02 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        83.147.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b2:6d:e7:d4:12:ef:fb:0e:17:30:c3:76:90:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e6007d4cc7e13667ba5d38fa1e372fd75f7ff4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:64:39:b0:3d:c9:9e:8c:66:ce:58:a2:c4:
                    78:ff:22:c9:d4:ff:7d:b8:8b:1a:7a:03:8e:0d:8f:
                    1d:ae:27:65:f2:55:df:6a:f7:9f:59:86:c7:64:62:
                    7e:85:54:df:48:c8:59:fa:6e:64:06:b3:81:96:81:
                    ad:5e:6e:97:60:aa:aa:9b:e6:c0:e6:f6:2b:da:8f:
                    df:04:8a:5e:5a:2d:50:b9:cb:bc:c4:44:56:dc:82:
                    17:56:82:45:8e:27:ef:e5:d4:ee:21:51:43:ca:21:
                    74:b3:78:e5:11:27:46:4c:03:bd:2f:f3:7e:94:66:
                    73:e7:15:bf:03:5b:56:ab:cf:e9:00:5e:4f:df:5c:
                    b3:bf:c3:62:f1:2c:32:9d:72:e8:35:3f:f3:75:e2:
                    b8:60:c0:d4:11:ae:15:43:ca:c7:fb:f0:39:78:70:
                    e3:d7:e7:be:50:cf:20:de:e7:85:bd:28:f6:57:47:
                    db:a4:e2:ba:68:b5:73:db:e9:31:f8:77:60:d4:e8:
                    c7:31:59:72:07:a6:dd:2a:51:6d:59:a8:33:ad:76:
                    bc:d6:3e:cf:1f:34:77:13:52:68:48:0a:22:53:ed:
                    cf:cd:d1:da:d8:44:59:34:ed:f4:33:b3:f1:14:ad:
                    8e:ee:89:91:8e:31:7d:c0:a9:db:dd:16:ff:2e:72:
                    77:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:60:07:D4:CC:7E:13:66:7B:A5:D3:8F:A1:E3:72:FD:75:F7:FF:4F
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/jmAH1Mx-E2Z7pdOPoeNy_XX3_08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:fc:96:3c:99:5b:e4:27:df:e2:12:98:40:46:a5:0e:5f:1f:
         b9:4f:b4:1c:db:ea:fb:e2:6e:55:c3:69:64:77:42:53:b0:54:
         39:dd:9e:54:9a:46:90:d5:90:d4:85:da:c9:db:8f:00:39:6e:
         51:08:43:63:5f:0e:90:24:84:d5:8b:e2:0e:f7:10:48:e6:e0:
         e1:a9:71:09:cb:5c:c3:04:05:4b:48:c9:21:cc:b7:39:8c:cd:
         2d:6f:66:1c:9a:3f:2f:f4:e8:41:54:36:83:c1:ad:9f:47:0a:
         4d:19:19:8e:04:43:cc:94:e0:ce:0b:64:54:b4:03:a5:79:c7:
         6a:17:4d:44:88:ae:66:54:59:21:52:53:57:2f:84:35:b5:97:
         e7:ea:f3:66:71:86:22:fb:79:74:a9:03:37:70:5c:73:ed:c5:
         bf:45:56:3b:9c:59:b2:b9:29:3c:19:09:d3:cd:29:ef:be:77:
         68:50:3a:62:b0:37:f5:80:2e:0f:ba:e6:bd:fb:d4:db:44:44:
         e7:72:ad:24:78:27:82:e9:9e:e4:b1:3c:94:c3:6c:f2:fd:e3:
         cc:f9:7c:cb:5b:07:dc:09:8b:6b:2f:98:16:44:0b:df:19:4b:
         ed:e1:2c:5b:be:ae:76:bf:50:90:10:27:91:ff:0e:ef:b1:f5:
         59:37:b0:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrJt59QS7/sOFzDDdpBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMTAyMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTYwMDdkNGNjN2UxMzY2N2JhNWQzOGZhMWUzNzJmZDc1ZjdmZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQZkObA9yZ6MZs5YosR4/yLJ1P99
uIsaegOODY8dridl8lXfavefWYbHZGJ+hVTfSMhZ+m5kBrOBloGtXm6XYKqqm+bA
5vYr2o/fBIpeWi1Qucu8xERW3IIXVoJFjifv5dTuIVFDyiF0s3jlESdGTAO9L/N+
lGZz5xW/A1tWq8/pAF5P31yzv8Ni8SwynXLoNT/zdeK4YMDUEa4VQ8rH+/A5eHDj
1+e+UM8g3ueFvSj2V0fbpOK6aLVz2+kx+Hdg1OjHMVlyB6bdKlFtWagzrXa81j7P
HzR3E1JoSAoiU+3PzdHa2ERZNO30M7PxFK2O7omRjjF9wKnb3Rb/LnJ3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5gB9TMfhNme6XTj6Hjcv119/9PMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvam1BSDFNeC1FMlo3cGRPUG9lTnlfWFgzXzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MIMA0G
CSqGSIb3DQEBCwUAA4IBAQBd/JY8mVvkJ9/iEphARqUOXx+5T7Qc2+r74m5Vw2lk
d0JTsFQ53Z5UmkaQ1ZDUhdrJ248AOW5RCENjXw6QJITVi+IO9xBI5uDhqXEJy1zD
BAVLSMkhzLc5jM0tb2Ycmj8v9OhBVDaDwa2fRwpNGRmOBEPMlODOC2RUtAOlecdq
F01EiK5mVFkhUlNXL4Q1tZfn6vNmcYYi+3l0qQM3cFxz7cW/RVY7nFmyuSk8GQnT
zSnvvndoUDpisDf1gC4Puua9+9TbRETncq0keCeC6Z7ksTyUw2zy/ePM+XzLWwfc
CYtrL5gWRAvfGUvt4Sxbvq52v1CQECeR/w7vsfVZN7AA
-----END CERTIFICATE-----