Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ioQkeezjgIT_3NXpuEVfTFN0tbw.roa
File:                     ioQkeezjgIT_3NXpuEVfTFN0tbw.roa (raw, json)
Hash identifier:          niU+vfdILk8jq5derlJMQ/Xi79USlIgAtIucaa2nKMk=
Subject key identifier:   8A:84:24:79:EC:E3:80:84:FF:DC:D5:E9:B8:45:5F:4C:53:74:B5:BC
Certificate issuer:       /CN=ced755733e91203a17c3093ca5d9cb0392d94f61
Certificate serial:       018CC3B6F76074983F775F05F33D9EF2B59D
Authority key identifier: CE:D7:55:73:3E:91:20:3A:17:C3:09:3C:A5:D9:CB:03:92:D9:4F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ztdVcz6RIDoXwwk8pdnLA5LZT2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ioQkeezjgIT_3NXpuEVfTFN0tbw.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21320
IP address blocks:        83.97.88.0/21 maxlen: 21
                          2001:799::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ztdVcz6RIDoXwwk8pdnLA5LZT2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ztdVcz6RIDoXwwk8pdnLA5LZT2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ztdVcz6RIDoXwwk8pdnLA5LZT2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f7:60:74:98:3f:77:5f:05:f3:3d:9e:f2:b5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ced755733e91203a17c3093ca5d9cb0392d94f61
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a842479ece38084ffdcd5e9b8455f4c5374b5bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2d:79:b1:0c:a2:b2:64:ff:e6:16:78:70:8c:
                    5f:51:fb:8d:29:cf:08:f9:a8:f2:00:c7:d0:c6:8c:
                    e0:98:0c:40:c9:2c:01:d6:5b:e1:76:07:a5:19:9b:
                    a1:7b:32:6b:34:ef:5b:04:23:43:d3:e7:07:d3:7a:
                    07:a6:96:74:61:54:47:e9:c0:2e:d5:d2:27:4a:8b:
                    b1:ac:40:5e:69:7b:38:0f:63:8c:ca:6d:a8:05:82:
                    84:48:cd:50:d2:04:5d:91:bc:09:9c:07:98:30:03:
                    f1:6c:29:d6:d0:bd:99:99:14:61:1a:95:a6:3b:00:
                    8e:d9:35:a5:60:4c:cf:47:29:07:fb:4e:69:55:bc:
                    f5:e8:5a:13:07:c8:c7:1d:90:06:83:65:92:7c:15:
                    a3:8d:94:a9:92:d0:2e:90:65:d2:35:78:0f:8b:c8:
                    73:42:93:c7:db:dd:cf:01:19:82:b6:83:62:3f:e2:
                    7e:53:ef:54:67:d1:2d:a7:5d:fc:14:08:8f:2b:e5:
                    e9:1d:d3:5a:0f:87:92:f5:1b:b3:bd:46:b6:2a:4a:
                    d2:f3:14:d5:2d:a1:cb:c2:54:4e:2a:53:91:77:88:
                    e2:58:eb:08:5c:65:05:99:2b:b5:19:b7:f3:8c:e8:
                    f3:c2:4e:8b:03:30:ef:e7:60:1f:9c:12:4b:8e:a7:
                    7a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:84:24:79:EC:E3:80:84:FF:DC:D5:E9:B8:45:5F:4C:53:74:B5:BC
            X509v3 Authority Key Identifier:
                keyid:CE:D7:55:73:3E:91:20:3A:17:C3:09:3C:A5:D9:CB:03:92:D9:4F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ztdVcz6RIDoXwwk8pdnLA5LZT2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ioQkeezjgIT_3NXpuEVfTFN0tbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ztdVcz6RIDoXwwk8pdnLA5LZT2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.88.0/21
                IPv6:
                  2001:799::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:63:e9:bf:9b:28:18:cf:0a:85:ab:e8:95:c7:18:38:fd:a9:
         5c:5e:ad:ff:26:58:3a:c7:02:94:d3:9b:84:41:8c:5a:8c:68:
         1f:66:8c:b5:4a:1b:8d:0f:90:48:85:51:df:07:1b:fe:09:67:
         96:bf:bf:21:c1:ad:a5:e9:70:17:00:e0:44:de:db:3e:7f:04:
         7f:cb:67:f7:2b:4d:84:e9:81:23:ed:a8:6e:47:78:27:17:37:
         71:44:60:1f:10:c2:eb:6c:ea:b5:c3:97:53:bb:53:ed:6f:58:
         43:8d:fa:fc:3c:d0:fe:99:af:a3:cb:b2:c7:7f:e1:07:0d:ef:
         09:1b:45:fc:15:ba:18:d6:5d:d5:c0:2d:81:cb:9b:99:af:9c:
         3b:7b:ee:ac:cf:af:4a:b7:ea:70:a5:cf:4e:0c:92:fd:67:f6:
         9f:b6:ab:ca:22:a8:9f:10:d4:2a:f8:68:99:66:85:9b:ff:3e:
         16:a7:fa:da:b2:4c:32:28:53:a7:aa:44:a2:30:8e:10:59:35:
         15:44:41:8c:22:60:ae:c9:07:f6:81:a4:38:f6:20:ab:f5:04:
         ac:3f:c1:b2:c3:0a:07:11:8e:4b:d9:b1:6d:33:d6:3d:fd:18:
         52:4d:0c:42:52:21:26:ca:1a:4f:ca:57:71:26:47:ec:e1:07:
         51:42:17:fd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtvdgdJg/d18F8z2e8rWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZDc1NTczM2U5MTIwM2ExN2MzMDkzY2E1ZDljYjAzOTJk
OTRmNjEwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTg0MjQ3OWVjZTM4MDg0ZmZkY2Q1ZTliODQ1NWY0YzUzNzRiNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC15sQyismT/5hZ4cIxfUfuNKc8I
+ajyAMfQxozgmAxAySwB1lvhdgelGZuhezJrNO9bBCND0+cH03oHppZ0YVRH6cAu
1dInSouxrEBeaXs4D2OMym2oBYKESM1Q0gRdkbwJnAeYMAPxbCnW0L2ZmRRhGpWm
OwCO2TWlYEzPRykH+05pVbz16FoTB8jHHZAGg2WSfBWjjZSpktAukGXSNXgPi8hz
QpPH293PARmCtoNiP+J+U+9UZ9Etp138FAiPK+XpHdNaD4eS9RuzvUa2KkrS8xTV
LaHLwlROKlORd4jiWOsIXGUFmSu1GbfzjOjzwk6LAzDv52AfnBJLjqd6gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIqEJHns44CE/9zV6bhFX0xTdLW8MB8GA1UdIwQY
MBaAFM7XVXM+kSA6F8MJPKXZywOS2U9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenRkVmN6NlJJRG9Yd3drOHBkbkxBNUxaVDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMmY2MWEtMTVmOS00YzZiLTkwZTUt
ZWY0YjY1OWVmZjhkLzEvaW9Ra2VlempnSVRfM05YcHVFVmZURk4wdGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMmY2MWEtMTVmOS00YzZiLTkwZTUtZWY0YjY1OWVmZjhk
LzEvenRkVmN6NlJJRG9Yd3drOHBkbkxBNUxaVDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU2FYMA0E
AgACMAcDBQAgAQeZMA0GCSqGSIb3DQEBCwUAA4IBAQCqY+m/mygYzwqFq+iVxxg4
/alcXq3/Jlg6xwKU05uEQYxajGgfZoy1ShuND5BIhVHfBxv+CWeWv78hwa2l6XAX
AOBE3ts+fwR/y2f3K02E6YEj7ahuR3gnFzdxRGAfEMLrbOq1w5dTu1Ptb1hDjfr8
PND+ma+jy7LHf+EHDe8JG0X8FboY1l3VwC2By5uZr5w7e+6sz69Kt+pwpc9ODJL9
Z/aftqvKIqifENQq+GiZZoWb/z4Wp/raskwyKFOnqkSiMI4QWTUVREGMImCuyQf2
gaQ49iCr9QSsP8GywwoHEY5L2bFtM9Y9/RhSTQxCUiEmyhpPyldxJkfs4QdRQhf9
-----END CERTIFICATE-----