Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/EDVeOzODAxaPP6k3BsdFx655mbY.roa
File:                     EDVeOzODAxaPP6k3BsdFx655mbY.roa (raw, json)
Hash identifier:          z80v3R8JQBvoV72W7xVa3p1K6Q9qiKJpgC5vh5b98nY=
Subject key identifier:   10:35:5E:3B:33:83:03:16:8F:3F:A9:37:06:C7:45:C7:AE:79:99:B6
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       018CDA46E45B4B2BA63CFC63B295CC8601B1
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/EDVeOzODAxaPP6k3BsdFx655mbY.roa
Signing time:             Fri 05 Jan 2024 15:38:48 +0000
ROA not before:           Fri 05 Jan 2024 15:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31204
IP address blocks:        89.149.64.0/18 maxlen: 18
                          83.218.192.0/19 maxlen: 19
                          89.149.84.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:da:46:e4:5b:4b:2b:a6:3c:fc:63:b2:95:cc:86:01:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Jan  5 15:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10355e3b338303168f3fa93706c745c7ae7999b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b7:72:16:6c:2b:c0:6e:49:f5:6c:fb:fc:2f:
                    da:b3:8a:c0:08:83:42:a2:ed:34:0c:8e:57:dd:33:
                    48:59:ba:2a:35:56:85:19:d9:e4:c0:28:8f:d3:26:
                    c2:91:e5:61:8c:07:00:39:47:39:83:c1:80:9e:22:
                    4f:e9:15:e9:5c:f9:8d:0c:c5:97:2a:97:68:8a:76:
                    f9:a8:fa:1c:cd:7b:84:7d:82:65:35:24:0a:36:6e:
                    9b:2c:a2:32:43:13:f6:a0:96:61:cb:fe:06:da:71:
                    c2:db:4c:34:3f:81:b2:55:91:72:fc:4a:ee:3b:f1:
                    27:ca:1c:75:f5:50:7d:94:45:0d:4c:25:ab:bf:16:
                    a4:e4:f5:1a:6c:6c:5e:f6:00:90:fa:84:7d:c0:37:
                    9c:35:58:d6:d5:a6:c8:32:91:d8:7c:0a:7e:90:74:
                    ec:45:95:ff:04:29:4a:81:8e:bc:48:20:c2:76:77:
                    e0:f9:86:31:1f:ec:21:f7:7a:eb:8f:ce:4b:4d:d1:
                    e2:fc:b0:90:57:6a:40:6e:1f:a5:0a:8e:25:33:68:
                    c5:2a:f5:08:ca:de:d3:ff:d6:2c:58:46:49:65:9c:
                    c7:b1:ae:da:21:0f:d0:91:c7:b4:07:a1:14:fe:a6:
                    6d:cf:e7:ff:9a:0e:1e:77:a3:36:88:4d:98:d6:f8:
                    6e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:35:5E:3B:33:83:03:16:8F:3F:A9:37:06:C7:45:C7:AE:79:99:B6
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/EDVeOzODAxaPP6k3BsdFx655mbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.218.192.0/19
                  89.149.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         68:c3:80:23:1a:44:f6:d1:b0:cd:b2:d0:38:a0:94:2d:03:98:
         f5:f4:38:0e:72:47:7a:64:4c:87:95:2e:f5:a4:32:30:90:d3:
         56:c1:47:e1:b9:f8:4b:a1:ee:25:b8:4b:62:37:3d:93:b7:f4:
         38:bb:5a:11:38:62:74:7b:55:65:9d:f3:b0:fe:14:7c:2c:87:
         11:b3:a6:9e:ea:10:e7:c0:f3:75:63:4e:a3:26:5c:8d:de:0e:
         82:c4:b4:f5:45:6d:cc:34:7d:11:b7:86:ac:fe:89:2c:6e:97:
         aa:89:10:79:23:b8:14:48:02:28:c0:6d:50:10:c9:ca:43:5d:
         40:f6:fe:ed:56:67:8d:ec:0f:04:ef:dc:81:9d:e1:12:80:aa:
         bb:0d:70:44:ce:8c:b7:35:1b:d9:95:90:30:a0:48:42:e7:f0:
         df:de:65:62:c3:3f:72:8f:68:5f:61:9d:45:75:48:5c:dc:48:
         79:19:09:04:09:55:0d:db:b8:74:9e:fd:78:db:66:6c:cd:d2:
         fc:63:7d:f5:72:c3:63:85:93:39:21:7a:dc:2a:dd:25:b6:01:
         fd:b9:44:8e:14:91:f1:0c:0c:68:72:93:f1:52:12:a0:d4:20:
         f1:02:5d:90:3b:b6:59:c7:42:35:ac:29:47:55:43:82:4b:e1:
         cc:c5:a8:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzaRuRbSyumPPxjspXMhgGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjQwMTA1MTUzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDM1NWUzYjMzODMwMzE2OGYzZmE5MzcwNmM3NDVjN2FlNzk5OWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7dyFmwrwG5J9Wz7/C/as4rACINC
ou00DI5X3TNIWboqNVaFGdnkwCiP0ybCkeVhjAcAOUc5g8GAniJP6RXpXPmNDMWX
Kpdoinb5qPoczXuEfYJlNSQKNm6bLKIyQxP2oJZhy/4G2nHC20w0P4GyVZFy/Eru
O/Enyhx19VB9lEUNTCWrvxak5PUabGxe9gCQ+oR9wDecNVjW1abIMpHYfAp+kHTs
RZX/BClKgY68SCDCdnfg+YYxH+wh93rrj85LTdHi/LCQV2pAbh+lCo4lM2jFKvUI
yt7T/9YsWEZJZZzHsa7aIQ/Qkce0B6EU/qZtz+f/mg4ed6M2iE2Y1vhuVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBA1XjszgwMWjz+pNwbHRceueZm2MB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvRURWZU96T0RBeGFQUDZrM0JzZEZ4NjU1bWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFU9rAAwQG
WZVAMA0GCSqGSIb3DQEBCwUAA4IBAQBow4AjGkT20bDNstA4oJQtA5j19DgOckd6
ZEyHlS71pDIwkNNWwUfhufhLoe4luEtiNz2Tt/Q4u1oROGJ0e1VlnfOw/hR8LIcR
s6ae6hDnwPN1Y06jJlyN3g6CxLT1RW3MNH0Rt4as/oksbpeqiRB5I7gUSAIowG1Q
EMnKQ11A9v7tVmeN7A8E79yBneESgKq7DXBEzoy3NRvZlZAwoEhC5/Df3mViwz9y
j2hfYZ1FdUhc3Eh5GQkECVUN27h0nv1422ZszdL8Y331csNjhZM5IXrcKt0ltgH9
uUSOFJHxDAxocpPxUhKg1CDxAl2QO7ZZx0I1rClHVUOCS+HMxai3
-----END CERTIFICATE-----