Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/l3DXMB2VL7c7b6xRjYGPDV7oYGI.roa
File:                     l3DXMB2VL7c7b6xRjYGPDV7oYGI.roa (raw, json)
Hash identifier:          o6ahrhG3L8tnPi0I3Y8P8prBnYqNAqV+4VEt68sxUBE=
Subject key identifier:   97:70:D7:30:1D:95:2F:B7:3B:6F:AC:51:8D:81:8F:0D:5E:E8:60:62
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747FEA04EC39715A763845BF268E9DA
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/l3DXMB2VL7c7b6xRjYGPDV7oYGI.roa
Signing time:             Thu 02 Jan 2025 13:50:17 +0000
ROA not before:           Thu 02 Jan 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        83.147.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:fe:a0:4e:c3:97:15:a7:63:84:5b:f2:68:e9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9770d7301d952fb73b6fac518d818f0d5ee86062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c6:5c:07:d6:f6:7e:5c:5b:12:37:0d:87:d4:
                    0e:88:43:e6:08:3b:5e:8f:2f:f0:4b:6f:db:2f:17:
                    02:40:dd:6e:99:80:17:7e:88:73:87:f5:c7:c8:a8:
                    f0:98:c7:3f:62:02:32:da:35:fa:6f:53:8f:a1:e8:
                    b5:bc:f4:9d:d7:cb:87:5f:95:81:43:34:fb:91:a9:
                    14:90:87:7f:02:c9:97:4d:47:94:2e:e7:35:6e:b7:
                    f4:56:34:bd:f7:19:84:b8:cd:62:8c:a6:57:1d:16:
                    c9:b6:12:1b:5b:a7:4d:a0:8e:d9:0a:e1:ff:28:52:
                    3d:4e:2a:17:7a:35:63:45:22:bc:5f:3b:e5:09:5b:
                    59:33:4c:87:db:b3:b3:2f:fe:74:e2:df:5d:a5:80:
                    d5:b0:30:22:17:05:40:99:c3:52:d1:5c:81:de:c1:
                    cf:bf:6e:4e:d7:22:3f:ff:e2:38:2c:0c:d5:36:3e:
                    34:ae:5c:6c:fd:4b:cd:71:50:ce:78:4a:bb:92:9f:
                    51:96:02:1d:76:29:ec:fd:a8:74:91:a0:82:85:d1:
                    31:a0:38:40:4b:1b:f2:5c:4a:60:f6:4c:2e:87:e1:
                    e6:c8:dc:66:d4:7f:50:b6:6d:d5:75:77:08:0b:d2:
                    65:10:7a:4e:df:04:a4:35:ec:70:58:f8:1a:30:13:
                    69:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:70:D7:30:1D:95:2F:B7:3B:6F:AC:51:8D:81:8F:0D:5E:E8:60:62
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/l3DXMB2VL7c7b6xRjYGPDV7oYGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:db:a5:65:9a:62:c6:3a:a2:44:44:65:38:2c:88:96:86:16:
         19:73:4a:be:07:32:2e:b7:52:81:f9:7b:fb:76:45:df:a6:e7:
         4c:2c:b3:d7:0c:e9:1f:25:aa:a2:a5:04:c3:62:02:79:9d:8e:
         ed:d7:c4:d3:c8:33:eb:d7:0a:38:27:c0:ba:3d:5d:65:77:37:
         7b:28:1b:44:61:25:5e:ba:d0:8e:de:33:ba:5c:03:d2:6a:2e:
         6f:42:b6:cc:44:94:fb:1e:80:76:41:de:4e:2c:f2:ce:83:44:
         44:f4:80:78:30:a2:e8:75:e9:27:5d:3b:b2:66:ba:b6:01:55:
         ae:61:3a:d9:3b:63:6a:76:53:15:78:6d:49:5a:99:bb:58:65:
         11:71:10:ce:0f:99:95:4e:26:8b:43:d4:96:4a:e1:13:1c:59:
         4a:89:e0:a7:c6:55:55:6f:e2:22:dc:84:33:fc:e5:98:ef:c6:
         4a:82:20:20:aa:ee:23:74:66:e7:3c:4a:35:76:49:be:52:f3:
         34:d3:e6:89:da:a2:df:a3:c6:5e:6d:d7:f6:c4:57:89:9d:a1:
         bf:4a:7f:fe:7b:39:5d:b3:8e:a6:4e:38:c1:d7:53:1c:b6:c1:
         38:71:09:24:cf:07:1c:74:e7:5b:13:a4:f9:2f:64:93:5c:af:
         e9:7b:a1:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/6gTsOXFadjhFvyaOnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzcwZDczMDFkOTUyZmI3M2I2ZmFjNTE4ZDgxOGYwZDVlZTg2MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8ZcB9b2flxbEjcNh9QOiEPmCDte
jy/wS2/bLxcCQN1umYAXfohzh/XHyKjwmMc/YgIy2jX6b1OPoei1vPSd18uHX5WB
QzT7kakUkId/AsmXTUeULuc1brf0VjS99xmEuM1ijKZXHRbJthIbW6dNoI7ZCuH/
KFI9TioXejVjRSK8XzvlCVtZM0yH27OzL/504t9dpYDVsDAiFwVAmcNS0VyB3sHP
v25O1yI//+I4LAzVNj40rlxs/UvNcVDOeEq7kp9RlgIddins/ah0kaCChdExoDhA
SxvyXEpg9kwuh+HmyNxm1H9Qtm3VdXcIC9JlEHpO3wSkNexwWPgaMBNpkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdw1zAdlS+3O2+sUY2Bjw1e6GBiMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvbDNEWE1CMlZMN2M3YjZ4UmpZR1BEVjdvWUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5MYMA0G
CSqGSIb3DQEBCwUAA4IBAQA/26VlmmLGOqJERGU4LIiWhhYZc0q+BzIut1KB+Xv7
dkXfpudMLLPXDOkfJaqipQTDYgJ5nY7t18TTyDPr1wo4J8C6PV1ldzd7KBtEYSVe
utCO3jO6XAPSai5vQrbMRJT7HoB2Qd5OLPLOg0RE9IB4MKLodeknXTuyZrq2AVWu
YTrZO2NqdlMVeG1JWpm7WGURcRDOD5mVTiaLQ9SWSuETHFlKieCnxlVVb+Ii3IQz
/OWY78ZKgiAgqu4jdGbnPEo1dkm+UvM00+aJ2qLfo8Zebdf2xFeJnaG/Sn/+ezld
s46mTjjB11MctsE4cQkkzwccdOdbE6T5L2STXK/pe6Ex
-----END CERTIFICATE-----