Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/EfTXlzsEQ1U0li51AO3Tb6Ifpv8.roa
File:                     EfTXlzsEQ1U0li51AO3Tb6Ifpv8.roa (raw, json)
Hash identifier:          gyYY6J7DNZ0w3F0ISQg7ClmMvUZHRxqlO9BvFlJaO6Q=
Subject key identifier:   11:F4:D7:97:3B:04:43:55:34:96:2E:75:00:ED:D3:6F:A2:1F:A6:FF
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018E7F2884D4AA92BCA2D4E73B37894FC11F
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/EfTXlzsEQ1U0li51AO3Tb6Ifpv8.roa
Signing time:             Wed 27 Mar 2024 09:05:45 +0000
ROA not before:           Wed 27 Mar 2024 09:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.200.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:28:84:d4:aa:92:bc:a2:d4:e7:3b:37:89:4f:c1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 27 09:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11f4d7973b04435534962e7500edd36fa21fa6ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7c:e6:37:90:10:f9:56:96:b1:d1:08:8e:15:
                    3b:7e:ee:7f:90:85:8a:c3:3e:72:83:9f:b3:3f:01:
                    b4:f7:ee:64:23:ea:a4:fd:31:78:cc:80:6f:31:2c:
                    c6:05:9f:ab:e8:ae:7d:36:64:5f:97:51:e9:4a:42:
                    31:ef:38:6a:62:ba:e1:b3:fc:b4:6f:43:48:9b:9f:
                    37:b1:03:4c:9e:87:a1:03:4f:84:ba:96:7d:b6:00:
                    ae:6a:db:bc:bc:68:2f:12:74:b6:17:01:08:07:04:
                    4c:e2:72:6e:c3:b0:69:e5:2d:63:ab:86:f9:7b:35:
                    27:76:ee:4d:5c:cd:69:b1:9e:65:70:15:de:f7:84:
                    b3:ad:33:48:58:1f:1a:db:eb:8a:7b:02:91:3a:fc:
                    55:7c:56:23:ca:c3:bd:d5:6a:67:36:de:ac:3f:71:
                    32:51:0b:e4:2c:50:b4:95:5a:2a:f6:5e:58:c6:61:
                    9e:c0:06:f4:f1:34:97:92:ff:c1:17:2e:04:0d:74:
                    10:b1:90:11:47:a0:18:50:44:87:2e:5a:af:34:d6:
                    6c:bb:37:ad:aa:73:82:9d:b9:af:da:ef:a1:c7:14:
                    37:a1:53:6f:34:f0:60:da:fe:55:20:f4:1a:13:e9:
                    55:b0:1c:e7:59:cc:f9:ce:41:38:39:0b:59:e2:bf:
                    6c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F4:D7:97:3B:04:43:55:34:96:2E:75:00:ED:D3:6F:A2:1F:A6:FF
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/EfTXlzsEQ1U0li51AO3Tb6Ifpv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e6:f5:7c:55:c8:bb:e6:8f:a7:ea:73:a3:7d:32:0b:b8:4d:
         4a:ba:fa:c5:6d:aa:e7:5b:4a:c6:b6:8e:30:7f:0e:61:ac:fc:
         96:e5:7f:99:0f:b8:8c:f1:c7:9d:38:81:c1:9e:c8:fc:5e:46:
         43:77:8c:f7:32:29:b1:d1:c8:67:ab:55:af:dc:3a:ed:d7:4f:
         41:f4:f6:23:84:2b:c2:1f:97:62:7d:03:f1:e2:82:8b:b4:d7:
         a5:63:97:95:2a:49:be:27:c7:fc:08:6d:57:51:02:c5:bd:1a:
         fe:fe:be:59:3e:d5:72:98:f9:01:04:5e:13:b4:ea:2c:50:73:
         8d:99:b6:c0:e9:fd:c7:57:5d:6a:72:00:b4:a7:3f:9d:42:6c:
         93:20:50:cd:ca:29:d8:59:16:bd:19:8e:d3:6a:2b:80:8d:ac:
         9a:26:de:26:7c:75:be:06:7d:6f:e3:f7:6e:50:2e:7e:09:4e:
         a5:b0:44:f3:a2:89:37:2f:05:fd:f0:25:bd:c3:af:49:b0:77:
         df:dc:c3:8f:79:a9:35:00:b1:30:40:bc:68:5b:5f:8f:0b:1f:
         57:4f:87:1f:58:79:48:1a:b4:ad:32:f5:34:88:6b:3e:22:52:
         43:6e:5e:24:82:f5:5f:ba:05:0e:4d:8c:69:51:66:8d:23:ca:
         9b:e0:10:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/KITUqpK8otTnOzeJT8EfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMzI3MDkwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWY0ZDc5NzNiMDQ0MzU1MzQ5NjJlNzUwMGVkZDM2ZmEyMWZhNmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3zmN5AQ+VaWsdEIjhU7fu5/kIWK
wz5yg5+zPwG09+5kI+qk/TF4zIBvMSzGBZ+r6K59NmRfl1HpSkIx7zhqYrrhs/y0
b0NIm583sQNMnoehA0+EupZ9tgCuatu8vGgvEnS2FwEIBwRM4nJuw7Bp5S1jq4b5
ezUndu5NXM1psZ5lcBXe94SzrTNIWB8a2+uKewKROvxVfFYjysO91WpnNt6sP3Ey
UQvkLFC0lVoq9l5YxmGewAb08TSXkv/BFy4EDXQQsZARR6AYUESHLlqvNNZsuzet
qnOCnbmv2u+hxxQ3oVNvNPBg2v5VIPQaE+lVsBznWcz5zkE4OQtZ4r9sJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBH015c7BENVNJYudQDt02+iH6b/MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvRWZUWGx6c0VRMVUwbGk1MUFPM1RiNklmcHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8jfMA0G
CSqGSIb3DQEBCwUAA4IBAQAi5vV8Vci75o+n6nOjfTILuE1KuvrFbarnW0rGto4w
fw5hrPyW5X+ZD7iM8cedOIHBnsj8XkZDd4z3Mimx0chnq1Wv3Drt109B9PYjhCvC
H5difQPx4oKLtNelY5eVKkm+J8f8CG1XUQLFvRr+/r5ZPtVymPkBBF4TtOosUHON
mbbA6f3HV11qcgC0pz+dQmyTIFDNyinYWRa9GY7TaiuAjayaJt4mfHW+Bn1v4/du
UC5+CU6lsETzook3LwX98CW9w69JsHff3MOPeak1ALEwQLxoW1+PCx9XT4cfWHlI
GrStMvU0iGs+IlJDbl4kgvVfugUOTYxpUWaNI8qb4BBE
-----END CERTIFICATE-----