Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/nj5PpWtpNZQxAuMc-nZo9Z_E_TA.roa
File:                     nj5PpWtpNZQxAuMc-nZo9Z_E_TA.roa (raw, json)
Hash identifier:          gKqLxE6PtoL4srCjexO8yxt0xrYW0QTgQW1vGKr/UlY=
Subject key identifier:   9E:3E:4F:A5:6B:69:35:94:31:02:E3:1C:FA:76:68:F5:9F:C4:FD:30
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018DEEDF9C9A1A245DD56343ECED13A7FF62
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/nj5PpWtpNZQxAuMc-nZo9Z_E_TA.roa
Signing time:             Wed 28 Feb 2024 08:40:48 +0000
ROA not before:           Wed 28 Feb 2024 08:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        83.147.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 22:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:df:9c:9a:1a:24:5d:d5:63:43:ec:ed:13:a7:ff:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Feb 28 08:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e3e4fa56b6935943102e31cfa7668f59fc4fd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7e:63:be:60:a8:e9:c2:b0:48:e9:32:a3:79:
                    4a:fd:81:8e:4b:29:7b:1b:0b:7a:98:ba:6f:cd:e5:
                    02:b4:cf:93:25:fe:55:60:ba:97:da:01:c9:67:05:
                    28:d1:37:62:3a:70:b1:81:3f:73:b6:c9:04:f2:0f:
                    12:52:38:b4:eb:af:36:92:3d:20:b2:09:83:d1:95:
                    d9:f0:a1:e0:dd:55:60:60:30:e4:99:43:6a:79:58:
                    a2:ef:be:53:e7:f5:41:e3:f5:8e:e4:cf:f7:c1:52:
                    f6:36:66:2b:8c:7d:08:90:51:4a:bc:d0:e6:1b:4c:
                    d7:a9:e5:72:00:a5:a1:70:e1:76:0d:fc:25:dc:20:
                    aa:ad:c0:9c:4f:9f:1d:b4:63:41:62:93:ce:f6:27:
                    12:dd:11:c0:e4:1d:c4:2e:48:37:47:d1:d2:37:fb:
                    d9:6a:fc:45:0b:8d:3f:f5:03:64:0c:fb:a0:bc:d3:
                    df:6a:5b:5f:15:9c:68:a3:7a:4b:13:ce:be:95:73:
                    0f:28:ce:6f:cc:c8:ed:2e:de:f9:0d:03:7f:51:f3:
                    26:a1:93:ed:b9:0c:d6:5d:a3:f8:20:69:2a:ec:20:
                    d6:e7:64:20:36:38:1e:b6:16:34:60:7f:cf:5c:d3:
                    d8:97:e5:36:20:f5:93:e4:e1:64:69:0b:cc:8f:23:
                    c5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:3E:4F:A5:6B:69:35:94:31:02:E3:1C:FA:76:68:F5:9F:C4:FD:30
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/nj5PpWtpNZQxAuMc-nZo9Z_E_TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:4d:e4:a6:7d:48:e4:6e:a4:29:a8:21:b3:17:23:e8:07:8d:
         21:37:2e:17:3d:67:89:52:b2:fd:f6:17:b0:e7:f0:25:6a:65:
         45:21:4b:c6:23:79:37:56:16:44:d2:d4:e6:a2:38:eb:91:e3:
         9d:30:9f:36:37:05:f3:9e:03:bf:07:de:68:c7:10:6c:ef:39:
         45:7c:11:b1:fb:dd:0d:4c:56:d6:35:16:c4:82:99:45:ba:a6:
         e9:a6:85:21:ad:2c:dd:29:f9:fa:74:1a:8d:7f:01:42:44:4a:
         b2:10:71:81:95:0e:2c:e4:5d:cc:d2:1a:9b:97:1f:e3:6c:cf:
         34:de:db:99:51:86:7f:72:5f:55:4a:22:9b:85:c9:86:d2:86:
         0c:30:54:bf:31:7e:77:7f:d3:ab:1b:43:84:d2:b8:c6:55:bb:
         03:b5:a1:01:38:a5:fc:8a:6d:1b:60:a7:6e:17:9b:6e:40:94:
         a9:a1:9f:2e:5f:6a:e6:2c:c1:53:b2:13:a7:b2:f1:67:9f:4b:
         bd:86:50:f0:06:35:2c:9c:b7:a3:37:d2:0b:c7:07:75:96:b0:
         73:66:60:5b:04:20:ba:f1:ab:8a:15:a1:ff:77:12:57:ff:0f:
         a6:65:fc:b6:28:b6:6b:b1:ab:b6:d7:91:53:7d:63:80:e5:ec:
         6a:32:77:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3u35yaGiRd1WND7O0Tp/9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwMjI4MDg0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNlNGZhNTZiNjkzNTk0MzEwMmUzMWNmYTc2NjhmNTlmYzRmZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr35jvmCo6cKwSOkyo3lK/YGOSyl7
Gwt6mLpvzeUCtM+TJf5VYLqX2gHJZwUo0TdiOnCxgT9ztskE8g8SUji06682kj0g
sgmD0ZXZ8KHg3VVgYDDkmUNqeVii775T5/VB4/WO5M/3wVL2NmYrjH0IkFFKvNDm
G0zXqeVyAKWhcOF2Dfwl3CCqrcCcT58dtGNBYpPO9icS3RHA5B3ELkg3R9HSN/vZ
avxFC40/9QNkDPugvNPfaltfFZxoo3pLE86+lXMPKM5vzMjtLt75DQN/UfMmoZPt
uQzWXaP4IGkq7CDW52QgNjgethY0YH/PXNPYl+U2IPWT5OFkaQvMjyPFAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4+T6VraTWUMQLjHPp2aPWfxP0wMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvbmo1UHBXdHBOWlF4QXVNYy1uWm85Wl9FX1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MkMA0G
CSqGSIb3DQEBCwUAA4IBAQCmTeSmfUjkbqQpqCGzFyPoB40hNy4XPWeJUrL99hew
5/AlamVFIUvGI3k3VhZE0tTmojjrkeOdMJ82NwXzngO/B95oxxBs7zlFfBGx+90N
TFbWNRbEgplFuqbppoUhrSzdKfn6dBqNfwFCREqyEHGBlQ4s5F3M0hqblx/jbM80
3tuZUYZ/cl9VSiKbhcmG0oYMMFS/MX53f9OrG0OE0rjGVbsDtaEBOKX8im0bYKdu
F5tuQJSpoZ8uX2rmLMFTshOnsvFnn0u9hlDwBjUsnLejN9ILxwd1lrBzZmBbBCC6
8auKFaH/dxJX/w+mZfy2KLZrsau215FTfWOA5exqMned
-----END CERTIFICATE-----