Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/i5c-c1Bzu_pEgimt8a3K9Fvk_yU.roa
File:                     i5c-c1Bzu_pEgimt8a3K9Fvk_yU.roa (raw, json)
Hash identifier:          Xz52JSofQJ0gLwHUittNqhEcilzKk07bsFqgkHtOt80=
Subject key identifier:   8B:97:3E:73:50:73:BB:FA:44:82:29:AD:F1:AD:CA:F4:5B:E4:FF:25
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       018CC64B83BD18FA444D25203ADAC5F74E0D
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/i5c-c1Bzu_pEgimt8a3K9Fvk_yU.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31138
IP address blocks:        83.217.0.0/22 maxlen: 22
                          2a00:d8c0::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:83:bd:18:fa:44:4d:25:20:3a:da:c5:f7:4e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b973e735073bbfa448229adf1adcaf45be4ff25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3b:62:83:70:ae:67:3b:f5:b2:ee:d1:5f:13:
                    88:c1:01:3c:5a:ed:09:55:2e:4b:06:97:b6:84:b7:
                    33:b7:f6:cd:67:ea:d1:06:21:21:85:5f:7b:b4:cb:
                    d8:26:15:46:8f:a4:d7:2d:cd:1b:65:9f:c2:06:a8:
                    48:e5:41:cc:a3:54:bd:ee:a2:77:43:5c:0a:b7:b6:
                    6a:69:96:d8:36:c4:87:74:2b:f2:85:a1:2d:8b:3a:
                    ed:8f:5d:e8:c6:36:a7:db:45:e3:df:b6:9d:59:68:
                    09:a4:71:ba:8f:71:7a:15:d1:24:e2:00:ff:c8:fb:
                    48:e8:87:5d:27:73:88:8f:14:d4:5b:a5:d8:97:d0:
                    f4:b1:55:7e:7c:f2:4c:2e:9d:e4:eb:67:ed:ed:06:
                    2c:75:47:2e:59:ea:c4:a2:10:8a:7b:f0:55:ed:48:
                    1d:4d:a3:3a:57:dd:45:a6:1c:b6:e0:bb:1d:61:78:
                    65:9e:f3:0a:73:8c:a1:6b:a7:f4:55:a0:93:23:aa:
                    95:d2:0d:9b:81:6f:c4:d8:ee:b2:3c:4b:ef:ed:0e:
                    5e:0c:6a:72:5d:1c:94:c2:22:5a:69:b8:f2:27:1f:
                    e9:15:f4:47:e3:d6:5a:26:70:08:c6:e2:86:2c:e0:
                    c5:19:5e:5a:75:e4:bb:31:af:2d:69:41:f0:6a:6a:
                    d1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:97:3E:73:50:73:BB:FA:44:82:29:AD:F1:AD:CA:F4:5B:E4:FF:25
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/i5c-c1Bzu_pEgimt8a3K9Fvk_yU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.0.0/22
                IPv6:
                  2a00:d8c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:f7:ec:e7:4d:17:04:1d:9a:9c:d9:c9:99:2f:f8:67:62:ed:
         f9:41:24:a8:86:66:f5:fb:cd:7a:09:69:90:89:dc:b7:6b:2f:
         de:b5:eb:ef:be:b5:c0:b8:eb:46:31:78:62:6e:15:b3:9b:f6:
         e1:8e:c9:0a:8d:d6:ad:75:df:b0:a3:e2:c8:e1:32:3a:a4:d6:
         b6:54:17:68:89:81:61:a3:e4:d7:fd:59:ac:4a:db:cd:1c:70:
         f7:96:20:87:0f:42:11:e8:a0:94:ec:bc:0f:ca:6c:8c:93:98:
         f5:22:9f:4d:21:4e:ba:82:a8:42:5d:5c:dc:c6:a0:7f:b8:f8:
         6a:b3:19:b5:f6:ae:c8:23:dd:56:25:b4:34:f6:d7:f7:5d:e1:
         37:ad:39:06:8f:16:b1:01:22:e0:1b:03:1b:df:9b:7b:1d:65:
         58:7b:9a:1e:77:21:64:0d:92:bd:e5:17:c3:b2:39:0a:32:75:
         75:48:17:76:5f:f5:28:d9:e3:51:f1:40:60:bd:1c:a0:8e:fb:
         64:f4:fd:70:98:48:79:bb:4b:2e:22:1d:62:ab:9d:b2:cf:ae:
         e6:9d:3d:f4:d6:7a:07:93:ea:f2:a6:68:87:bc:8b:b8:77:51:
         97:2a:cc:04:e0:c6:50:ed:ed:7a:56:ff:8b:3d:4a:a4:de:2e:
         b8:c7:60:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGS4O9GPpETSUgOtrF904NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjk3M2U3MzUwNzNiYmZhNDQ4MjI5YWRmMWFkY2FmNDViZTRmZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhztig3CuZzv1su7RXxOIwQE8Wu0J
VS5LBpe2hLczt/bNZ+rRBiEhhV97tMvYJhVGj6TXLc0bZZ/CBqhI5UHMo1S97qJ3
Q1wKt7ZqaZbYNsSHdCvyhaEtizrtj13oxjan20Xj37adWWgJpHG6j3F6FdEk4gD/
yPtI6IddJ3OIjxTUW6XYl9D0sVV+fPJMLp3k62ft7QYsdUcuWerEohCKe/BV7Ugd
TaM6V91Fphy24LsdYXhlnvMKc4yha6f0VaCTI6qV0g2bgW/E2O6yPEvv7Q5eDGpy
XRyUwiJaabjyJx/pFfRH49ZaJnAIxuKGLODFGV5adeS7Ma8taUHwamrRRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIuXPnNQc7v6RIIprfGtyvRb5P8lMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvaTVjLWMxQnp1X3BFZ2ltdDhhM0s5RnZrX3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCU9kAMA8E
AgACMAkDBwAqANjAAAAwDQYJKoZIhvcNAQELBQADggEBABr37OdNFwQdmpzZyZkv
+Gdi7flBJKiGZvX7zXoJaZCJ3LdrL9616+++tcC460YxeGJuFbOb9uGOyQqN1q11
37Cj4sjhMjqk1rZUF2iJgWGj5Nf9WaxK280ccPeWIIcPQhHooJTsvA/KbIyTmPUi
n00hTrqCqEJdXNzGoH+4+GqzGbX2rsgj3VYltDT21/dd4TetOQaPFrEBIuAbAxvf
m3sdZVh7mh53IWQNkr3lF8OyOQoydXVIF3Zf9SjZ41HxQGC9HKCO+2T0/XCYSHm7
Sy4iHWKrnbLPruadPfTWegeT6vKmaIe8i7h3UZcqzATgxlDt7XpW/4s9SqTeLrjH
YBg=
-----END CERTIFICATE-----