Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/B5wkeGWZjqgz1y_Wsk4MaKTCZiQ.roa
File:                     B5wkeGWZjqgz1y_Wsk4MaKTCZiQ.roa (raw, json)
Hash identifier:          ygucH/c6MgSrKR9IgUN2NMGsbIDgc3W5HpOJEaJUGPw=
Subject key identifier:   07:9C:24:78:65:99:8E:A8:33:D7:2F:D6:B2:4E:0C:68:A4:C2:66:24
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       01941F8C60A701ABA8806E39615AD78607FD
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/B5wkeGWZjqgz1y_Wsk4MaKTCZiQ.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48642
IP address blocks:        83.217.14.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:a7:01:ab:a8:80:6e:39:61:5a:d7:86:07:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=079c247865998ea833d72fd6b24e0c68a4c26624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f3:97:41:b6:bc:45:3f:dd:78:dd:c7:cf:b6:
                    b7:5c:79:a6:43:84:ea:8e:0c:6f:33:34:75:62:0c:
                    90:07:4d:8b:bb:69:90:db:23:87:3d:b3:95:52:dc:
                    c4:2c:3e:48:28:eb:21:3f:3b:8e:9a:a4:3c:40:48:
                    23:82:e4:38:ca:46:02:73:50:58:aa:6f:f9:20:a0:
                    b4:70:59:e8:e1:35:ef:37:a4:aa:b9:b9:72:72:74:
                    02:6c:27:1f:57:e1:ce:05:bd:2c:86:ab:ef:70:88:
                    2d:6d:fb:35:10:7a:c8:33:18:e1:49:3e:45:e8:81:
                    dc:13:a8:bd:69:cc:51:34:f2:7d:4c:b7:ab:cc:00:
                    d9:11:0d:6b:73:22:c1:19:d8:6a:b3:67:66:0b:d3:
                    37:19:5f:2a:19:76:e7:85:12:00:ec:df:6f:69:49:
                    0f:91:cf:12:9a:01:a2:96:16:fc:ec:89:f4:ca:a3:
                    57:25:ad:5e:aa:e4:24:47:86:81:c0:b1:eb:6c:5b:
                    19:37:97:c6:dd:02:4c:b4:db:48:8d:5e:6b:c7:e0:
                    1d:6f:fb:4f:bf:b6:c2:6b:70:e0:64:88:f2:db:ad:
                    67:ba:aa:c7:fd:2a:c8:76:78:45:31:1f:09:9c:70:
                    02:3e:1d:cb:4c:e1:cd:1c:90:63:61:cc:a5:e9:d1:
                    89:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:9C:24:78:65:99:8E:A8:33:D7:2F:D6:B2:4E:0C:68:A4:C2:66:24
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/B5wkeGWZjqgz1y_Wsk4MaKTCZiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:8e:72:85:ed:98:41:29:9b:c0:3a:a1:20:53:b4:e7:ec:4c:
         8d:53:95:5d:f4:7c:f7:6a:24:82:38:93:0d:22:63:9b:5d:47:
         5b:42:1a:a4:1e:a6:a4:51:0c:2a:79:c7:f3:14:57:ce:f5:36:
         4c:68:0a:4c:2d:23:34:3d:b1:e8:4d:a6:26:ce:1b:33:56:47:
         0d:d1:61:71:30:96:58:3c:f8:f3:c1:da:9a:8e:74:72:ec:71:
         5f:34:2c:c2:62:fc:dc:c4:41:07:2a:a8:cc:ef:d1:ff:d3:8c:
         e3:88:4d:ed:54:1c:f4:b4:f8:ef:43:04:3d:05:bc:15:d9:bb:
         21:08:ef:2a:74:81:e0:b3:0c:13:38:d8:97:86:b2:6a:5e:0b:
         89:be:c4:d5:f6:de:cb:38:ab:c9:93:15:46:79:b8:17:39:ee:
         e1:a8:71:20:b3:9f:4d:9f:f0:58:14:f4:db:c3:fd:c7:c0:05:
         7e:f6:76:f9:ad:96:a5:03:2b:f2:90:aa:43:94:30:75:91:11:
         31:d8:69:4a:d8:ef:57:b8:c5:66:5f:87:bb:c8:93:50:39:40:
         8c:6d:3a:af:12:68:de:a7:b7:b8:6d:ee:b7:0b:a8:5c:bf:04:
         71:b9:32:03:06:cb:65:e1:44:cb:e1:e5:32:88:d6:72:ee:d9:
         dc:84:a0:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGCnAauogG45YVrXhgf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzljMjQ3ODY1OTk4ZWE4MzNkNzJmZDZiMjRlMGM2OGE0YzI2NjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPOXQba8RT/deN3Hz7a3XHmmQ4Tq
jgxvMzR1YgyQB02Lu2mQ2yOHPbOVUtzELD5IKOshPzuOmqQ8QEgjguQ4ykYCc1BY
qm/5IKC0cFno4TXvN6SqublycnQCbCcfV+HOBb0shqvvcIgtbfs1EHrIMxjhST5F
6IHcE6i9acxRNPJ9TLerzADZEQ1rcyLBGdhqs2dmC9M3GV8qGXbnhRIA7N9vaUkP
kc8SmgGilhb87In0yqNXJa1equQkR4aBwLHrbFsZN5fG3QJMtNtIjV5rx+Adb/tP
v7bCa3DgZIjy261nuqrH/SrIdnhFMR8JnHACPh3LTOHNHJBjYcyl6dGJLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAecJHhlmY6oM9cv1rJODGikwmYkMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvQjV3a2VHV1pqcWd6MXlfV3NrNE1hS1RDWmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU9kOMA0G
CSqGSIb3DQEBCwUAA4IBAQBEjnKF7ZhBKZvAOqEgU7Tn7EyNU5Vd9Hz3aiSCOJMN
ImObXUdbQhqkHqakUQwqecfzFFfO9TZMaApMLSM0PbHoTaYmzhszVkcN0WFxMJZY
PPjzwdqajnRy7HFfNCzCYvzcxEEHKqjM79H/04zjiE3tVBz0tPjvQwQ9BbwV2bsh
CO8qdIHgswwTONiXhrJqXguJvsTV9t7LOKvJkxVGebgXOe7hqHEgs59Nn/BYFPTb
w/3HwAV+9nb5rZalAyvykKpDlDB1kREx2GlK2O9XuMVmX4e7yJNQOUCMbTqvEmje
p7e4be63C6hcvwRxuTIDBstl4UTL4eUyiNZy7tnchKBS
-----END CERTIFICATE-----