Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/Evood4BDOdtG-I6frj71Wc0oThY.roa
File:                     Evood4BDOdtG-I6frj71Wc0oThY.roa (raw, json)
Hash identifier:          w2v/HbWzdUCaTjGr0oxPoGr+r6ola4Pmy+KspoS99qg=
Subject key identifier:   12:FA:28:77:80:43:39:DB:46:F8:8E:9F:AE:3E:F5:59:CD:28:4E:16
Certificate issuer:       /CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
Certificate serial:       018D7ACA01550E88C220157256FB2AA76B28
Authority key identifier: B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/Evood4BDOdtG-I6frj71Wc0oThY.roa
Signing time:             Mon 05 Feb 2024 19:41:15 +0000
ROA not before:           Mon 05 Feb 2024 19:41:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29404
IP address blocks:        217.73.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:ca:01:55:0e:88:c2:20:15:72:56:fb:2a:a7:6b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b862b85a1d2c51d99069ca3a5aff52ecc6a9aab4
        Validity
            Not Before: Feb  5 19:41:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12fa2877804339db46f88e9fae3ef559cd284e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b0:b8:6e:25:58:a9:7d:cc:d5:47:0e:d6:13:
                    1e:b0:2b:ef:70:f0:3f:e8:89:18:de:ec:0e:dc:0c:
                    f6:1f:d1:4a:88:08:63:e1:b4:f5:1d:ad:21:af:9f:
                    49:98:79:ac:ab:46:9a:34:96:cc:ef:f6:4c:28:66:
                    78:12:a9:5c:3b:65:90:01:d2:80:45:a7:8e:a9:0f:
                    3f:2a:34:4f:60:5b:b6:f3:65:c5:57:ed:5f:57:33:
                    c2:93:46:1e:e1:95:f8:2e:56:5b:f3:50:f3:df:32:
                    ca:23:d0:7a:99:e4:4d:1e:46:aa:4c:63:ee:0f:88:
                    52:c6:1d:ab:33:02:03:af:d6:02:e0:84:24:0f:50:
                    7c:b5:30:36:9f:b7:75:3f:20:05:2b:5d:ba:b4:94:
                    64:95:9f:dd:9e:fc:4c:bb:6b:9c:86:10:03:ed:87:
                    e9:2d:a9:96:f2:e8:a1:b5:fd:5e:66:eb:f5:67:a9:
                    73:50:e3:64:a1:22:b1:bc:14:39:ee:76:de:60:4e:
                    82:d4:38:50:b9:ba:48:13:4c:69:6d:aa:3a:a2:e8:
                    61:80:81:dd:c0:41:dc:9d:33:de:8f:94:cb:5e:96:
                    74:bd:bb:76:e5:9f:77:71:92:1f:cd:c9:f4:37:e0:
                    a0:d5:85:c2:bc:65:e0:36:be:15:4e:18:4f:eb:07:
                    38:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FA:28:77:80:43:39:DB:46:F8:8E:9F:AE:3E:F5:59:CD:28:4E:16
            X509v3 Authority Key Identifier:
                keyid:B8:62:B8:5A:1D:2C:51:D9:90:69:CA:3A:5A:FF:52:EC:C6:A9:AA:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/Evood4BDOdtG-I6frj71Wc0oThY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/cb220f-1a3a-4cba-82cf-278fd475f3fb/1/uGK4Wh0sUdmQaco6Wv9S7MapqrQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.73.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:a2:24:1d:37:3c:64:6f:ee:a9:61:47:a2:de:66:ac:59:9b:
         f1:01:d2:96:15:8c:ed:8d:ae:c5:72:8d:30:cf:39:35:65:de:
         35:53:1a:7f:cc:23:c4:19:19:f6:ab:3a:70:7e:57:c6:33:14:
         ce:82:14:84:0a:fc:be:a1:bc:af:32:fa:75:8b:1f:cc:4b:fa:
         6d:48:e4:58:8d:3b:53:d9:8c:af:55:3d:db:9d:68:74:b4:be:
         80:50:f5:08:5a:22:a0:10:15:92:ea:fc:94:70:6f:eb:ce:10:
         71:02:01:92:f3:95:ee:08:b4:d2:7c:36:61:c5:33:bf:ba:ba:
         f7:a1:6c:01:7e:f6:fd:b9:43:d4:84:8a:6c:7a:59:fe:28:1d:
         2a:f2:0f:95:4b:97:d0:9e:d7:ee:c8:d0:1c:43:70:48:0f:ea:
         04:4b:42:69:fa:e6:89:a3:a0:7a:ad:b0:43:30:32:b5:6a:5c:
         1d:49:4e:79:1d:dd:68:dd:3a:51:0a:43:5f:ea:44:fe:90:5a:
         47:45:44:d7:5b:41:f5:99:4b:ab:4f:02:6f:2d:e9:1f:03:88:
         fe:45:33:4f:3e:ad:af:8d:fd:ff:8f:a1:f8:fd:01:d6:91:d0:
         10:cd:cf:8a:fa:c6:92:ca:f0:60:75:d3:ed:ce:ea:92:3c:b0:
         66:6f:f4:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16ygFVDojCIBVyVvsqp2soMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjJiODVhMWQyYzUxZDk5MDY5Y2EzYTVhZmY1MmVjYzZh
OWFhYjQwHhcNMjQwMjA1MTk0MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmZhMjg3NzgwNDMzOWRiNDZmODhlOWZhZTNlZjU1OWNkMjg0ZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibC4biVYqX3M1UcO1hMesCvvcPA/
6IkY3uwO3Az2H9FKiAhj4bT1Ha0hr59JmHmsq0aaNJbM7/ZMKGZ4EqlcO2WQAdKA
RaeOqQ8/KjRPYFu282XFV+1fVzPCk0Ye4ZX4LlZb81Dz3zLKI9B6meRNHkaqTGPu
D4hSxh2rMwIDr9YC4IQkD1B8tTA2n7d1PyAFK126tJRklZ/dnvxMu2uchhAD7Yfp
LamW8uihtf1eZuv1Z6lzUONkoSKxvBQ57nbeYE6C1DhQubpIE0xpbao6ouhhgIHd
wEHcnTPej5TLXpZ0vbt25Z93cZIfzcn0N+Cg1YXCvGXgNr4VThhP6wc4ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBL6KHeAQznbRviOn64+9VnNKE4WMB8GA1UdIwQY
MBaAFLhiuFodLFHZkGnKOlr/UuzGqaq0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2Yt
Mjc4ZmQ0NzVmM2ZiLzEvRXZvb2Q0QkRPZHRHLUk2ZnJqNzFXYzBvVGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9jYjIyMGYtMWEzYS00Y2JhLTgyY2YtMjc4ZmQ0NzVmM2Zi
LzEvdUdLNFdoMHNVZG1RYWNvNld2OVM3TWFwcXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UmQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSoiQdNzxkb+6pYUei3masWZvxAdKWFYztja7Fco0w
zzk1Zd41Uxp/zCPEGRn2qzpwflfGMxTOghSECvy+obyvMvp1ix/MS/ptSORYjTtT
2YyvVT3bnWh0tL6AUPUIWiKgEBWS6vyUcG/rzhBxAgGS85XuCLTSfDZhxTO/urr3
oWwBfvb9uUPUhIpseln+KB0q8g+VS5fQntfuyNAcQ3BID+oES0Jp+uaJo6B6rbBD
MDK1alwdSU55Hd1o3TpRCkNf6kT+kFpHRUTXW0H1mUurTwJvLekfA4j+RTNPPq2v
jf3/j6H4/QHWkdAQzc+K+saSyvBgddPtzuqSPLBmb/Tm
-----END CERTIFICATE-----