Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/HqWvQSFfiC3PQtV6qiSlh1Q2P4E.roa
File:                     HqWvQSFfiC3PQtV6qiSlh1Q2P4E.roa (raw, json)
Hash identifier:          cKAeRRFornRhUeU5lmN7yMAyt+NULVFJyi1IL4s8J5I=
Subject key identifier:   1E:A5:AF:41:21:5F:88:2D:CF:42:D5:7A:AA:24:A5:87:54:36:3F:81
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       0192896B6E5E73FEE94B534F88DB9D56621B
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/HqWvQSFfiC3PQtV6qiSlh1Q2P4E.roa
Signing time:             Mon 14 Oct 2024 05:06:12 +0000
ROA not before:           Mon 14 Oct 2024 05:06:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39238
IP address blocks:        83.217.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:89:6b:6e:5e:73:fe:e9:4b:53:4f:88:db:9d:56:62:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Oct 14 05:06:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ea5af41215f882dcf42d57aaa24a58754363f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:03:c6:2a:73:73:82:49:3f:18:64:61:09:30:
                    46:59:51:8b:66:64:69:eb:29:f4:6e:f3:77:c7:43:
                    ab:72:6e:f4:80:15:22:0e:4e:bc:62:52:e8:8e:5f:
                    21:2d:ed:18:d9:aa:13:74:40:ce:56:7b:a2:a8:b7:
                    d0:c7:3c:b4:34:f8:0d:75:46:a9:ff:9b:48:2d:04:
                    ff:7e:da:3e:d0:ab:f3:3a:05:57:bf:4f:14:f5:b2:
                    4d:f6:7d:8a:91:f9:a5:fa:59:e5:96:7c:2a:44:7f:
                    89:40:c2:ab:24:86:18:8e:39:96:5c:8d:9f:75:71:
                    cf:85:8a:9a:94:54:9e:b6:67:b6:35:ea:58:f5:91:
                    ed:16:89:ec:97:67:c0:ed:5a:71:2d:85:59:9e:d1:
                    50:e2:58:71:d5:db:e7:e5:f8:be:59:d0:79:ef:50:
                    6f:49:55:c8:a3:89:80:65:e3:ed:04:a8:1d:78:07:
                    78:1a:b0:90:78:4a:2e:86:8b:9e:41:4d:00:fd:09:
                    fa:86:75:37:12:4d:a9:14:0b:9c:7d:f6:cf:4a:3a:
                    bf:cc:b0:e9:dc:6d:1a:94:44:86:19:74:37:2e:2e:
                    50:90:f0:f9:93:af:68:ff:ac:a5:1c:67:c3:05:35:
                    db:9f:4f:07:13:90:96:27:0b:14:56:1d:62:e8:8f:
                    95:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A5:AF:41:21:5F:88:2D:CF:42:D5:7A:AA:24:A5:87:54:36:3F:81
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/HqWvQSFfiC3PQtV6qiSlh1Q2P4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:ab:43:eb:e3:b0:87:81:07:9d:22:23:de:71:50:ff:8d:ce:
         5d:b0:b6:63:5f:c6:21:6c:38:e6:4c:d7:7c:1e:3d:fa:12:8a:
         af:ec:71:9e:a8:99:07:bf:89:c9:94:63:59:05:86:95:e9:aa:
         68:ce:1d:66:2a:ed:6e:88:bf:f6:89:50:91:13:89:ef:72:a2:
         e8:95:76:9a:00:98:49:bb:43:04:95:6d:e3:fe:18:40:63:ae:
         e1:b7:58:d0:94:fa:61:cd:ac:57:08:be:81:a1:e6:da:f5:d4:
         e8:45:63:5d:48:fd:76:f0:13:f5:bd:04:4d:9c:13:f1:3a:12:
         af:93:f2:ee:20:01:58:65:f3:70:4e:ff:4f:e4:c5:fa:f9:28:
         12:ca:b1:4a:20:9b:34:6d:ee:c1:3a:bf:50:f8:cd:1e:a4:c2:
         75:46:15:e3:ce:ff:20:99:e0:e0:6c:b1:a1:21:c6:76:c4:7e:
         b4:ce:8b:c6:49:55:f4:7b:16:f8:46:5d:37:ee:58:64:11:96:
         34:d3:ff:5e:dd:8d:5b:d8:2c:3c:37:1c:d1:9d:fa:8e:1b:3a:
         39:35:df:28:c5:b2:68:8c:d2:12:49:21:ac:c7:40:2f:3c:f4:
         2c:b4:8e:74:74:ce:9b:24:08:4e:50:50:c4:9a:a0:89:fe:5d:
         74:a9:df:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKJa25ec/7pS1NPiNudVmIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQxMDE0MDUwNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWE1YWY0MTIxNWY4ODJkY2Y0MmQ1N2FhYTI0YTU4NzU0MzYzZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wPGKnNzgkk/GGRhCTBGWVGLZmRp
6yn0bvN3x0Orcm70gBUiDk68YlLojl8hLe0Y2aoTdEDOVnuiqLfQxzy0NPgNdUap
/5tILQT/fto+0KvzOgVXv08U9bJN9n2Kkfml+lnllnwqRH+JQMKrJIYYjjmWXI2f
dXHPhYqalFSetme2NepY9ZHtFonsl2fA7VpxLYVZntFQ4lhx1dvn5fi+WdB571Bv
SVXIo4mAZePtBKgdeAd4GrCQeEouhoueQU0A/Qn6hnU3Ek2pFAucffbPSjq/zLDp
3G0alESGGXQ3Li5QkPD5k69o/6ylHGfDBTXbn08HE5CWJwsUVh1i6I+V0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6lr0EhX4gtz0LVeqokpYdUNj+BMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvSHFXdlFTRmZpQzNQUXRWNnFpU2xoMVEyUDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU9kEMA0G
CSqGSIb3DQEBCwUAA4IBAQC0q0Pr47CHgQedIiPecVD/jc5dsLZjX8YhbDjmTNd8
Hj36Eoqv7HGeqJkHv4nJlGNZBYaV6apozh1mKu1uiL/2iVCRE4nvcqLolXaaAJhJ
u0MElW3j/hhAY67ht1jQlPphzaxXCL6Boeba9dToRWNdSP128BP1vQRNnBPxOhKv
k/LuIAFYZfNwTv9P5MX6+SgSyrFKIJs0be7BOr9Q+M0epMJ1RhXjzv8gmeDgbLGh
IcZ2xH60zovGSVX0exb4Rl037lhkEZY00/9e3Y1b2Cw8NxzRnfqOGzo5Nd8oxbJo
jNISSSGsx0AvPPQstI50dM6bJAhOUFDEmqCJ/l10qd+g
-----END CERTIFICATE-----