Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/hQ0GDhf9AxjI0Uy3GPqi3vniKKA.roa
File:                     hQ0GDhf9AxjI0Uy3GPqi3vniKKA.roa (raw, json)
Hash identifier:          qgdkMj2aqmOKQfqyt9xlr2aOgDNDbwpVbx7wAUtgjy8=
Subject key identifier:   85:0D:06:0E:17:FD:03:18:C8:D1:4C:B7:18:FA:A2:DE:F9:E2:28:A0
Certificate issuer:       /CN=5af662b3f3dc8312b1b6bc917f0af00622775355
Certificate serial:       018CC8DEA64F604D423BF76683218228FA07
Authority key identifier: 5A:F6:62:B3:F3:DC:83:12:B1:B6:BC:91:7F:0A:F0:06:22:77:53:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WvZis_PcgxKxtryRfwrwBiJ3U1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/hQ0GDhf9AxjI0Uy3GPqi3vniKKA.roa
Signing time:             Tue 02 Jan 2024 06:31:23 +0000
ROA not before:           Tue 02 Jan 2024 06:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31056
IP address blocks:        83.97.40.0/21 maxlen: 21
                          83.97.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/WvZis_PcgxKxtryRfwrwBiJ3U1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/WvZis_PcgxKxtryRfwrwBiJ3U1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WvZis_PcgxKxtryRfwrwBiJ3U1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a6:4f:60:4d:42:3b:f7:66:83:21:82:28:fa:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5af662b3f3dc8312b1b6bc917f0af00622775355
        Validity
            Not Before: Jan  2 06:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850d060e17fd0318c8d14cb718faa2def9e228a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c3:7a:9d:c1:11:d6:c4:e1:61:8f:02:51:08:
                    84:52:d0:70:b4:16:d7:f5:10:8b:11:d4:ae:6f:a1:
                    c6:96:a0:c5:3e:5c:e0:f5:cf:b2:53:4f:33:4e:71:
                    89:80:2d:63:48:5b:3f:55:fb:44:0d:d5:32:c1:5e:
                    ef:7a:1e:53:cf:e5:c4:0d:a9:ac:ae:21:8a:ce:41:
                    00:57:00:d7:77:ef:4d:91:e7:0d:89:79:f7:38:ca:
                    24:74:07:9b:cf:b7:4f:a8:87:6c:2e:4e:ed:97:8e:
                    02:0a:17:c5:76:44:43:d1:5e:aa:43:36:3c:a5:bd:
                    06:60:a2:a3:cc:60:c0:6f:e5:b4:32:b0:8f:47:ef:
                    c4:b3:7b:bd:69:39:9e:98:ed:26:ff:30:96:79:17:
                    f9:cf:bc:8a:db:ce:f6:fc:5b:5b:44:a6:24:70:31:
                    9a:2c:ae:0c:65:14:cf:f6:e5:74:2c:85:5d:24:6d:
                    60:cc:ae:81:04:4e:ca:44:f6:c2:76:82:04:f2:05:
                    94:e8:98:b7:85:cb:72:76:f4:f7:0b:7e:4a:89:ac:
                    d9:4c:be:ac:2c:f2:06:65:64:fa:80:df:02:23:c0:
                    57:11:8c:2d:db:21:2c:26:c4:a3:3b:aa:26:de:98:
                    0d:41:f0:08:80:2b:79:51:fe:cc:c9:2a:10:7e:8b:
                    7c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0D:06:0E:17:FD:03:18:C8:D1:4C:B7:18:FA:A2:DE:F9:E2:28:A0
            X509v3 Authority Key Identifier:
                keyid:5A:F6:62:B3:F3:DC:83:12:B1:B6:BC:91:7F:0A:F0:06:22:77:53:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WvZis_PcgxKxtryRfwrwBiJ3U1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/hQ0GDhf9AxjI0Uy3GPqi3vniKKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/WvZis_PcgxKxtryRfwrwBiJ3U1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.40.0-83.97.55.255

    Signature Algorithm: sha256WithRSAEncryption
         26:2e:a3:0d:70:bc:e1:a0:f5:5f:9d:48:ca:15:cf:c5:b1:f7:
         33:d8:95:22:10:29:10:f4:81:e8:ed:b6:00:c8:01:d4:93:2f:
         8b:27:00:32:97:f8:7f:80:0b:3d:ff:94:76:be:4f:a5:8d:18:
         92:1e:60:6f:cc:57:48:ab:26:db:19:ff:e3:a9:2b:2d:7e:cb:
         4f:ab:89:38:2b:33:86:88:00:1b:12:ec:27:ab:b3:18:b3:6a:
         b5:64:34:49:8b:a6:f9:3b:8c:e4:51:d2:1f:40:63:1b:71:96:
         cb:d8:99:07:4d:a0:81:d9:8b:c1:15:ee:dc:05:27:0f:ff:83:
         01:a5:4a:9a:e4:21:54:e8:c2:d5:96:de:9c:28:78:e2:b4:10:
         18:f4:6d:3b:b3:17:4a:67:6f:88:ae:3f:ec:a4:f1:99:91:ec:
         0a:74:4c:2a:2e:2b:2a:af:24:2c:77:94:14:b3:0d:fd:ed:d5:
         5e:b9:16:1b:6a:64:c2:a3:82:f9:90:34:6a:45:40:2b:91:6c:
         3a:70:17:88:ab:6e:9f:8c:17:0a:7d:7c:e4:12:84:6e:06:c7:
         05:df:d7:b4:6f:e3:6e:63:14:6c:7a:3c:50:dc:69:92:7e:49:
         fe:e3:1c:96:f8:5f:f6:11:01:67:ef:be:08:97:43:86:39:3f:
         24:76:96:de
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3qZPYE1CO/dmgyGCKPoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZjY2MmIzZjNkYzgzMTJiMWI2YmM5MTdmMGFmMDA2MjI3
NzUzNTUwHhcNMjQwMTAyMDYzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTBkMDYwZTE3ZmQwMzE4YzhkMTRjYjcxOGZhYTJkZWY5ZTIyOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMN6ncER1sThYY8CUQiEUtBwtBbX
9RCLEdSub6HGlqDFPlzg9c+yU08zTnGJgC1jSFs/VftEDdUywV7veh5Tz+XEDams
riGKzkEAVwDXd+9NkecNiXn3OMokdAebz7dPqIdsLk7tl44CChfFdkRD0V6qQzY8
pb0GYKKjzGDAb+W0MrCPR+/Es3u9aTmemO0m/zCWeRf5z7yK2872/FtbRKYkcDGa
LK4MZRTP9uV0LIVdJG1gzK6BBE7KRPbCdoIE8gWU6Ji3hctydvT3C35KiazZTL6s
LPIGZWT6gN8CI8BXEYwt2yEsJsSjO6om3pgNQfAIgCt5Uf7MySoQfot8mQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIUNBg4X/QMYyNFMtxj6ot754iigMB8GA1UdIwQY
MBaAFFr2YrPz3IMSsba8kX8K8AYid1NVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3ZaaXNfUGNneEt4dHJ5UmZ3cndCaUozVTFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jYjQ2MjEtNDcxMC00YzRjLTg1YmEt
ODcxY2Y0MDk3NzQ2LzEvaFEwR0RoZjlBeGpJMFV5M0dQcWkzdm5pS0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jYjQ2MjEtNDcxMC00YzRjLTg1YmEtODcxY2Y0MDk3NzQ2
LzEvV3ZaaXNfUGNneEt4dHJ5UmZ3cndCaUozVTFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANTYSgD
BANTYTAwDQYJKoZIhvcNAQELBQADggEBACYuow1wvOGg9V+dSMoVz8Wx9zPYlSIQ
KRD0gejttgDIAdSTL4snADKX+H+ACz3/lHa+T6WNGJIeYG/MV0irJtsZ/+OpKy1+
y0+riTgrM4aIABsS7CersxizarVkNEmLpvk7jORR0h9AYxtxlsvYmQdNoIHZi8EV
7twFJw//gwGlSprkIVTowtWW3pwoeOK0EBj0bTuzF0pnb4iuP+yk8ZmR7Ap0TCou
KyqvJCx3lBSzDf3t1V65FhtqZMKjgvmQNGpFQCuRbDpwF4irbp+MFwp9fOQShG4G
xwXf17Rv425jFGx6PFDcaZJ+Sf7jHJb4X/YRAWfvvgiXQ4Y5PyR2lt4=
-----END CERTIFICATE-----