Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/evvEv3Mx0hzGYC0q_FD_47GWTKY.roa
File:                     evvEv3Mx0hzGYC0q_FD_47GWTKY.roa (raw, json)
Hash identifier:          9SOP/tWDP3qEJ/fMNKMu5H5HBnUEGmkzFCny6T6WPeA=
Subject key identifier:   7A:FB:C4:BF:73:31:D2:1C:C6:60:2D:2A:FC:50:FF:E3:B1:96:4C:A6
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       018CC4933D089E2B0542549F8DB5E06BA72E
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/evvEv3Mx0hzGYC0q_FD_47GWTKY.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210283
IP address blocks:        91.228.200.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3d:08:9e:2b:05:42:54:9f:8d:b5:e0:6b:a7:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7afbc4bf7331d21cc6602d2afc50ffe3b1964ca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:53:5c:b0:43:26:6a:c8:8c:aa:f7:76:ed:38:
                    eb:f0:82:b5:02:29:3f:f2:67:c2:bb:48:5f:d5:9e:
                    65:7f:70:93:4c:8b:f5:54:15:9e:3e:3b:49:b8:83:
                    09:dd:0d:72:aa:e8:ee:62:4d:29:e9:6c:a2:33:09:
                    30:45:a4:8e:95:c8:ab:7b:67:7f:9d:8c:b9:3e:dc:
                    bd:87:ce:4b:ba:b3:5e:d8:02:e4:97:71:23:a5:a6:
                    7e:c8:18:71:0d:20:f2:c8:70:b0:d5:6f:a5:68:b9:
                    05:65:45:dc:29:1d:8f:c8:07:3c:00:33:6d:2e:0b:
                    63:4e:e0:ed:70:53:5d:8b:66:9f:23:9f:8c:10:c7:
                    8b:b2:db:e1:c5:2f:6e:31:43:e5:31:1c:72:5f:e6:
                    c7:ce:a8:ae:9e:2c:6a:b7:7d:8f:08:3b:79:2f:c6:
                    3a:d7:0b:1d:6b:47:fe:5f:ec:05:57:5d:07:18:6c:
                    33:36:9e:17:99:9c:a9:f9:d6:11:5c:df:4c:c0:be:
                    f6:c1:e5:65:ea:f1:ac:ca:96:a0:34:7c:b8:d6:7b:
                    0e:79:26:63:e2:81:34:3e:a5:d9:c1:d4:5c:0f:61:
                    34:d6:e8:b8:da:fa:b9:37:14:76:9e:5a:c6:0a:d9:
                    3f:f3:9c:32:fd:f6:27:aa:51:4d:2f:92:cc:12:78:
                    1a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FB:C4:BF:73:31:D2:1C:C6:60:2D:2A:FC:50:FF:E3:B1:96:4C:A6
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/evvEv3Mx0hzGYC0q_FD_47GWTKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:49:29:66:de:25:d2:9b:7d:1d:e1:97:3c:9a:09:48:ae:3f:
         7e:aa:a1:38:a1:91:c7:d7:2d:7e:c8:85:b3:6f:4b:3e:43:2d:
         79:40:f8:fc:1f:c4:ff:e0:96:d0:ff:5f:da:2a:12:8e:2d:3a:
         78:cc:52:55:08:97:40:20:c9:ae:42:cc:3c:31:e1:c2:c3:03:
         de:c2:8c:d9:e1:7a:47:b1:79:ae:22:8c:f3:eb:fa:7b:86:34:
         56:5e:b7:1a:6f:8b:c1:75:9f:cf:33:f3:c2:a6:40:d5:57:51:
         55:8e:6f:99:3d:da:ed:ec:55:f7:7d:5d:09:a9:db:29:fc:ce:
         ea:cf:79:1b:04:eb:74:4d:4b:09:21:6d:bb:e5:a7:e6:db:27:
         3d:24:83:58:40:e6:58:7c:86:00:dd:96:68:25:f5:52:f0:5a:
         33:6b:d5:72:c7:86:db:57:ae:9e:fc:1a:f0:f0:d9:5a:74:04:
         16:ba:c5:4b:2e:a4:4e:6e:31:b3:0f:8a:21:36:32:e5:54:75:
         c4:d8:8e:3d:10:e4:0d:be:29:9e:4d:7b:bc:ce:e2:32:82:9e:
         0f:f7:20:33:72:2f:14:68:f2:8d:e8:f0:7c:be:0f:30:3b:e9:
         f3:b4:59:1d:49:44:63:79:99:5d:98:9f:b0:16:38:d6:81:08:
         37:6a:d0:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkz0InisFQlSfjbXga6cuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWZiYzRiZjczMzFkMjFjYzY2MDJkMmFmYzUwZmZlM2IxOTY0Y2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VNcsEMmasiMqvd27Tjr8IK1Aik/
8mfCu0hf1Z5lf3CTTIv1VBWePjtJuIMJ3Q1yqujuYk0p6WyiMwkwRaSOlcire2d/
nYy5Pty9h85LurNe2ALkl3EjpaZ+yBhxDSDyyHCw1W+laLkFZUXcKR2PyAc8ADNt
LgtjTuDtcFNdi2afI5+MEMeLstvhxS9uMUPlMRxyX+bHzqiunixqt32PCDt5L8Y6
1wsda0f+X+wFV10HGGwzNp4XmZyp+dYRXN9MwL72weVl6vGsypagNHy41nsOeSZj
4oE0PqXZwdRcD2E01ui42vq5NxR2nlrGCtk/85wy/fYnqlFNL5LMEnga9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHr7xL9zMdIcxmAtKvxQ/+OxlkymMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvZXZ2RXYzTXgwaHpHWUMwcV9GRF80N0dXVEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+TIMA0G
CSqGSIb3DQEBCwUAA4IBAQBrSSlm3iXSm30d4Zc8mglIrj9+qqE4oZHH1y1+yIWz
b0s+Qy15QPj8H8T/4JbQ/1/aKhKOLTp4zFJVCJdAIMmuQsw8MeHCwwPewozZ4XpH
sXmuIozz6/p7hjRWXrcab4vBdZ/PM/PCpkDVV1FVjm+ZPdrt7FX3fV0Jqdsp/M7q
z3kbBOt0TUsJIW275afm2yc9JINYQOZYfIYA3ZZoJfVS8Foza9Vyx4bbV66e/Brw
8NladAQWusVLLqRObjGzD4ohNjLlVHXE2I49EOQNvimeTXu8zuIygp4P9yAzci8U
aPKN6PB8vg8wO+nztFkdSURjeZldmJ+wFjjWgQg3atDL
-----END CERTIFICATE-----