Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/eVYtehpyCvKKnSpNz3RiHyK_Q6Q.roa
File:                     eVYtehpyCvKKnSpNz3RiHyK_Q6Q.roa (raw, json)
Hash identifier:          X4mYzJ4JS55cEgvU8fJceJ6k3SF6KdquvdngxQszsps=
Subject key identifier:   79:56:2D:7A:1A:72:0A:F2:8A:9D:2A:4D:CF:74:62:1F:22:BF:43:A4
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018EA3A8634A1B119896AD4D1B3639969B7A
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/eVYtehpyCvKKnSpNz3RiHyK_Q6Q.roa
Signing time:             Wed 03 Apr 2024 11:11:45 +0000
ROA not before:           Wed 03 Apr 2024 11:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        91.200.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:a8:63:4a:1b:11:98:96:ad:4d:1b:36:39:96:9b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Apr  3 11:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79562d7a1a720af28a9d2a4dcf74621f22bf43a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a7:a7:dc:7d:e7:1d:81:06:ba:c5:ab:b4:b5:
                    59:fe:94:eb:88:3d:b0:5c:15:81:aa:8e:24:85:70:
                    97:e7:c3:25:bd:f1:62:d5:de:d6:ed:31:fc:eb:46:
                    2e:12:9b:74:e0:9a:1a:ff:f7:3f:88:5f:75:4c:06:
                    b3:ec:01:ec:68:64:02:2e:14:ea:a1:b4:5a:2d:2b:
                    17:c0:69:66:fe:73:e0:26:f1:1e:cd:67:2a:b6:05:
                    b8:a1:fa:83:be:48:b5:ea:80:27:f4:32:d0:18:c3:
                    16:50:51:93:93:56:36:d7:8e:b9:b3:32:a4:14:0f:
                    ae:77:1b:fb:19:2e:72:73:ce:af:77:ac:d2:a6:ae:
                    78:9c:2b:8e:47:28:22:43:f2:53:8c:0e:67:84:e0:
                    8b:76:a2:9d:96:10:d0:f6:80:7d:d6:48:15:20:61:
                    10:1f:25:72:b4:25:78:9f:ea:97:3e:57:91:60:9a:
                    9e:1c:1a:19:06:20:44:3e:b0:ba:e3:09:56:3b:4e:
                    9e:4e:87:2d:1d:db:aa:57:1b:8d:c9:3b:d8:b9:9e:
                    5c:b9:c4:56:81:67:26:ab:49:61:4b:92:5a:2e:10:
                    ba:b0:df:04:c1:99:ad:99:a4:3d:cd:58:c0:ff:ce:
                    76:4f:41:12:f4:12:04:42:01:ce:3c:dc:8c:fa:c9:
                    6c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:56:2D:7A:1A:72:0A:F2:8A:9D:2A:4D:CF:74:62:1F:22:BF:43:A4
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/eVYtehpyCvKKnSpNz3RiHyK_Q6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1d:df:d6:68:7b:8c:e1:1a:bc:52:96:3c:58:45:85:50:37:
         f8:36:e2:67:ae:5c:a0:a0:20:48:42:bb:76:ab:b6:ed:2f:75:
         c4:43:43:fa:74:3e:19:ac:5a:cc:b1:85:42:17:20:74:8e:a5:
         b2:12:38:76:86:56:e8:75:7b:5f:04:22:e7:0d:cc:c4:83:98:
         f9:e1:6e:ed:34:25:4c:e9:07:1b:79:4d:99:89:40:ff:52:59:
         78:01:ab:2f:e8:e2:c7:72:aa:49:31:5b:3e:55:a9:b5:45:7f:
         a9:f1:16:ab:8f:09:4d:b1:ff:cc:da:ec:28:d5:ef:92:8a:56:
         5e:49:63:5a:84:4b:57:3c:18:d9:2b:7a:39:4d:a0:32:06:70:
         31:5d:8c:e3:92:b2:0c:56:b0:ad:64:97:a0:3e:fd:ae:31:6b:
         b2:19:55:ad:b3:59:2c:30:a8:8b:8e:7b:e4:f0:de:8b:8f:5d:
         e6:c1:94:38:f0:62:63:31:e9:62:f4:5d:12:a4:4b:0e:af:5c:
         0e:ba:68:e9:d7:be:3c:cb:2e:66:d6:04:f2:5f:7d:f3:01:78:
         30:5e:20:93:d2:8b:e5:a9:54:5f:ff:c6:9b:c6:dd:36:79:c5:
         39:b1:e4:e9:19:8e:38:0f:f7:a4:1e:71:c3:f9:51:17:9a:08:
         f7:e4:d4:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6jqGNKGxGYlq1NGzY5lpt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNDAzMTExMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTU2MmQ3YTFhNzIwYWYyOGE5ZDJhNGRjZjc0NjIxZjIyYmY0M2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKen3H3nHYEGusWrtLVZ/pTriD2w
XBWBqo4khXCX58MlvfFi1d7W7TH860YuEpt04Joa//c/iF91TAaz7AHsaGQCLhTq
obRaLSsXwGlm/nPgJvEezWcqtgW4ofqDvki16oAn9DLQGMMWUFGTk1Y21465szKk
FA+udxv7GS5yc86vd6zSpq54nCuORygiQ/JTjA5nhOCLdqKdlhDQ9oB91kgVIGEQ
HyVytCV4n+qXPleRYJqeHBoZBiBEPrC64wlWO06eToctHduqVxuNyTvYuZ5cucRW
gWcmq0lhS5JaLhC6sN8EwZmtmaQ9zVjA/852T0ES9BIEQgHOPNyM+slsvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlWLXoacgryip0qTc90Yh8iv0OkMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvZVZZdGVocHlDdktLblNwTnozUmlIeUtfUTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8jcMA0G
CSqGSIb3DQEBCwUAA4IBAQAUHd/WaHuM4Rq8UpY8WEWFUDf4NuJnrlygoCBIQrt2
q7btL3XEQ0P6dD4ZrFrMsYVCFyB0jqWyEjh2hlbodXtfBCLnDczEg5j54W7tNCVM
6QcbeU2ZiUD/Ull4Aasv6OLHcqpJMVs+Vam1RX+p8RarjwlNsf/M2uwo1e+SilZe
SWNahEtXPBjZK3o5TaAyBnAxXYzjkrIMVrCtZJegPv2uMWuyGVWts1ksMKiLjnvk
8N6Lj13mwZQ48GJjMeli9F0SpEsOr1wOumjp1748yy5m1gTyX33zAXgwXiCT0ovl
qVRf/8abxt02ecU5seTpGY44D/ekHnHD+VEXmgj35NSP
-----END CERTIFICATE-----