Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/js3aQJqYFzP4-bwFLmsPMfWEGMo.roa
File:                     js3aQJqYFzP4-bwFLmsPMfWEGMo.roa (raw, json)
Hash identifier:          qjCuESwxf/ybGResxfZHcc2/c2OefQJ80QUi9vEu5ag=
Subject key identifier:   8E:CD:DA:40:9A:98:17:33:F8:F9:BC:05:2E:6B:0F:31:F5:84:18:CA
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       0192896A84EADAF982CABBB4085F3019BBDB
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/js3aQJqYFzP4-bwFLmsPMfWEGMo.roa
Signing time:             Mon 14 Oct 2024 05:05:12 +0000
ROA not before:           Mon 14 Oct 2024 05:05:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        83.217.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:89:6a:84:ea:da:f9:82:ca:bb:b4:08:5f:30:19:bb:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Oct 14 05:05:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ecdda409a981733f8f9bc052e6b0f31f58418ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:13:06:8e:bf:83:32:19:26:a8:56:a1:cc:e6:
                    9f:4c:a6:cc:85:12:14:9e:58:cc:9d:b8:72:9f:2f:
                    61:36:06:5f:c1:e7:62:23:5b:1d:b6:8e:3f:1a:a4:
                    eb:36:39:f9:05:2b:5d:6c:75:9b:6e:75:5c:21:06:
                    23:c9:03:36:7f:76:8b:9e:32:5e:b4:80:47:fc:32:
                    ba:5c:33:1c:c4:e6:1e:00:e1:fc:41:85:8c:87:56:
                    15:82:a8:7c:25:75:15:eb:5b:08:53:0e:08:6e:ee:
                    fe:34:15:31:82:68:64:b5:c7:95:76:f0:cd:e4:2a:
                    ad:c9:84:20:ff:ca:1d:46:a0:a5:b2:c7:15:fa:e7:
                    b3:1b:84:60:60:27:d9:1e:66:9e:07:d1:41:10:be:
                    db:fe:21:c1:61:c3:50:c1:3e:13:bb:66:8c:42:60:
                    c9:90:df:5e:4c:c9:c8:88:a8:c6:58:ed:a8:2e:cf:
                    55:c9:ba:c8:28:c1:3a:1e:28:79:41:6e:70:3b:8c:
                    cc:d1:54:7c:7c:98:6c:40:75:e4:52:1a:51:42:93:
                    1f:d5:77:8e:6f:14:a8:93:72:2d:90:69:71:82:69:
                    72:a1:c1:af:73:44:c8:b7:28:61:51:72:33:06:55:
                    3b:58:1d:01:64:c6:42:b0:76:4c:4b:16:8d:ac:be:
                    ac:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:CD:DA:40:9A:98:17:33:F8:F9:BC:05:2E:6B:0F:31:F5:84:18:CA
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/js3aQJqYFzP4-bwFLmsPMfWEGMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:b0:f3:94:30:c1:45:fc:f1:a9:89:49:35:a3:78:d1:7d:bd:
         44:cb:9c:da:95:4a:c5:b3:50:bf:7e:34:38:e4:48:1d:9b:5b:
         3f:24:b5:e4:7a:50:10:11:be:7e:7a:fb:25:8b:bc:f8:a3:b2:
         72:f9:41:a7:02:b8:9b:3c:c6:26:15:1a:9f:80:f3:79:4d:e1:
         6d:b1:df:b5:74:ea:f8:87:22:99:a0:1b:84:bd:47:26:d8:a1:
         21:d4:11:ea:30:87:99:46:02:19:91:cc:5a:cf:a5:fa:48:01:
         c5:95:1b:44:d7:ce:65:e7:3d:cf:96:7b:87:07:eb:23:14:8e:
         3d:b5:68:87:bc:a6:b8:85:db:04:20:db:f2:1b:46:d5:f9:7a:
         9d:80:58:42:2e:7b:34:0c:78:56:3a:ff:3a:2f:ea:bb:0c:e0:
         c9:16:cb:69:d8:4d:31:07:64:6a:83:6e:a4:3d:82:6a:bd:a9:
         c2:00:e6:6c:b6:29:d8:64:0d:c6:35:77:cf:34:d9:3d:8a:a4:
         b1:9a:a0:55:9c:bb:f4:8a:19:6d:f1:ff:72:80:9c:ef:84:f8:
         da:f6:b9:05:44:5c:96:f7:c6:68:ca:d3:d6:90:63:24:28:86:
         24:f3:91:21:90:7d:ac:d8:67:2f:55:46:04:97:71:07:90:4b:
         40:00:6a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKJaoTq2vmCyru0CF8wGbvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQxMDE0MDUwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWNkZGE0MDlhOTgxNzMzZjhmOWJjMDUyZTZiMGYzMWY1ODQxOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBMGjr+DMhkmqFahzOafTKbMhRIU
nljMnbhyny9hNgZfwediI1sdto4/GqTrNjn5BStdbHWbbnVcIQYjyQM2f3aLnjJe
tIBH/DK6XDMcxOYeAOH8QYWMh1YVgqh8JXUV61sIUw4Ibu7+NBUxgmhktceVdvDN
5CqtyYQg/8odRqClsscV+uezG4RgYCfZHmaeB9FBEL7b/iHBYcNQwT4Tu2aMQmDJ
kN9eTMnIiKjGWO2oLs9VybrIKME6Hih5QW5wO4zM0VR8fJhsQHXkUhpRQpMf1XeO
bxSok3ItkGlxgmlyocGvc0TItyhhUXIzBlU7WB0BZMZCsHZMSxaNrL6s1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7N2kCamBcz+Pm8BS5rDzH1hBjKMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvanMzYVFKcVlGelA0LWJ3Rkxtc1BNZldFR01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9kLMA0G
CSqGSIb3DQEBCwUAA4IBAQBPsPOUMMFF/PGpiUk1o3jRfb1Ey5zalUrFs1C/fjQ4
5Egdm1s/JLXkelAQEb5+evsli7z4o7Jy+UGnAribPMYmFRqfgPN5TeFtsd+1dOr4
hyKZoBuEvUcm2KEh1BHqMIeZRgIZkcxaz6X6SAHFlRtE185l5z3PlnuHB+sjFI49
tWiHvKa4hdsEINvyG0bV+XqdgFhCLns0DHhWOv86L+q7DODJFstp2E0xB2Rqg26k
PYJqvanCAOZstinYZA3GNXfPNNk9iqSxmqBVnLv0ihlt8f9ygJzvhPja9rkFRFyW
98ZoytPWkGMkKIYk85EhkH2s2GcvVUYEl3EHkEtAAGrI
-----END CERTIFICATE-----