Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/VcmeKjNn7gzMqQGIDYLR-pJ3L_Y.roa
File:                     VcmeKjNn7gzMqQGIDYLR-pJ3L_Y.roa (raw, json)
Hash identifier:          ONhUoEQjJdSArCPbwbDZSBR24r0FOp2gqRSvS5NkmAc=
Subject key identifier:   55:C9:9E:2A:33:67:EE:0C:CC:A9:01:88:0D:82:D1:FA:92:77:2F:F6
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       018CC64B860F9DA62BD11B80DA2080DE63C7
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/VcmeKjNn7gzMqQGIDYLR-pJ3L_Y.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        83.217.9.0/24 maxlen: 24
                          83.217.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:86:0f:9d:a6:2b:d1:1b:80:da:20:80:de:63:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55c99e2a3367ee0ccca901880d82d1fa92772ff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5d:8a:4b:c5:6e:fa:b5:12:3b:4e:fc:73:e0:
                    74:fe:8f:63:ae:55:ac:9c:0a:83:1a:fc:09:c9:8b:
                    b4:51:dc:00:b5:92:b7:92:26:fb:b1:16:f5:a9:58:
                    be:05:f7:cf:bb:56:fd:d5:f6:87:38:cd:d7:20:be:
                    1e:82:f0:df:0d:ca:63:86:49:98:af:c8:4e:cf:fb:
                    29:41:fd:2c:f7:28:7f:09:1d:62:3a:56:fd:32:9d:
                    52:c0:eb:db:9b:86:b9:75:31:bb:ed:bb:71:34:8a:
                    12:5f:53:4d:0f:21:35:bc:da:7b:5b:98:9d:3b:a3:
                    1d:60:5a:d1:ea:86:a8:5a:74:23:77:fd:a9:09:45:
                    21:1a:80:3a:25:e5:20:08:47:82:b1:4d:1e:8e:75:
                    0f:9c:8a:ec:69:4c:13:a7:3e:fd:a5:27:38:c0:87:
                    83:a3:34:43:ea:dd:ec:5d:14:bf:05:e9:16:23:49:
                    5a:04:9a:c9:66:1d:6b:97:32:e6:28:80:41:08:9f:
                    41:08:7f:2f:70:cd:20:3a:16:ad:17:a1:24:a5:11:
                    86:58:2e:cd:fc:09:ac:d2:b2:17:1a:b2:5c:fa:61:
                    99:f7:11:49:c1:fa:b7:33:9d:80:54:c5:1f:c4:94:
                    c3:d4:ef:ff:d2:ad:1d:99:72:25:28:01:d8:d7:62:
                    65:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C9:9E:2A:33:67:EE:0C:CC:A9:01:88:0D:82:D1:FA:92:77:2F:F6
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/VcmeKjNn7gzMqQGIDYLR-pJ3L_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.9.0/24
                  83.217.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b7:46:31:c2:4e:e9:aa:53:21:d1:87:2c:b7:fa:3b:7d:a5:
         b5:97:c6:39:09:f2:db:51:29:cc:3e:b3:96:4a:1c:22:54:74:
         df:58:95:fb:75:3d:50:3e:77:50:5d:62:a1:c2:2a:5d:0e:16:
         7d:1b:cb:34:9f:eb:7f:21:42:80:7a:6a:06:25:11:1c:98:8d:
         f1:c6:fb:80:50:6c:2f:e4:b2:36:ab:52:8f:d2:ea:2d:63:a5:
         d3:e0:98:43:c2:47:d9:6f:03:86:51:fc:4f:39:03:60:e8:bc:
         23:62:80:a0:d6:1d:a5:ca:0e:cd:af:ff:8c:98:51:1e:2c:e1:
         eb:2a:d2:cd:58:55:4d:4d:14:fe:09:04:53:e9:73:3d:7e:9a:
         70:69:eb:10:bd:84:b4:e7:e4:89:e0:7c:ec:ed:a7:af:73:b2:
         64:34:0e:e4:9c:d9:af:a6:48:ff:e3:41:0d:cd:a2:54:36:c5:
         45:74:24:1f:47:a5:03:2e:8e:ed:fc:eb:db:3f:06:e9:78:0b:
         22:28:57:10:f9:61:dc:81:80:e5:b3:71:c0:5c:9e:59:3d:63:
         72:44:2e:bb:b8:9c:1b:51:81:ca:76:bd:dd:ef:fe:96:e7:99:
         84:f3:20:87:62:db:51:85:e0:66:8b:34:03:7f:ed:e2:e8:58:
         66:14:65:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS4YPnaYr0RuA2iCA3mPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWM5OWUyYTMzNjdlZTBjY2NhOTAxODgwZDgyZDFmYTkyNzcyZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkl2KS8Vu+rUSO078c+B0/o9jrlWs
nAqDGvwJyYu0UdwAtZK3kib7sRb1qVi+BffPu1b91faHOM3XIL4egvDfDcpjhkmY
r8hOz/spQf0s9yh/CR1iOlb9Mp1SwOvbm4a5dTG77btxNIoSX1NNDyE1vNp7W5id
O6MdYFrR6oaoWnQjd/2pCUUhGoA6JeUgCEeCsU0ejnUPnIrsaUwTpz79pSc4wIeD
ozRD6t3sXRS/BekWI0laBJrJZh1rlzLmKIBBCJ9BCH8vcM0gOhatF6EkpRGGWC7N
/Ams0rIXGrJc+mGZ9xFJwfq3M52AVMUfxJTD1O//0q0dmXIlKAHY12JluQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXJniozZ+4MzKkBiA2C0fqSdy/2MB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvVmNtZUtqTm43Z3pNcVFHSURZTFItcEozTF9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU9kJAwQA
U9kLMA0GCSqGSIb3DQEBCwUAA4IBAQCFt0Yxwk7pqlMh0Ycst/o7faW1l8Y5CfLb
USnMPrOWShwiVHTfWJX7dT1QPndQXWKhwipdDhZ9G8s0n+t/IUKAemoGJREcmI3x
xvuAUGwv5LI2q1KP0uotY6XT4JhDwkfZbwOGUfxPOQNg6LwjYoCg1h2lyg7Nr/+M
mFEeLOHrKtLNWFVNTRT+CQRT6XM9fppwaesQvYS05+SJ4Hzs7aevc7JkNA7knNmv
pkj/40ENzaJUNsVFdCQfR6UDLo7t/OvbPwbpeAsiKFcQ+WHcgYDls3HAXJ5ZPWNy
RC67uJwbUYHKdr3d7/6W55mE8yCHYttRheBmizQDf+3i6FhmFGVx
-----END CERTIFICATE-----