Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/pk2W7rl0sXuty2brwnwRdj-LF34.roa
File:                     pk2W7rl0sXuty2brwnwRdj-LF34.roa (raw, json)
Hash identifier:          ZUpTdTTp79PpXWV5dAGfarUpUFb2vCvGnpP3GHIl2YQ=
Subject key identifier:   A6:4D:96:EE:B9:74:B1:7B:AD:CB:66:EB:C2:7C:11:76:3F:8B:17:7E
Certificate issuer:       /CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
Certificate serial:       018CCA2A7BC971E7CFCE7E0160836F58B339
Authority key identifier: DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/pk2W7rl0sXuty2brwnwRdj-LF34.roa
Signing time:             Tue 02 Jan 2024 12:33:50 +0000
ROA not before:           Tue 02 Jan 2024 12:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     267809
IP address blocks:        82.86.112.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7b:c9:71:e7:cf:ce:7e:01:60:83:6f:58:b3:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
        Validity
            Not Before: Jan  2 12:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a64d96eeb974b17badcb66ebc27c11763f8b177e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:92:74:f0:e1:7e:ef:f5:29:b9:5e:29:37:a4:
                    d3:69:6e:ec:21:ef:1a:2c:cf:83:93:e5:33:1d:41:
                    2f:6b:a3:03:7b:c3:56:a9:13:27:56:61:c7:74:6e:
                    36:16:46:db:fd:4e:1c:e2:14:ce:6d:95:62:e1:41:
                    53:24:bf:8e:fa:a4:2b:8e:86:c1:1e:c3:68:96:87:
                    5a:08:0f:9d:88:f1:9e:05:46:cf:08:a2:16:ef:04:
                    1b:66:ff:30:5f:75:06:46:26:72:b5:fa:c9:7f:5a:
                    74:79:63:c0:b5:77:76:67:9b:12:40:46:7e:c1:3a:
                    01:ca:b7:b1:fa:5c:0f:3f:e9:84:59:1c:22:07:eb:
                    94:61:09:c2:ee:fd:7b:44:ec:e6:68:92:92:98:dd:
                    c1:53:4a:ea:98:52:44:61:67:fa:05:a9:5f:98:95:
                    0c:d6:a8:99:f5:2e:58:e9:68:3c:ec:86:da:61:be:
                    f1:f7:6e:76:f4:36:1a:6a:8a:79:25:e0:85:c3:53:
                    31:fd:b3:6b:f8:95:2e:f2:ec:a7:04:7e:70:80:ed:
                    f5:31:18:fb:38:87:79:00:73:48:1e:9e:67:99:0b:
                    c2:5f:3a:3b:93:1f:b9:40:f3:f3:9f:49:e9:a0:b3:
                    2d:fb:5c:5e:af:fe:66:4c:91:f0:3a:85:cc:a2:10:
                    a2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:4D:96:EE:B9:74:B1:7B:AD:CB:66:EB:C2:7C:11:76:3F:8B:17:7E
            X509v3 Authority Key Identifier:
                keyid:DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/pk2W7rl0sXuty2brwnwRdj-LF34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.86.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         79:26:3f:b1:a1:24:8b:40:85:0b:c0:c5:11:56:e7:e5:78:01:
         5b:a8:e2:18:1b:a7:6b:37:74:f5:92:88:99:46:b1:d0:a1:c8:
         23:8b:41:6e:4d:cb:c3:a8:cc:79:df:e9:8a:ab:d7:ef:ec:44:
         6b:f4:57:58:ab:91:50:65:5b:16:ec:50:35:a6:c6:51:09:f4:
         34:5e:5c:cd:5f:52:e5:87:70:88:47:c1:e0:0b:c0:a8:96:cf:
         8d:ae:df:5f:c3:fc:b9:4c:db:cf:70:4a:b8:b0:81:e8:26:84:
         99:b2:8a:51:63:c2:c7:41:a3:fa:48:67:15:09:b9:ed:0a:ff:
         27:78:af:74:1a:b2:76:da:bb:b0:9d:73:cf:f8:7d:aa:0f:0d:
         12:53:f1:b2:57:ca:17:a2:15:69:a3:fb:44:02:10:ae:9f:03:
         f7:b8:0f:dc:1c:46:ad:ca:a7:ac:76:6d:40:4e:3c:84:82:2e:
         50:62:27:98:e6:78:e7:d3:0e:7e:ef:36:d9:ec:2c:e6:8c:b7:
         02:33:b7:89:20:57:ef:25:95:70:1c:2f:d6:83:bb:87:69:6f:
         93:46:5f:b4:b6:72:e3:97:97:94:d3:22:fa:1d:26:43:68:1b:
         1c:41:f0:3d:e0:17:0a:90:47:17:8d:f2:bb:36:40:ac:cf:07:
         9c:b9:fb:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnvJcefPzn4BYINvWLM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYmYzNzkwOWNlMTdiYTUzYWQ5MGE4NjMyMzc3YTVkOTM4
NzQzZTUwHhcNMjQwMTAyMTIzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjRkOTZlZWI5NzRiMTdiYWRjYjY2ZWJjMjdjMTE3NjNmOGIxNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5J08OF+7/UpuV4pN6TTaW7sIe8a
LM+Dk+UzHUEva6MDe8NWqRMnVmHHdG42Fkbb/U4c4hTObZVi4UFTJL+O+qQrjobB
HsNolodaCA+diPGeBUbPCKIW7wQbZv8wX3UGRiZytfrJf1p0eWPAtXd2Z5sSQEZ+
wToByrex+lwPP+mEWRwiB+uUYQnC7v17ROzmaJKSmN3BU0rqmFJEYWf6BalfmJUM
1qiZ9S5Y6Wg87IbaYb7x92529DYaaop5JeCFw1Mx/bNr+JUu8uynBH5wgO31MRj7
OId5AHNIHp5nmQvCXzo7kx+5QPPzn0npoLMt+1xer/5mTJHwOoXMohCi2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZNlu65dLF7rctm68J8EXY/ixd+MB8GA1UdIwQY
MBaAFNu/N5Cc4XulOtkKhjI3el2Th0PlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2Ut
ODIyZWE0M2RjMThkLzEvcGsyVzdybDBzWHV0eTJicndud1Jkai1MRjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2UtODIyZWE0M2RjMThk
LzEvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUlZwMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Jj+xoSSLQIULwMURVufleAFbqOIYG6drN3T1koiZ
RrHQocgji0FuTcvDqMx53+mKq9fv7ERr9FdYq5FQZVsW7FA1psZRCfQ0XlzNX1Ll
h3CIR8HgC8Cols+Nrt9fw/y5TNvPcEq4sIHoJoSZsopRY8LHQaP6SGcVCbntCv8n
eK90GrJ22ruwnXPP+H2qDw0SU/GyV8oXohVpo/tEAhCunwP3uA/cHEatyqesdm1A
TjyEgi5QYieY5njn0w5+7zbZ7CzmjLcCM7eJIFfvJZVwHC/Wg7uHaW+TRl+0tnLj
l5eU0yL6HSZDaBscQfA94BcKkEcXjfK7NkCszwecufvL
-----END CERTIFICATE-----