Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/EVdaAJISdVmosuzILhlOI6T3nRs.roa
File:                     EVdaAJISdVmosuzILhlOI6T3nRs.roa (raw, json)
Hash identifier:          QZNKovN2Ky9v2hyaEh8It7MLleCAQnxdVeHVy01Uaq4=
Subject key identifier:   11:57:5A:00:92:12:75:59:A8:B2:EC:C8:2E:19:4E:23:A4:F7:9D:1B
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       018CC2DB0260528501338D50E9BF22CC9AFF
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/EVdaAJISdVmosuzILhlOI6T3nRs.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        45.15.209.0/24 maxlen: 24
                          45.86.190.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:60:52:85:01:33:8d:50:e9:bf:22:cc:9a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11575a0092127559a8b2ecc82e194e23a4f79d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:00:3a:a4:3d:4e:17:9f:7e:22:3b:32:cd:76:
                    46:fa:4c:11:3a:0c:28:4b:f5:56:98:2a:46:42:f8:
                    31:ad:9a:03:49:cd:ae:a1:96:fc:a5:84:11:4d:f2:
                    c9:26:c9:da:19:37:88:14:37:4e:2e:cf:e8:19:7e:
                    25:38:2d:8c:90:bb:73:0f:9d:6c:5a:0f:6a:b5:3a:
                    75:db:5b:7e:1f:75:ae:4b:15:0c:0e:02:79:6e:c0:
                    91:05:99:47:56:f3:b8:52:aa:5e:45:ad:d6:cb:c5:
                    29:14:a3:03:7a:95:bf:37:1a:62:46:a6:67:c6:0f:
                    82:34:7c:86:fe:5c:6d:59:99:8c:33:6e:e4:5d:2d:
                    37:83:82:09:7f:c7:87:bb:52:ec:9e:c2:82:2f:3d:
                    db:90:99:5d:74:4d:24:1b:34:14:7c:97:74:a6:65:
                    e7:cb:44:e7:bb:96:5b:dd:02:7c:79:ac:6c:35:d6:
                    6c:8d:96:90:b4:26:9b:8c:bc:41:19:37:95:40:1c:
                    76:4f:46:99:45:4f:54:e2:7c:24:66:29:fa:b7:3c:
                    57:63:54:20:5a:ea:98:84:2a:3d:65:ac:cb:88:d6:
                    bd:d0:a6:8d:9d:41:2d:e1:af:8a:c9:cc:eb:51:98:
                    16:d1:52:a9:09:7a:b7:04:69:57:ec:14:8b:7e:2c:
                    1b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:57:5A:00:92:12:75:59:A8:B2:EC:C8:2E:19:4E:23:A4:F7:9D:1B
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/EVdaAJISdVmosuzILhlOI6T3nRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.209.0/24
                  45.86.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:5c:f7:f2:81:cc:f6:54:d6:26:1a:e1:a7:2b:62:6c:94:af:
         4b:c0:64:2d:e6:ce:3b:3f:6e:d5:a1:6b:98:78:ce:f6:d3:f9:
         71:e4:37:46:ff:7e:c8:e8:86:d9:33:10:4b:a5:7a:43:ef:10:
         6a:e7:93:e0:07:81:6b:98:eb:3f:7a:11:cf:59:1d:13:9e:20:
         98:60:28:65:0c:57:c3:06:f6:0e:bf:0e:94:ee:10:95:77:f3:
         fc:19:e7:80:17:a4:de:9c:5c:7b:72:ee:1d:75:41:dc:9e:8a:
         ce:b6:86:6b:69:97:24:e3:a1:08:13:1f:f3:25:5c:3c:a4:c5:
         8e:de:9f:a4:37:f3:dd:ca:2a:66:80:c3:25:a1:29:0a:c5:41:
         07:ff:df:66:f7:b0:37:29:60:e4:cd:ff:06:eb:ff:5b:5e:26:
         46:b7:c5:50:00:c7:71:d3:a9:be:ac:e3:13:f5:d7:55:2d:48:
         51:34:ce:fd:1a:78:65:dd:d7:c2:4b:86:7b:10:14:0c:86:6c:
         a0:c1:35:e3:b7:a1:cd:69:c5:49:1b:3e:2e:7c:e9:04:7a:bf:
         44:74:e8:0f:20:fc:da:1f:e6:5b:49:25:fc:1e:4d:7f:82:2d:
         ef:06:88:08:3a:bb:7b:e9:c2:6b:dc:76:43:5c:84:c0:36:e7:
         63:d0:9c:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2wJgUoUBM41Q6b8izJr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTU3NWEwMDkyMTI3NTU5YThiMmVjYzgyZTE5NGUyM2E0Zjc5ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwA6pD1OF59+IjsyzXZG+kwROgwo
S/VWmCpGQvgxrZoDSc2uoZb8pYQRTfLJJsnaGTeIFDdOLs/oGX4lOC2MkLtzD51s
Wg9qtTp121t+H3WuSxUMDgJ5bsCRBZlHVvO4UqpeRa3Wy8UpFKMDepW/NxpiRqZn
xg+CNHyG/lxtWZmMM27kXS03g4IJf8eHu1LsnsKCLz3bkJlddE0kGzQUfJd0pmXn
y0Tnu5Zb3QJ8eaxsNdZsjZaQtCabjLxBGTeVQBx2T0aZRU9U4nwkZin6tzxXY1Qg
WuqYhCo9ZazLiNa90KaNnUEt4a+KyczrUZgW0VKpCXq3BGlX7BSLfiwb4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBFXWgCSEnVZqLLsyC4ZTiOk950bMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvRVZkYUFKSVNkVm1vc3V6SUxobE9JNlQzblJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ/RAwQB
LVa+MA0GCSqGSIb3DQEBCwUAA4IBAQA4XPfygcz2VNYmGuGnK2JslK9LwGQt5s47
P27VoWuYeM720/lx5DdG/37I6IbZMxBLpXpD7xBq55PgB4FrmOs/ehHPWR0TniCY
YChlDFfDBvYOvw6U7hCVd/P8GeeAF6TenFx7cu4ddUHcnorOtoZraZck46EIEx/z
JVw8pMWO3p+kN/PdyipmgMMloSkKxUEH/99m97A3KWDkzf8G6/9bXiZGt8VQAMdx
06m+rOMT9ddVLUhRNM79Gnhl3dfCS4Z7EBQMhmygwTXjt6HNacVJGz4ufOkEer9E
dOgPIPzaH+ZbSSX8Hk1/gi3vBogIOrt76cJr3HZDXITANudj0Jz2
-----END CERTIFICATE-----