Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/BViN8wev5pjHqnHgNMjMjItIzPw.roa
File:                     BViN8wev5pjHqnHgNMjMjItIzPw.roa (raw, json)
Hash identifier:          f/jff2qzA4u4pHmrc9K+xI+fXqW8foWliVPrQKc+p60=
Subject key identifier:   05:58:8D:F3:07:AF:E6:98:C7:AA:71:E0:34:C8:CC:8C:8B:48:CC:FC
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018FC616536245BD6B0B3014F02664151BB4
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/BViN8wev5pjHqnHgNMjMjItIzPw.roa
Signing time:             Wed 29 May 2024 20:41:42 +0000
ROA not before:           Wed 29 May 2024 20:41:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        90.84.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c6:16:53:62:45:bd:6b:0b:30:14:f0:26:64:15:1b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: May 29 20:41:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05588df307afe698c7aa71e034c8cc8c8b48ccfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:79:5a:65:12:bb:31:b1:97:9d:c4:0d:21:78:
                    e8:09:c3:aa:23:f2:17:f9:7d:24:af:07:01:39:98:
                    04:72:be:f2:a5:a1:e8:d3:c5:03:f9:5f:15:a5:66:
                    1a:43:92:bd:71:72:e0:79:84:17:60:6f:f8:34:95:
                    46:51:8c:17:95:37:07:ab:18:09:47:a9:c7:30:93:
                    86:52:67:86:bd:82:bb:96:34:93:30:fc:2a:62:9f:
                    18:3c:83:b5:09:b7:66:c2:68:f7:2c:93:e6:44:7d:
                    bc:b4:da:68:bc:da:b6:bb:27:62:5b:a5:4b:ac:d0:
                    b8:27:89:52:bf:3f:ad:93:f7:e0:11:5d:50:1a:e5:
                    7b:ca:e1:2e:52:ac:d0:19:01:9c:d9:86:04:ec:d5:
                    2f:10:cf:05:ee:1f:2f:1e:c6:d2:3e:93:2d:c3:b3:
                    80:8e:e7:41:1e:39:dd:4d:12:4e:e6:fe:df:58:85:
                    51:09:f3:1f:f2:a3:55:37:0c:70:8c:e1:90:ad:0d:
                    6e:b3:fd:00:32:d8:06:30:1a:d5:b7:b9:19:d2:4b:
                    eb:fc:a7:62:1b:11:d4:bc:06:c0:30:ac:35:0b:21:
                    65:82:fe:2a:2a:49:1c:df:fd:87:33:0d:8e:32:01:
                    ff:5b:2a:82:68:c1:1e:56:a9:37:22:ce:50:51:fe:
                    0f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:58:8D:F3:07:AF:E6:98:C7:AA:71:E0:34:C8:CC:8C:8B:48:CC:FC
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/BViN8wev5pjHqnHgNMjMjItIzPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.84.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:06:fa:90:f3:ad:1b:ca:8b:ac:28:87:9a:e4:70:7d:90:04:
         08:45:7d:d7:7a:ca:29:57:c3:39:72:f1:26:09:ea:36:ad:49:
         73:89:a6:38:75:45:e7:6b:4d:f6:f4:16:f5:d1:24:ac:9b:76:
         61:5a:9c:da:11:24:dc:cb:3f:c0:06:3b:6b:26:5c:af:b6:e5:
         76:f2:cf:48:21:5d:4e:53:9a:89:5a:01:66:1c:6d:7e:77:1e:
         1e:b8:bf:12:d7:53:3a:d1:bb:3b:3e:3f:74:16:61:95:4b:47:
         26:1e:3a:02:cf:61:ba:93:ec:fc:5b:0b:d4:17:2b:4e:e5:0f:
         8f:98:b8:56:f8:b0:39:8b:6d:27:bc:73:e8:95:d4:b8:31:ec:
         31:af:1f:c2:59:59:4e:b4:52:bd:41:5c:99:0f:3c:fd:27:00:
         47:e2:5f:d5:c1:d0:96:d7:b7:5b:a5:2b:d9:4e:33:98:ce:99:
         e6:4b:ac:d1:d1:74:fa:54:78:65:07:1b:aa:f3:a4:57:ae:54:
         36:8e:fe:e0:8a:ee:f2:2c:a0:b6:66:dd:be:5f:47:a9:93:7f:
         fc:bf:09:02:54:f1:23:39:06:5a:33:a0:46:de:7e:79:07:50:
         56:b1:df:f4:a5:2f:e2:0f:65:4e:01:ff:58:9a:0b:6c:27:72:
         a9:9d:16:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/GFlNiRb1rCzAU8CZkFRu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwNTI5MjA0MTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTU4OGRmMzA3YWZlNjk4YzdhYTcxZTAzNGM4Y2M4YzhiNDhjY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXlaZRK7MbGXncQNIXjoCcOqI/IX
+X0krwcBOZgEcr7ypaHo08UD+V8VpWYaQ5K9cXLgeYQXYG/4NJVGUYwXlTcHqxgJ
R6nHMJOGUmeGvYK7ljSTMPwqYp8YPIO1Cbdmwmj3LJPmRH28tNpovNq2uydiW6VL
rNC4J4lSvz+tk/fgEV1QGuV7yuEuUqzQGQGc2YYE7NUvEM8F7h8vHsbSPpMtw7OA
judBHjndTRJO5v7fWIVRCfMf8qNVNwxwjOGQrQ1us/0AMtgGMBrVt7kZ0kvr/Kdi
GxHUvAbAMKw1CyFlgv4qKkkc3/2HMw2OMgH/WyqCaMEeVqk3Is5QUf4PrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVYjfMHr+aYx6px4DTIzIyLSMz8MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvQlZpTjh3ZXY1cGpIcW5IZ05Nak1qSXRJelB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWlQKMA0G
CSqGSIb3DQEBCwUAA4IBAQBbBvqQ860byousKIea5HB9kAQIRX3XesopV8M5cvEm
Ceo2rUlziaY4dUXna0329Bb10SSsm3ZhWpzaESTcyz/ABjtrJlyvtuV28s9IIV1O
U5qJWgFmHG1+dx4euL8S11M60bs7Pj90FmGVS0cmHjoCz2G6k+z8WwvUFytO5Q+P
mLhW+LA5i20nvHPoldS4Mewxrx/CWVlOtFK9QVyZDzz9JwBH4l/VwdCW17dbpSvZ
TjOYzpnmS6zR0XT6VHhlBxuq86RXrlQ2jv7giu7yLKC2Zt2+X0epk3/8vwkCVPEj
OQZaM6BG3n55B1BWsd/0pS/iD2VOAf9YmgtsJ3KpnRYP
-----END CERTIFICATE-----