Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/hV7VugfTrxtsRz6O4M5jJgAt3No.roa
File:                     hV7VugfTrxtsRz6O4M5jJgAt3No.roa (raw, json)
Hash identifier:          RgpMSveW1b6vOKY/vE+Iw45eF5BWie377bz8HvKp5Ss=
Subject key identifier:   85:5E:D5:BA:07:D3:AF:1B:6C:47:3E:8E:E0:CE:63:26:00:2D:DC:DA
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018F13E2E8BE0CE4E54D122914FCA46C34A0
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/hV7VugfTrxtsRz6O4M5jJgAt3No.roa
Signing time:             Thu 25 Apr 2024 06:13:08 +0000
ROA not before:           Thu 25 Apr 2024 06:13:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56369
IP address blocks:        90.84.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 10:36:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:13:e2:e8:be:0c:e4:e5:4d:12:29:14:fc:a4:6c:34:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Apr 25 06:13:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=855ed5ba07d3af1b6c473e8ee0ce6326002ddcda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f1:5a:2d:24:8a:29:a7:b9:e0:5e:5e:ca:17:
                    ff:b5:f9:ce:9e:f5:9a:5d:e6:06:3b:e3:44:27:02:
                    61:93:c6:d1:76:9c:ef:27:28:0d:d3:9f:c9:ae:b5:
                    4a:59:d3:f4:5f:4c:47:00:b2:eb:99:a3:8d:eb:f0:
                    c8:88:b7:e7:d1:58:f6:ff:11:b3:5b:83:d7:1b:68:
                    6c:d9:ba:a6:ed:a3:e9:21:f9:57:d9:c7:62:4f:6a:
                    5a:cb:0b:83:9d:d3:46:9a:60:bf:16:02:47:4e:90:
                    36:5e:ad:ba:5a:c0:97:84:91:46:b2:84:d3:d4:75:
                    bc:ab:41:ef:a9:e8:9c:89:75:ee:3f:6b:69:71:86:
                    48:33:13:18:73:cb:40:b5:58:36:93:4d:94:eb:2c:
                    70:59:f3:7e:6f:8c:39:17:0e:b0:e0:ab:27:07:06:
                    61:6c:14:65:d3:3a:f0:94:08:cf:75:ea:ef:ad:dc:
                    5c:ec:86:87:e7:8e:c3:bb:1d:4e:3d:e1:4e:b8:a4:
                    10:79:a6:f1:40:70:4b:42:7a:10:29:b5:08:af:b8:
                    cb:68:b5:38:21:c9:af:cf:5c:00:7a:a9:f6:2d:ac:
                    b3:59:61:32:6d:96:a9:a8:90:b8:b7:88:83:d7:eb:
                    37:b9:15:1a:41:01:c5:3c:fc:3e:99:5e:0c:cf:57:
                    ce:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:5E:D5:BA:07:D3:AF:1B:6C:47:3E:8E:E0:CE:63:26:00:2D:DC:DA
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/hV7VugfTrxtsRz6O4M5jJgAt3No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.84.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         06:e5:dd:b5:2c:a5:5c:95:4f:b4:4b:11:13:23:c1:a8:8b:72:
         b3:a9:5b:ab:f5:57:48:6e:61:51:38:ca:9c:90:be:a6:3e:a2:
         45:a9:5e:b2:4f:f0:b4:d3:5b:9f:6f:d8:56:04:8a:58:68:bd:
         c6:22:37:d4:bd:b6:9b:bc:93:5f:0c:a5:ab:81:19:f2:51:7a:
         d2:0c:ea:78:2d:6d:10:61:ef:21:f8:30:73:72:89:8d:22:ce:
         0b:70:54:76:8f:4a:a9:c7:10:b9:f9:00:8e:6b:b3:08:d6:ce:
         87:d1:03:36:89:26:34:e9:5f:ee:c9:a6:b4:83:d4:a5:cb:d8:
         e2:11:38:85:74:dc:6b:c4:cb:05:b1:1a:52:97:f9:0f:e7:d5:
         74:3a:c1:bd:ff:03:d6:d5:8e:79:f9:62:f7:d9:53:b1:0e:55:
         ed:10:93:59:fb:c1:f2:9a:58:80:3d:26:47:05:c6:fa:a4:61:
         7f:99:36:87:88:04:a5:af:c3:71:42:28:eb:5c:3c:26:9e:10:
         79:fc:26:f8:da:8f:ed:df:b3:8f:3a:e8:4b:77:c0:32:de:a2:
         a8:b8:3f:53:fb:0d:14:75:a3:c1:be:33:df:e8:b8:97:fa:aa:
         ee:78:76:9b:1e:a9:88:55:ea:a1:2e:6a:0c:95:19:c2:7e:64:
         4e:16:3b:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8T4ui+DOTlTRIpFPykbDSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwNDI1MDYxMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVlZDViYTA3ZDNhZjFiNmM0NzNlOGVlMGNlNjMyNjAwMmRkY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfFaLSSKKae54F5eyhf/tfnOnvWa
XeYGO+NEJwJhk8bRdpzvJygN05/JrrVKWdP0X0xHALLrmaON6/DIiLfn0Vj2/xGz
W4PXG2hs2bqm7aPpIflX2cdiT2paywuDndNGmmC/FgJHTpA2Xq26WsCXhJFGsoTT
1HW8q0HvqeiciXXuP2tpcYZIMxMYc8tAtVg2k02U6yxwWfN+b4w5Fw6w4KsnBwZh
bBRl0zrwlAjPdervrdxc7IaH547Dux1OPeFOuKQQeabxQHBLQnoQKbUIr7jLaLU4
Icmvz1wAeqn2LayzWWEybZapqJC4t4iD1+s3uRUaQQHFPPw+mV4Mz1fOeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVe1boH068bbEc+juDOYyYALdzaMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvaFY3VnVnZlRyeHRzUno2TzRNNWpKZ0F0M05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFWlRgMA0G
CSqGSIb3DQEBCwUAA4IBAQAG5d21LKVclU+0SxETI8Goi3KzqVur9VdIbmFROMqc
kL6mPqJFqV6yT/C001ufb9hWBIpYaL3GIjfUvbabvJNfDKWrgRnyUXrSDOp4LW0Q
Ye8h+DBzcomNIs4LcFR2j0qpxxC5+QCOa7MI1s6H0QM2iSY06V/uyaa0g9Sly9ji
ETiFdNxrxMsFsRpSl/kP59V0OsG9/wPW1Y55+WL32VOxDlXtEJNZ+8HymliAPSZH
Bcb6pGF/mTaHiASlr8NxQijrXDwmnhB5/Cb42o/t37OPOuhLd8Ay3qKouD9T+w0U
daPBvjPf6LiX+qrueHabHqmIVeqhLmoMlRnCfmROFjs4
-----END CERTIFICATE-----