Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/42d3db-e0c3-4a41-b7e9-2b9bf8051c8b/1/DyEVA85Ygw50CWJCZjoG5j0hQiI.roa
File:                     DyEVA85Ygw50CWJCZjoG5j0hQiI.roa (raw, json)
Hash identifier:          yeFD+xOmh0Js7i3CdvSFbodn7u9dSny2tmOjegN6Gww=
Subject key identifier:   0F:21:15:03:CE:58:83:0E:74:09:62:42:66:3A:06:E6:3D:21:42:22
Certificate issuer:       /CN=b91be2b3679904b60a2fc399b78081c86b038d99
Certificate serial:       018CC726E86D826C4D4820FB191E033EB348
Authority key identifier: B9:1B:E2:B3:67:99:04:B6:0A:2F:C3:99:B7:80:81:C8:6B:03:8D:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRvis2eZBLYKL8OZt4CByGsDjZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/42d3db-e0c3-4a41-b7e9-2b9bf8051c8b/1/DyEVA85Ygw50CWJCZjoG5j0hQiI.roa
Signing time:             Mon 01 Jan 2024 22:31:05 +0000
ROA not before:           Mon 01 Jan 2024 22:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198492
IP address blocks:        83.229.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/42d3db-e0c3-4a41-b7e9-2b9bf8051c8b/1/uRvis2eZBLYKL8OZt4CByGsDjZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/42d3db-e0c3-4a41-b7e9-2b9bf8051c8b/1/uRvis2eZBLYKL8OZt4CByGsDjZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRvis2eZBLYKL8OZt4CByGsDjZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e8:6d:82:6c:4d:48:20:fb:19:1e:03:3e:b3:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91be2b3679904b60a2fc399b78081c86b038d99
        Validity
            Not Before: Jan  1 22:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f211503ce58830e74096242663a06e63d214222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6b:19:74:4b:ac:6e:93:83:0c:e9:7c:82:4c:
                    43:1b:91:82:92:b5:dc:b0:f6:51:d9:aa:2a:51:f0:
                    3e:c3:7c:a6:c2:05:73:d5:ef:8d:db:18:a4:ca:f4:
                    30:1a:b2:b3:56:6f:51:c6:44:5d:3c:cf:2b:48:33:
                    f3:45:e0:e9:78:5e:f3:a8:4d:26:0e:19:66:1b:cb:
                    77:67:8a:a3:ff:48:c1:4a:9b:04:cc:0b:dc:b4:28:
                    67:c4:b8:42:95:f1:85:88:6b:75:9d:ac:67:ee:64:
                    0b:f1:f3:13:b9:42:72:ac:ca:b1:0c:77:ff:dc:b3:
                    73:15:ef:c4:20:16:a1:7c:be:b8:a2:76:87:f9:73:
                    0d:7d:b3:3e:12:c1:cc:26:22:f2:f6:dc:4a:06:7b:
                    fd:1e:93:0c:c8:8f:67:a9:a9:b2:dc:47:46:9a:9f:
                    26:8d:60:df:20:a6:78:17:b2:ce:d9:ff:83:86:81:
                    1c:dd:f6:52:c2:6c:f6:49:81:26:ae:b3:70:2a:60:
                    2f:52:4e:f9:44:d7:7a:a6:48:9b:f5:a2:7d:b9:d0:
                    28:82:c7:b1:e1:96:eb:98:69:74:7a:40:87:89:e9:
                    af:9d:55:19:59:b9:cc:38:0c:64:ad:7a:09:c3:b9:
                    f4:8b:8a:6f:40:09:2b:20:3c:6d:17:af:c7:32:7b:
                    ee:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:21:15:03:CE:58:83:0E:74:09:62:42:66:3A:06:E6:3D:21:42:22
            X509v3 Authority Key Identifier:
                keyid:B9:1B:E2:B3:67:99:04:B6:0A:2F:C3:99:B7:80:81:C8:6B:03:8D:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRvis2eZBLYKL8OZt4CByGsDjZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/42d3db-e0c3-4a41-b7e9-2b9bf8051c8b/1/DyEVA85Ygw50CWJCZjoG5j0hQiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/42d3db-e0c3-4a41-b7e9-2b9bf8051c8b/1/uRvis2eZBLYKL8OZt4CByGsDjZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.229.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:e5:e1:29:10:bc:22:15:1d:45:07:12:32:fa:70:11:70:d5:
         92:19:b4:f3:ef:a6:be:8e:03:ab:cb:d1:9b:15:91:cb:61:1a:
         b4:16:36:a4:db:b4:0e:36:76:59:49:f5:40:64:3d:25:a2:6c:
         ae:d1:4d:92:bb:c1:0d:aa:bf:28:01:c7:1b:b1:fb:8b:8e:24:
         07:72:c5:d1:99:81:3c:e4:c2:36:9a:30:0c:39:59:95:f5:20:
         26:e4:bd:98:e2:07:30:dd:a3:5b:bc:53:de:ae:ce:52:56:f1:
         6d:cd:d7:75:ef:4a:a3:bd:39:89:1e:a7:ee:c7:82:5b:82:fa:
         7e:1a:88:7c:2e:b0:3f:33:3b:0a:3d:b8:eb:b6:74:bf:2d:dc:
         07:99:ec:d6:64:50:9e:dd:80:5f:07:6b:d8:96:24:8a:3c:57:
         db:d1:ea:5c:ea:2f:ef:62:2f:ca:6f:50:73:c8:a2:da:4f:5b:
         cb:66:93:ff:f4:54:9f:31:ee:a6:1d:12:cd:23:eb:6c:06:4a:
         43:62:a5:68:a0:aa:6e:13:aa:c7:d6:9a:d1:c6:48:d1:52:21:
         f1:f9:e9:6e:6c:d7:f8:82:79:00:fc:e7:2f:f8:f1:6a:3e:f9:
         04:37:06:ed:ea:a8:a7:59:cd:38:98:29:e1:77:c8:f9:e7:9f:
         d1:44:c1:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuhtgmxNSCD7GR4DPrNIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWJlMmIzNjc5OTA0YjYwYTJmYzM5OWI3ODA4MWM4NmIw
MzhkOTkwHhcNMjQwMTAxMjIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIxMTUwM2NlNTg4MzBlNzQwOTYyNDI2NjNhMDZlNjNkMjE0MjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGsZdEusbpODDOl8gkxDG5GCkrXc
sPZR2aoqUfA+w3ymwgVz1e+N2xikyvQwGrKzVm9RxkRdPM8rSDPzReDpeF7zqE0m
DhlmG8t3Z4qj/0jBSpsEzAvctChnxLhClfGFiGt1naxn7mQL8fMTuUJyrMqxDHf/
3LNzFe/EIBahfL64onaH+XMNfbM+EsHMJiLy9txKBnv9HpMMyI9nqamy3EdGmp8m
jWDfIKZ4F7LO2f+DhoEc3fZSwmz2SYEmrrNwKmAvUk75RNd6pkib9aJ9udAogsex
4ZbrmGl0ekCHiemvnVUZWbnMOAxkrXoJw7n0i4pvQAkrIDxtF6/HMnvuGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8hFQPOWIMOdAliQmY6BuY9IUIiMB8GA1UdIwQY
MBaAFLkb4rNnmQS2Ci/DmbeAgchrA42ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ2aXMyZVpCTFlLTDhPWnQ0Q0J5R3NEalprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi80MmQzZGItZTBjMy00YTQxLWI3ZTkt
MmI5YmY4MDUxYzhiLzEvRHlFVkE4NVlndzUwQ1dKQ1pqb0c1ajBoUWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi80MmQzZGItZTBjMy00YTQxLWI3ZTktMmI5YmY4MDUxYzhi
LzEvdVJ2aXMyZVpCTFlLTDhPWnQ0Q0J5R3NEalprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU+U4MA0G
CSqGSIb3DQEBCwUAA4IBAQCN5eEpELwiFR1FBxIy+nARcNWSGbTz76a+jgOry9Gb
FZHLYRq0Fjak27QONnZZSfVAZD0lomyu0U2Su8ENqr8oAccbsfuLjiQHcsXRmYE8
5MI2mjAMOVmV9SAm5L2Y4gcw3aNbvFPers5SVvFtzdd170qjvTmJHqfux4Jbgvp+
Goh8LrA/MzsKPbjrtnS/LdwHmezWZFCe3YBfB2vYliSKPFfb0epc6i/vYi/Kb1Bz
yKLaT1vLZpP/9FSfMe6mHRLNI+tsBkpDYqVooKpuE6rH1prRxkjRUiHx+elubNf4
gnkA/Ocv+PFqPvkENwbt6qinWc04mCnhd8j555/RRMFz
-----END CERTIFICATE-----