Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/6RkSnq1YobTmQ_SgAx2wlTkM2hY.roa
File:                     6RkSnq1YobTmQ_SgAx2wlTkM2hY.roa (raw, json)
Hash identifier:          Qt/KZiThTuHL2rOKsl4Ng5FOwbzizcKz0/dUQrpTSQc=
Subject key identifier:   E9:19:12:9E:AD:58:A1:B4:E6:43:F4:A0:03:1D:B0:95:39:0C:DA:16
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       01941F8C60438753B74CCFB75875B0B35D9D
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/6RkSnq1YobTmQ_SgAx2wlTkM2hY.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39238
IP address blocks:        83.217.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:43:87:53:b7:4c:cf:b7:58:75:b0:b3:5d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e919129ead58a1b4e643f4a0031db095390cda16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:80:77:8b:ce:2d:5d:84:bc:d6:0d:f3:ce:c7:
                    6e:94:31:53:f5:78:65:f4:ae:98:17:b0:d8:4e:4a:
                    fc:e8:d1:d2:be:b2:ec:cf:ae:c7:26:3e:73:30:7a:
                    fb:fc:cb:33:bf:7b:5d:8f:25:6c:fa:da:87:4a:1a:
                    99:ec:61:2e:68:13:32:f1:07:aa:32:67:48:9b:4b:
                    3a:0f:8f:36:c8:fb:2c:52:94:ff:26:5c:4e:36:55:
                    86:c4:26:3e:27:b9:3b:0c:c3:ae:da:14:42:83:c7:
                    6e:44:75:25:16:c5:20:0f:38:f8:f8:18:4b:46:59:
                    21:71:52:3b:ad:1f:5c:5d:80:fb:8c:d7:20:6e:c2:
                    b7:72:87:cd:4c:14:73:a0:08:26:72:eb:a7:30:e8:
                    04:0b:b4:93:a5:cb:27:0c:6b:70:9a:1f:e6:18:b2:
                    43:38:7d:1f:46:2d:01:e0:c2:1b:bb:fe:6c:a7:e3:
                    9c:7d:d2:7d:40:34:65:2a:d4:4b:77:da:2d:a3:80:
                    0f:76:13:6a:30:52:72:e8:ba:1c:90:a9:26:7b:0a:
                    10:07:6a:78:23:eb:77:e2:27:05:68:12:cc:f9:a2:
                    32:11:67:8e:ca:ba:db:b1:5d:4d:eb:df:31:2a:cd:
                    da:a5:14:6b:09:0c:f3:d7:c1:2f:09:27:a6:28:72:
                    c6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:19:12:9E:AD:58:A1:B4:E6:43:F4:A0:03:1D:B0:95:39:0C:DA:16
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/6RkSnq1YobTmQ_SgAx2wlTkM2hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:d8:28:9c:29:55:30:91:15:cb:17:1b:24:c3:37:af:a7:75:
         e3:ca:a0:a6:2a:2d:b7:06:36:76:8e:3a:09:d6:47:9c:4f:d0:
         5b:d9:48:ab:51:e1:b3:7e:2f:ad:51:59:fd:40:9a:c8:7b:e1:
         90:67:3c:3f:75:90:28:a0:c6:4c:c5:af:9e:44:5b:02:1b:b1:
         26:4b:47:cf:99:18:c3:22:39:dd:40:6b:90:85:dd:f8:49:42:
         0f:a7:65:7e:1d:92:e1:72:7f:fa:93:19:52:07:32:52:6d:97:
         2a:4f:ad:d1:f3:06:60:ac:34:11:c4:b8:6b:6e:e5:e7:12:11:
         b8:6c:94:65:21:02:e6:c8:7e:f1:42:2d:4d:7c:fa:30:c6:15:
         98:36:3b:62:d4:42:2a:23:03:86:40:97:d5:de:e9:a9:c9:75:
         bd:db:4f:29:1e:cf:74:81:8d:73:a0:d0:5c:73:3f:ef:90:ef:
         75:f3:4b:93:32:72:93:39:a2:2e:73:2c:ac:f3:9a:09:7a:4c:
         36:ed:c8:3a:dd:f3:f9:84:1c:c9:9b:62:7b:ff:94:0c:d2:73:
         4f:6e:00:1a:ec:13:0d:5d:ee:cf:e7:29:29:67:fc:c7:7c:6c:
         cf:f7:df:ae:7e:58:7a:f0:0f:b6:c5:01:96:1a:d7:b5:b4:7b:
         09:47:4e:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGBDh1O3TM+3WHWws12dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTE5MTI5ZWFkNThhMWI0ZTY0M2Y0YTAwMzFkYjA5NTM5MGNkYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoB3i84tXYS81g3zzsdulDFT9Xhl
9K6YF7DYTkr86NHSvrLsz67HJj5zMHr7/Mszv3tdjyVs+tqHShqZ7GEuaBMy8Qeq
MmdIm0s6D482yPssUpT/JlxONlWGxCY+J7k7DMOu2hRCg8duRHUlFsUgDzj4+BhL
RlkhcVI7rR9cXYD7jNcgbsK3cofNTBRzoAgmcuunMOgEC7STpcsnDGtwmh/mGLJD
OH0fRi0B4MIbu/5sp+OcfdJ9QDRlKtRLd9oto4APdhNqMFJy6LockKkmewoQB2p4
I+t34icFaBLM+aIyEWeOyrrbsV1N698xKs3apRRrCQzz18EvCSemKHLGGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkZEp6tWKG05kP0oAMdsJU5DNoWMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvNlJrU25xMVlvYlRtUV9TZ0F4MndsVGtNMmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU9kEMA0G
CSqGSIb3DQEBCwUAA4IBAQAN2CicKVUwkRXLFxskwzevp3XjyqCmKi23BjZ2jjoJ
1kecT9Bb2UirUeGzfi+tUVn9QJrIe+GQZzw/dZAooMZMxa+eRFsCG7EmS0fPmRjD
IjndQGuQhd34SUIPp2V+HZLhcn/6kxlSBzJSbZcqT63R8wZgrDQRxLhrbuXnEhG4
bJRlIQLmyH7xQi1NfPowxhWYNjti1EIqIwOGQJfV3umpyXW9208pHs90gY1zoNBc
cz/vkO9180uTMnKTOaIucyys85oJekw27cg63fP5hBzJm2J7/5QM0nNPbgAa7BMN
Xe7P5ykpZ/zHfGzP99+uflh68A+2xQGWGte1tHsJR04B
-----END CERTIFICATE-----