Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/71jPFzaEXhPrQdsgjzvD7s4oAsw.roa
File:                     71jPFzaEXhPrQdsgjzvD7s4oAsw.roa (raw, json)
Hash identifier:          /isN7pqXVvwtkLSNkOSdU9kYRh3jnQFSy5ekWcntfhQ=
Subject key identifier:   EF:58:CF:17:36:84:5E:13:EB:41:DB:20:8F:3B:C3:EE:CE:28:02:CC
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747F8B7EB4316EE80AD54BD0D207233
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/71jPFzaEXhPrQdsgjzvD7s4oAsw.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        83.147.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f8:b7:eb:43:16:ee:80:ad:54:bd:0d:20:72:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef58cf1736845e13eb41db208f3bc3eece2802cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:db:46:6e:b8:45:bc:5b:2b:61:5f:b3:40:91:
                    b6:6d:a8:94:cb:cf:10:6a:64:d5:36:cd:fa:b8:38:
                    3e:c1:b8:17:29:71:43:3f:04:da:2d:ef:36:34:04:
                    94:9b:d6:80:91:bc:df:da:f9:91:20:be:2d:92:23:
                    6b:88:e8:4d:54:31:81:27:4f:fa:2d:1b:e7:9b:00:
                    3d:70:97:d7:30:ae:a7:3c:34:9b:e5:09:73:48:d5:
                    59:86:a6:b9:53:cc:c3:0b:ae:af:b2:5c:60:20:9d:
                    31:8b:5b:43:c2:b3:4d:b0:1d:64:82:a6:ec:d8:48:
                    1b:60:f7:ff:ea:9c:99:71:23:1b:dc:4c:13:15:12:
                    9d:aa:ab:d9:57:80:e7:64:54:6d:1a:a3:6e:f6:53:
                    67:f7:07:9f:40:ca:76:d7:6e:64:5a:d2:3a:0a:3b:
                    c2:19:a9:e3:16:12:7d:f5:d8:ad:2b:5b:31:9b:b9:
                    e3:e8:fe:23:99:f0:52:ad:11:de:c2:58:0a:bf:d5:
                    2f:f5:2c:f8:d5:c9:32:49:4c:92:6e:55:5d:dd:2e:
                    4a:e2:6f:5f:08:3d:50:d0:74:56:fb:5b:87:78:5d:
                    95:58:28:8f:04:cf:da:b8:c9:48:37:f2:e7:d4:c3:
                    b4:06:ff:f0:5b:6d:4e:f8:6a:b3:06:09:41:26:13:
                    45:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:58:CF:17:36:84:5E:13:EB:41:DB:20:8F:3B:C3:EE:CE:28:02:CC
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/71jPFzaEXhPrQdsgjzvD7s4oAsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:28:f4:e6:95:36:d5:27:29:dc:c7:7c:20:cd:bd:8e:39:b6:
         08:42:ba:ed:b8:b4:27:b9:5d:10:92:c8:ab:32:9f:67:39:f0:
         45:26:31:e4:76:cf:03:a7:13:ba:47:c8:c2:7e:84:05:5a:cf:
         5b:67:66:be:2c:d0:54:fc:bb:12:b4:09:1c:b0:dc:30:30:3b:
         fb:81:6a:a7:d7:f9:d4:43:49:39:68:4f:7f:8a:e9:69:1a:32:
         b0:98:59:ac:09:cf:90:d9:4f:a8:21:f0:da:0c:01:4e:47:ad:
         66:1b:19:3e:98:db:21:64:42:4a:7f:17:4b:42:99:48:f3:e9:
         5a:c9:1a:2c:76:41:e6:6b:01:6c:9a:db:7f:a8:5c:f4:a0:6e:
         55:1a:8a:f6:09:f9:5e:3c:73:65:49:65:67:f8:6d:29:3b:81:
         02:1f:30:4b:a5:a7:4b:bd:58:c4:b6:ba:ca:4f:8d:ec:12:a0:
         2f:ad:54:7b:05:72:6b:0f:48:dc:79:a3:c6:a8:f4:4a:44:84:
         17:8d:f1:95:af:57:f2:e0:f5:65:1b:c7:55:8f:bd:9a:65:7f:
         16:55:66:b5:88:28:d4:eb:be:d2:22:77:27:ee:cc:e9:01:5a:
         c6:82:52:b6:3b:df:2f:6a:ef:6d:8a:dd:07:b6:ea:f5:20:5d:
         ce:da:45:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/i360MW7oCtVL0NIHIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU4Y2YxNzM2ODQ1ZTEzZWI0MWRiMjA4ZjNiYzNlZWNlMjgwMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdtGbrhFvFsrYV+zQJG2baiUy88Q
amTVNs36uDg+wbgXKXFDPwTaLe82NASUm9aAkbzf2vmRIL4tkiNriOhNVDGBJ0/6
LRvnmwA9cJfXMK6nPDSb5QlzSNVZhqa5U8zDC66vslxgIJ0xi1tDwrNNsB1kgqbs
2EgbYPf/6pyZcSMb3EwTFRKdqqvZV4DnZFRtGqNu9lNn9wefQMp2125kWtI6CjvC
GanjFhJ99ditK1sxm7nj6P4jmfBSrRHewlgKv9Uv9Sz41ckySUySblVd3S5K4m9f
CD1Q0HRW+1uHeF2VWCiPBM/auMlIN/Ln1MO0Bv/wW21O+GqzBglBJhNFEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9Yzxc2hF4T60HbII87w+7OKALMMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvNzFqUEZ6YUVYaFByUWRzZ2p6dkQ3czRvQXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5MoMA0G
CSqGSIb3DQEBCwUAA4IBAQAEKPTmlTbVJyncx3wgzb2OObYIQrrtuLQnuV0Qksir
Mp9nOfBFJjHkds8DpxO6R8jCfoQFWs9bZ2a+LNBU/LsStAkcsNwwMDv7gWqn1/nU
Q0k5aE9/iulpGjKwmFmsCc+Q2U+oIfDaDAFOR61mGxk+mNshZEJKfxdLQplI8+la
yRosdkHmawFsmtt/qFz0oG5VGor2CflePHNlSWVn+G0pO4ECHzBLpadLvVjEtrrK
T43sEqAvrVR7BXJrD0jceaPGqPRKRIQXjfGVr1fy4PVlG8dVj72aZX8WVWa1iCjU
677SIncn7szpAVrGglK2O98vau9tit0Htur1IF3O2kVk
-----END CERTIFICATE-----