Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/xQy5ssDzbi-SeZ5ME3_ncIlAWZM.roa
File:                     xQy5ssDzbi-SeZ5ME3_ncIlAWZM.roa (raw, json)
Hash identifier:          NZxmqLLerd/0iVQIxHr/6K2v2mBSe/ENEdPK7KVkA3g=
Subject key identifier:   C5:0C:B9:B2:C0:F3:6E:2F:92:79:9E:4C:13:7F:E7:70:89:40:59:93
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       018EE5339644D5FC1D72BECF70DCA52AA83D
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/xQy5ssDzbi-SeZ5ME3_ncIlAWZM.roa
Signing time:             Tue 16 Apr 2024 04:39:06 +0000
ROA not before:           Tue 16 Apr 2024 04:39:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        83.147.48.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e5:33:96:44:d5:fc:1d:72:be:cf:70:dc:a5:2a:a8:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Apr 16 04:39:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c50cb9b2c0f36e2f92799e4c137fe77089405993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:64:a3:fb:f6:14:59:d3:bf:2f:31:f5:55:5c:
                    ca:70:77:bb:15:4e:dc:b1:7b:2c:e5:e8:9c:77:2d:
                    e0:29:66:8e:57:15:18:e9:39:e1:3d:98:c1:ef:9c:
                    19:df:cf:32:86:f6:f0:94:1c:5f:90:72:52:02:05:
                    26:a6:1b:66:e8:18:07:e6:69:f4:88:25:22:65:97:
                    9d:fb:31:75:bf:76:9b:2a:29:dc:ad:ad:10:e4:d2:
                    b8:49:ca:2c:f0:96:16:04:64:72:62:fa:9b:ae:a0:
                    52:4b:4f:e2:25:76:97:0e:d6:82:ac:80:ce:64:7b:
                    a7:c3:64:c3:bc:e4:90:a6:f8:37:3d:39:90:f5:84:
                    d9:c5:7f:69:40:68:07:cf:c4:14:43:fe:93:ae:23:
                    44:df:24:a1:0a:4b:9a:2d:8c:60:0a:15:1d:43:42:
                    9f:38:4d:67:62:02:fb:50:57:9f:10:a8:59:e6:ba:
                    b8:5a:dc:72:85:bd:72:61:b1:86:39:50:ca:53:12:
                    42:91:ea:4c:42:c9:01:6b:b5:ae:7a:70:91:a6:03:
                    0f:e6:6f:be:a9:d2:a8:dd:91:49:bd:ee:cb:5f:73:
                    3f:57:29:4a:db:5d:ed:43:28:b0:36:0c:9d:10:b9:
                    b1:23:50:62:34:9c:58:8a:c5:ad:67:29:59:ba:75:
                    b7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:0C:B9:B2:C0:F3:6E:2F:92:79:9E:4C:13:7F:E7:70:89:40:59:93
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/xQy5ssDzbi-SeZ5ME3_ncIlAWZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:e9:57:f7:26:c1:9f:f4:c7:ec:22:03:16:f2:51:9a:cf:42:
         61:1b:ff:ce:cd:b0:fd:a1:4b:0f:a2:94:f3:b3:0d:6b:79:52:
         56:08:49:c2:46:95:41:44:c0:dd:db:aa:5e:00:99:99:a7:e1:
         5c:f1:a1:98:0c:97:fe:1d:d1:ad:1d:dc:07:61:48:cb:46:b2:
         b6:ee:e1:c0:96:80:ba:c5:53:9a:40:7d:36:f6:b3:ca:15:f0:
         d7:3d:28:9c:52:68:f3:0a:bd:29:5d:3b:f3:d6:cc:ef:77:56:
         a0:71:e0:d9:9a:bb:f8:54:08:c0:15:5f:bb:12:2b:e7:35:ef:
         24:34:5d:39:87:ae:8b:49:04:eb:d1:17:33:98:5b:f7:da:73:
         05:72:c4:7e:80:0b:91:12:b7:69:78:24:0f:d5:a7:72:66:7d:
         49:8d:0f:d7:dc:54:43:36:df:86:2e:36:25:f4:87:8a:18:20:
         95:cf:47:26:3b:c1:bb:7b:1c:de:66:8b:39:50:0d:a6:08:a0:
         38:04:6e:ab:05:0e:34:94:d5:51:dd:cd:5a:0f:7c:e7:6d:7b:
         0b:58:ef:37:46:7f:4d:34:26:09:87:b9:1c:76:b5:74:7b:93:
         bf:4d:d7:17:a6:fc:5f:c6:6c:10:4f:30:2f:c4:99:4c:cc:d9:
         ec:8f:36:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7lM5ZE1fwdcr7PcNylKqg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjQwNDE2MDQzOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTBjYjliMmMwZjM2ZTJmOTI3OTllNGMxMzdmZTc3MDg5NDA1OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWSj+/YUWdO/LzH1VVzKcHe7FU7c
sXss5eicdy3gKWaOVxUY6TnhPZjB75wZ388yhvbwlBxfkHJSAgUmphtm6BgH5mn0
iCUiZZed+zF1v3abKincra0Q5NK4Scos8JYWBGRyYvqbrqBSS0/iJXaXDtaCrIDO
ZHunw2TDvOSQpvg3PTmQ9YTZxX9pQGgHz8QUQ/6TriNE3yShCkuaLYxgChUdQ0Kf
OE1nYgL7UFefEKhZ5rq4Wtxyhb1yYbGGOVDKUxJCkepMQskBa7WuenCRpgMP5m++
qdKo3ZFJve7LX3M/VylK213tQyiwNgydELmxI1BiNJxYisWtZylZunW34wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUMubLA824vknmeTBN/53CJQFmTMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEveFF5NXNzRHpiaS1TZVo1TUUzX25jSWxBV1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MwMA0G
CSqGSIb3DQEBCwUAA4IBAQAj6Vf3JsGf9MfsIgMW8lGaz0JhG//OzbD9oUsPopTz
sw1reVJWCEnCRpVBRMDd26peAJmZp+Fc8aGYDJf+HdGtHdwHYUjLRrK27uHAloC6
xVOaQH029rPKFfDXPSicUmjzCr0pXTvz1szvd1agceDZmrv4VAjAFV+7EivnNe8k
NF05h66LSQTr0RczmFv32nMFcsR+gAuRErdpeCQP1adyZn1JjQ/X3FRDNt+GLjYl
9IeKGCCVz0cmO8G7exzeZos5UA2mCKA4BG6rBQ40lNVR3c1aD3znbXsLWO83Rn9N
NCYJh7kcdrV0e5O/TdcXpvxfxmwQTzAvxJlMzNnsjzZ8
-----END CERTIFICATE-----