Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/evio_SDgnchRWGRiUa7Xs5H4nJI.roa
File:                     evio_SDgnchRWGRiUa7Xs5H4nJI.roa (raw, json)
Hash identifier:          syMYIOG4A0pRxUPExsRK0OkArLRu6QjCp2jeApHciyo=
Subject key identifier:   7A:F8:A8:FD:20:E0:9D:C8:51:58:64:62:51:AE:D7:B3:91:F8:9C:92
Certificate issuer:       /CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
Certificate serial:       018CC9BC5961C8731D307FCC10F61D8CC162
Authority key identifier: 5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/evio_SDgnchRWGRiUa7Xs5H4nJI.roa
Signing time:             Tue 02 Jan 2024 10:33:33 +0000
ROA not before:           Tue 02 Jan 2024 10:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210916
IP address blocks:        2a11:6c6::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:59:61:c8:73:1d:30:7f:cc:10:f6:1d:8c:c1:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
        Validity
            Not Before: Jan  2 10:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7af8a8fd20e09dc85158646251aed7b391f89c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:51:cc:c3:e1:c7:08:72:b4:55:b5:30:2a:60:
                    40:a6:72:fd:4f:8b:1b:e0:5d:e5:98:e5:fa:96:c6:
                    3b:b7:e4:2d:5e:1a:35:9e:c3:eb:65:82:95:92:38:
                    2d:de:96:85:39:48:bd:36:03:bb:a9:94:63:c4:05:
                    b2:af:11:ac:8e:3b:8b:c6:95:56:7f:97:0a:9a:67:
                    2c:59:fc:08:74:db:66:95:12:11:02:dd:ea:fb:5a:
                    af:18:00:72:12:b8:61:36:fc:38:a5:d0:86:ab:f1:
                    fd:06:d1:4b:62:72:bb:22:91:f7:0a:61:8b:b6:25:
                    0b:18:1d:d4:8d:b7:6e:a8:b2:16:8b:bd:94:87:c3:
                    47:13:c5:f0:86:92:ad:22:8f:1b:73:d1:a6:66:e0:
                    b4:bd:fa:09:8c:cb:12:14:8f:75:88:a3:c4:40:01:
                    f4:0d:a1:51:f0:c8:c9:32:53:38:e1:85:1a:18:60:
                    a6:02:5e:d7:b6:95:11:ad:94:f6:a3:b7:de:fd:e7:
                    ce:b5:91:86:e4:d8:bd:d5:27:98:c6:73:1f:a0:13:
                    77:0d:b8:ca:3d:d5:07:7a:8f:6e:61:10:a7:84:2f:
                    6d:bf:98:40:b6:ef:23:c5:f3:f1:22:0b:a6:36:fd:
                    f1:9f:e9:33:06:11:9d:6c:8e:b3:a7:dc:f0:9a:10:
                    b3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F8:A8:FD:20:E0:9D:C8:51:58:64:62:51:AE:D7:B3:91:F8:9C:92
            X509v3 Authority Key Identifier:
                keyid:5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/evio_SDgnchRWGRiUa7Xs5H4nJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:9c:bf:00:71:d4:2f:0c:dc:0c:f4:18:7e:82:db:c6:01:c7:
         0d:21:7f:34:16:e0:51:a3:b9:d8:da:e8:7f:dc:e9:1b:a9:de:
         13:52:b2:cd:8a:af:16:b0:9d:85:7b:e4:a2:98:f5:f7:99:e2:
         17:cd:f7:58:af:8a:08:33:72:f5:d5:28:d7:49:8f:fd:5e:2f:
         98:bf:b8:6e:11:be:cd:e9:a4:9b:ca:48:b3:0a:77:5f:e7:46:
         db:82:53:ba:f9:4c:35:b8:8c:ae:df:6e:33:0f:95:ab:6b:35:
         57:3a:41:26:fc:cf:f6:08:f1:e2:1c:0f:d0:c5:b3:f3:7a:dc:
         15:b4:b5:93:51:e8:42:7f:39:7b:04:a8:eb:86:e1:4e:c1:28:
         0c:9e:5f:d1:51:84:f7:5c:d3:87:08:43:c7:fa:75:b4:22:e7:
         88:55:eb:b5:24:da:58:a2:9b:92:b6:d2:9d:16:cd:14:21:d3:
         5b:fc:8d:94:08:26:3f:f7:89:dd:7b:cd:65:76:03:09:f0:ff:
         6e:26:b7:f9:9b:bf:4c:63:50:ff:c5:72:73:df:0e:29:08:4f:
         33:d8:6a:c4:52:a8:4c:62:fa:e4:ae:ce:b7:56:ec:49:ba:75:
         08:4d:f6:a1:08:64:05:94:a6:bc:d9:47:9e:ad:0a:bc:1d:af:
         58:13:2a:16
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvFlhyHMdMH/MEPYdjMFiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMzk5ZmJhOWFhZTlkMmQ2ZmZlNTJhZThjNzRhZTM4ZmM2
YzFhZjEwHhcNMjQwMTAyMTAzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWY4YThmZDIwZTA5ZGM4NTE1ODY0NjI1MWFlZDdiMzkxZjg5YzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVHMw+HHCHK0VbUwKmBApnL9T4sb
4F3lmOX6lsY7t+QtXho1nsPrZYKVkjgt3paFOUi9NgO7qZRjxAWyrxGsjjuLxpVW
f5cKmmcsWfwIdNtmlRIRAt3q+1qvGAByErhhNvw4pdCGq/H9BtFLYnK7IpH3CmGL
tiULGB3UjbduqLIWi72Uh8NHE8XwhpKtIo8bc9GmZuC0vfoJjMsSFI91iKPEQAH0
DaFR8MjJMlM44YUaGGCmAl7XtpURrZT2o7fe/efOtZGG5Ni91SeYxnMfoBN3DbjK
PdUHeo9uYRCnhC9tv5hAtu8jxfPxIgumNv3xn+kzBhGdbI6zp9zwmhCzGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHr4qP0g4J3IUVhkYlGu17OR+JySMB8GA1UdIwQY
MBaAFF45n7qarp0tb/5Srox0rjj8bBrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMt
YmQ4MDlkOWRlZGI5LzEvZXZpb19TRGduY2hSV0dSaVVhN1hzNUg0bkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMtYmQ4MDlkOWRlZGI5
LzEvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEGxjAN
BgkqhkiG9w0BAQsFAAOCAQEAbpy/AHHULwzcDPQYfoLbxgHHDSF/NBbgUaO52Nro
f9zpG6neE1KyzYqvFrCdhXvkopj195niF833WK+KCDNy9dUo10mP/V4vmL+4bhG+
zemkm8pIswp3X+dG24JTuvlMNbiMrt9uMw+Vq2s1VzpBJvzP9gjx4hwP0MWz83rc
FbS1k1HoQn85ewSo64bhTsEoDJ5f0VGE91zThwhDx/p1tCLniFXrtSTaWKKbkrbS
nRbNFCHTW/yNlAgmP/eJ3XvNZXYDCfD/bia3+Zu/TGNQ/8Vyc98OKQhPM9hqxFKo
TGL65K7Ot1bsSbp1CE32oQhkBZSmvNlHnq0KvB2vWBMqFg==
-----END CERTIFICATE-----