Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/i4f1t__SHD-QTSI70hcDe0-iLuE.roa
File:                     i4f1t__SHD-QTSI70hcDe0-iLuE.roa (raw, json)
Hash identifier:          x5mSq7hcGWnjVGsMlKR9T5XBSWXyZ8MGhLOD1IalJyI=
Subject key identifier:   8B:87:F5:B7:FF:D2:1C:3F:90:4D:22:3B:D2:17:03:7B:4F:A2:2E:E1
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       01941F8C61B95BC0566AD2065565F1EAD28F
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/i4f1t__SHD-QTSI70hcDe0-iLuE.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        83.217.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:61:b9:5b:c0:56:6a:d2:06:55:65:f1:ea:d2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b87f5b7ffd21c3f904d223bd217037b4fa22ee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cd:70:fe:3f:84:fa:72:c1:df:93:ce:96:07:
                    8d:f2:71:1d:e3:7b:21:b2:36:99:81:00:51:ce:89:
                    c3:51:17:90:11:44:46:f3:81:f0:2c:49:bd:e6:2a:
                    cd:72:97:1c:56:f4:51:cd:94:c3:2f:d8:de:a6:98:
                    c9:3b:82:d9:21:70:58:fc:73:ee:69:01:1e:77:b7:
                    73:0e:c9:d2:dc:5f:0f:4b:1b:00:d2:41:ee:11:9b:
                    03:7a:29:03:8f:ae:99:b8:66:c2:c3:88:3d:3b:4f:
                    1d:d3:61:34:d9:c2:89:f2:60:45:a1:4c:24:86:30:
                    06:ee:ff:dd:60:80:32:c7:d1:9a:6c:56:34:13:66:
                    15:e3:1f:bb:6c:26:68:06:2c:4a:ab:bd:95:58:75:
                    05:bb:d4:b4:82:28:65:1c:8e:05:f6:d4:89:16:5a:
                    9d:d4:8f:e9:f5:0d:0d:e2:6b:e3:c6:ab:07:b2:fc:
                    0b:8c:71:fc:e8:61:7c:07:39:6a:d3:f2:63:57:df:
                    0a:81:8d:86:5a:7e:4f:76:03:ba:4c:08:49:9e:9f:
                    0e:d4:34:47:ea:68:d6:51:e7:e8:48:18:c7:ba:93:
                    ba:21:39:cb:ca:ad:da:28:b2:82:2b:62:7a:44:b9:
                    b7:b7:2f:4d:de:28:ed:34:c0:10:e2:07:9e:ba:1d:
                    fa:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:87:F5:B7:FF:D2:1C:3F:90:4D:22:3B:D2:17:03:7B:4F:A2:2E:E1
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/i4f1t__SHD-QTSI70hcDe0-iLuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:38:e2:1a:f7:28:3b:c2:6b:22:35:34:88:c4:37:18:da:53:
         44:91:08:91:ba:a7:92:88:01:4e:fe:9b:ed:b0:ee:77:80:d0:
         74:8b:04:16:61:9c:45:35:73:7b:af:2d:91:5a:91:fa:51:af:
         ab:46:e5:bf:64:2c:97:db:bd:7d:42:a2:42:29:10:dd:38:03:
         22:9b:55:70:54:9c:48:75:49:cd:ef:9e:c3:f6:d6:8d:d2:cf:
         8d:3e:a7:2a:4f:c1:81:a9:20:36:67:61:bc:b6:c1:08:4a:9a:
         3a:ce:fc:06:b3:96:25:8c:fa:08:3e:a6:ca:d2:32:0b:e1:83:
         48:03:ee:d3:78:e1:d1:e3:9c:1a:33:4c:36:ee:af:28:6d:58:
         77:c6:62:b4:77:51:3b:48:cd:f2:f7:3b:44:02:45:a9:d9:c6:
         69:db:48:d5:e7:4d:d7:5a:87:fc:a1:5d:fb:ce:8c:a8:a5:2e:
         77:25:2c:1a:b5:3a:bb:d1:ed:84:ec:fb:f8:22:00:78:0a:4c:
         93:2e:23:32:cb:26:da:82:07:01:4e:12:eb:6d:1b:21:4b:6d:
         39:b1:dc:e9:ac:1e:fc:75:90:20:2d:86:6c:ab:52:09:ca:ef:
         51:b8:48:4c:ad:f9:69:de:e1:1c:46:5e:93:2c:51:3d:9a:fa:
         56:b3:c8:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGG5W8BWatIGVWXx6tKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjg3ZjViN2ZmZDIxYzNmOTA0ZDIyM2JkMjE3MDM3YjRmYTIyZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c1w/j+E+nLB35POlgeN8nEd43sh
sjaZgQBRzonDUReQEURG84HwLEm95irNcpccVvRRzZTDL9jeppjJO4LZIXBY/HPu
aQEed7dzDsnS3F8PSxsA0kHuEZsDeikDj66ZuGbCw4g9O08d02E02cKJ8mBFoUwk
hjAG7v/dYIAyx9GabFY0E2YV4x+7bCZoBixKq72VWHUFu9S0gihlHI4F9tSJFlqd
1I/p9Q0N4mvjxqsHsvwLjHH86GF8Bzlq0/JjV98KgY2GWn5PdgO6TAhJnp8O1DRH
6mjWUefoSBjHupO6ITnLyq3aKLKCK2J6RLm3ty9N3ijtNMAQ4geeuh364QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuH9bf/0hw/kE0iO9IXA3tPoi7hMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvaTRmMXRfX1NIRC1RVFNJNzBoY0RlMC1pTHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9kLMA0G
CSqGSIb3DQEBCwUAA4IBAQB9OOIa9yg7wmsiNTSIxDcY2lNEkQiRuqeSiAFO/pvt
sO53gNB0iwQWYZxFNXN7ry2RWpH6Ua+rRuW/ZCyX2719QqJCKRDdOAMim1VwVJxI
dUnN757D9taN0s+NPqcqT8GBqSA2Z2G8tsEISpo6zvwGs5YljPoIPqbK0jIL4YNI
A+7TeOHR45waM0w27q8obVh3xmK0d1E7SM3y9ztEAkWp2cZp20jV503XWof8oV37
zoyopS53JSwatTq70e2E7Pv4IgB4CkyTLiMyyybaggcBThLrbRshS205sdzprB78
dZAgLYZsq1IJyu9RuEhMrflp3uEcRl6TLFE9mvpWs8hR
-----END CERTIFICATE-----