Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/EV3ud_ckH0w7IeVW4K21SAkRIBs.roa
File:                     EV3ud_ckH0w7IeVW4K21SAkRIBs.roa (raw, json)
Hash identifier:          F8OhVueHwUkRCiJDAS38pSDUDAI26x+SLRB4Vh0twHY=
Subject key identifier:   11:5D:EE:77:F7:24:1F:4C:3B:21:E5:56:E0:AD:B5:48:09:11:20:1B
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADCC6B8987CF4A05C7A6F69BE2B1B
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/EV3ud_ckH0w7IeVW4K21SAkRIBs.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200670
IP address blocks:        194.183.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dc:c6:b8:98:7c:f4:a0:5c:7a:6f:69:be:2b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=115dee77f7241f4c3b21e556e0adb5480911201b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2b:91:a7:8c:e1:68:86:fc:fc:3c:e0:6b:8d:
                    aa:cd:61:dc:bc:c8:0a:31:9e:96:25:59:39:df:42:
                    38:68:27:50:ae:9e:41:25:d5:b6:85:b0:82:1d:12:
                    ff:dd:bc:10:54:d2:90:56:8e:06:b9:f9:c1:cb:0b:
                    21:52:7c:00:bc:5e:41:78:42:91:28:40:4b:e1:81:
                    48:df:03:1e:4b:43:82:d9:bd:7d:c6:b6:7a:a0:75:
                    74:69:4d:61:31:9e:67:06:ba:d7:4d:cf:93:41:1a:
                    cc:f9:d0:12:4a:33:f2:1c:0f:a8:c0:44:4e:c9:77:
                    8d:ce:f5:9f:6b:ad:19:e4:1c:ea:e1:a9:72:44:e0:
                    1b:2e:9d:3f:4f:e7:b9:42:ee:73:be:c6:b6:a7:25:
                    d5:0b:91:43:74:16:58:71:16:69:c6:21:2f:27:bb:
                    a0:b2:86:34:4e:8f:b2:44:b1:5b:36:43:53:18:d7:
                    45:d8:10:43:d7:cd:73:43:4e:dc:78:4e:9c:b5:80:
                    6f:c4:54:72:1d:67:1a:18:1d:15:2b:3d:83:4b:f9:
                    41:25:1a:64:dd:a4:79:d3:e8:d1:1f:87:e0:bf:5f:
                    f4:94:68:f3:d0:22:89:1f:9d:b7:a5:1a:b1:33:c9:
                    80:6d:a9:69:8c:ca:df:fa:1e:21:4e:c9:02:93:d5:
                    73:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:5D:EE:77:F7:24:1F:4C:3B:21:E5:56:E0:AD:B5:48:09:11:20:1B
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/EV3ud_ckH0w7IeVW4K21SAkRIBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.183.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:8a:64:8f:c7:f0:3b:59:bd:f8:b8:6f:75:91:6a:f4:47:fc:
         d6:d2:b9:49:73:6e:48:34:6d:fc:fc:04:03:65:77:fc:71:b5:
         f3:0b:45:85:81:e1:3d:69:87:5b:c2:a5:10:ed:e3:18:c4:cc:
         65:e8:65:67:23:38:f7:07:a5:f5:75:13:20:32:d0:42:a7:8d:
         3a:d9:26:8c:9f:50:57:1d:85:fb:bc:52:62:a1:8e:b7:f7:2f:
         5c:6e:3c:0a:6f:58:aa:13:08:55:af:61:a3:9b:7e:10:c3:42:
         c4:ef:27:64:2b:91:05:0a:cc:75:a9:42:a2:18:eb:2f:1b:cf:
         20:83:9f:0b:ea:10:d4:87:a1:8a:2e:3f:e9:d2:82:fe:60:06:
         97:c5:73:45:10:ac:d2:b5:73:e9:cf:a5:73:4b:94:c8:2c:fe:
         b0:5b:e7:3f:d9:e7:7f:41:26:18:bf:22:ca:17:66:ac:10:ab:
         bb:e5:3c:8c:05:2e:71:15:3e:92:19:87:e3:aa:d0:66:55:fd:
         74:21:59:b8:e8:20:91:c7:20:b3:54:4f:3a:19:27:10:fe:27:
         7d:74:4a:62:47:c9:46:a5:ff:9e:2c:6c:b1:c5:4d:ab:39:4b:
         31:9b:b8:35:d4:68:78:ea:18:77:31:27:f4:28:9f:86:74:87:
         8a:a5:b5:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tzGuJh89KBcem9pvisbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTVkZWU3N2Y3MjQxZjRjM2IyMWU1NTZlMGFkYjU0ODA5MTEyMDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSuRp4zhaIb8/Dzga42qzWHcvMgK
MZ6WJVk530I4aCdQrp5BJdW2hbCCHRL/3bwQVNKQVo4GufnBywshUnwAvF5BeEKR
KEBL4YFI3wMeS0OC2b19xrZ6oHV0aU1hMZ5nBrrXTc+TQRrM+dASSjPyHA+owERO
yXeNzvWfa60Z5Bzq4alyROAbLp0/T+e5Qu5zvsa2pyXVC5FDdBZYcRZpxiEvJ7ug
soY0To+yRLFbNkNTGNdF2BBD181zQ07ceE6ctYBvxFRyHWcaGB0VKz2DS/lBJRpk
3aR50+jRH4fgv1/0lGjz0CKJH523pRqxM8mAbalpjMrf+h4hTskCk9VzfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBFd7nf3JB9MOyHlVuCttUgJESAbMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvRVYzdWRfY2tIMHc3SWVWVzRLMjFTQWtSSUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrc4MA0G
CSqGSIb3DQEBCwUAA4IBAQCBimSPx/A7Wb34uG91kWr0R/zW0rlJc25ING38/AQD
ZXf8cbXzC0WFgeE9aYdbwqUQ7eMYxMxl6GVnIzj3B6X1dRMgMtBCp4062SaMn1BX
HYX7vFJioY639y9cbjwKb1iqEwhVr2Gjm34Qw0LE7ydkK5EFCsx1qUKiGOsvG88g
g58L6hDUh6GKLj/p0oL+YAaXxXNFEKzStXPpz6VzS5TILP6wW+c/2ed/QSYYvyLK
F2asEKu75TyMBS5xFT6SGYfjqtBmVf10IVm46CCRxyCzVE86GScQ/id9dEpiR8lG
pf+eLGyxxU2rOUsxm7g11Gh46hh3MSf0KJ+GdIeKpbUk
-----END CERTIFICATE-----