Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/f5210d-0590-43a3-9eed-6a83563b655b/1/EVU-Poniv3n2LM3iRSFCwjgEoBI.roa
File:                     EVU-Poniv3n2LM3iRSFCwjgEoBI.roa (raw, json)
Hash identifier:          3+1TMolT3uq8YkC0OCyM8m4Hl4+pqlkDi5fB1nobvFA=
Subject key identifier:   11:55:3E:3E:89:E2:BF:79:F6:2C:CD:E2:45:21:42:C2:38:04:A0:12
Certificate issuer:       /CN=b0340251f1826347f4e9645f6824d3b93f47e5de
Certificate serial:       018CC500D50F583A459603A1F779B243155F
Authority key identifier: B0:34:02:51:F1:82:63:47:F4:E9:64:5F:68:24:D3:B9:3F:47:E5:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDQCUfGCY0f06WRfaCTTuT9H5d4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/f5210d-0590-43a3-9eed-6a83563b655b/1/EVU-Poniv3n2LM3iRSFCwjgEoBI.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203930
IP address blocks:        89.207.152.0/24 maxlen: 24
                          2a13:5b00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/f5210d-0590-43a3-9eed-6a83563b655b/1/sDQCUfGCY0f06WRfaCTTuT9H5d4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/f5210d-0590-43a3-9eed-6a83563b655b/1/sDQCUfGCY0f06WRfaCTTuT9H5d4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDQCUfGCY0f06WRfaCTTuT9H5d4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d5:0f:58:3a:45:96:03:a1:f7:79:b2:43:15:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0340251f1826347f4e9645f6824d3b93f47e5de
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11553e3e89e2bf79f62ccde2452142c23804a012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:2f:38:21:53:62:bc:71:5a:a9:99:e4:16:43:
                    03:46:d2:da:29:57:20:93:83:18:c5:76:f5:cc:21:
                    65:1d:f4:79:32:56:49:e0:86:48:98:0c:c4:29:6b:
                    35:51:7d:62:7e:72:d0:7d:56:43:df:26:fd:01:a4:
                    aa:74:5a:14:fb:c8:b4:3b:6f:4d:f4:12:f7:7a:94:
                    b2:68:81:93:95:2d:a8:03:12:d1:7c:af:77:c8:1e:
                    c0:83:23:ec:97:d8:e8:e1:f4:85:cf:54:29:d4:29:
                    62:1c:44:2e:4f:8c:e4:45:ae:cd:1b:da:0c:6b:cf:
                    d9:d1:c9:dc:96:52:54:22:b3:37:40:b2:3b:b5:74:
                    0e:87:be:3c:a0:b0:81:a7:7e:04:ed:ec:1c:31:49:
                    d0:3b:18:24:9a:03:70:d0:21:e6:e0:06:3f:e8:e3:
                    5d:84:04:92:58:3c:7d:77:78:60:e8:1b:c5:42:70:
                    72:a3:58:8a:95:6a:bf:8c:b7:b8:f4:93:32:6d:34:
                    a7:14:dc:21:fa:5c:20:6b:76:5b:ba:28:5a:4c:09:
                    8c:cd:53:94:08:a4:18:d3:1f:8d:af:d6:27:ad:ce:
                    66:6e:2e:a0:79:a8:e1:30:cc:12:a9:78:1e:97:f5:
                    94:09:34:b1:bb:94:b2:ef:56:88:f4:6f:52:17:d7:
                    e3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:55:3E:3E:89:E2:BF:79:F6:2C:CD:E2:45:21:42:C2:38:04:A0:12
            X509v3 Authority Key Identifier:
                keyid:B0:34:02:51:F1:82:63:47:F4:E9:64:5F:68:24:D3:B9:3F:47:E5:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDQCUfGCY0f06WRfaCTTuT9H5d4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f5210d-0590-43a3-9eed-6a83563b655b/1/EVU-Poniv3n2LM3iRSFCwjgEoBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f5210d-0590-43a3-9eed-6a83563b655b/1/sDQCUfGCY0f06WRfaCTTuT9H5d4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.152.0/24
                IPv6:
                  2a13:5b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:31:78:98:87:8a:75:38:fc:b6:7b:7e:f0:30:85:9d:86:9d:
         0f:e1:69:b3:51:1b:60:e4:86:27:3b:5e:8c:c2:9d:e8:02:9b:
         32:87:d3:8c:a3:06:e6:4f:f0:b2:8d:a4:ee:b5:3e:62:b6:41:
         be:b3:b6:63:91:01:8c:cc:97:18:eb:77:10:1a:0d:40:fa:a5:
         e1:cc:14:99:0f:19:81:b7:e4:ba:00:a7:ef:19:78:e5:06:2d:
         b7:43:42:fb:3e:86:99:b4:01:6e:82:5d:d6:95:7f:d1:69:03:
         c3:28:14:84:5d:69:42:a2:21:58:a2:3c:9f:9b:83:6a:f2:04:
         7c:6f:fa:55:4d:9a:e7:92:9a:8a:4c:ae:4e:4c:28:88:f7:17:
         98:27:43:21:af:93:18:f0:1d:69:76:b2:95:3e:1d:21:17:0a:
         ba:91:16:d9:33:b9:cf:9c:f8:9b:ad:95:15:ec:99:09:ab:f7:
         2f:6c:6f:46:2a:53:33:ca:e7:f1:9d:40:f1:42:8b:a8:23:22:
         a0:12:19:b6:68:c8:5e:83:46:47:02:e0:a8:35:e5:d5:e0:6b:
         42:d4:28:34:f6:b4:2c:6c:f9:c1:77:04:38:b8:a8:5c:97:2d:
         7a:c0:fb:4e:a6:b9:bc:34:aa:87:c3:06:0b:94:2a:ee:c3:e5:
         ad:f1:4d:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFANUPWDpFlgOh93myQxVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMzQwMjUxZjE4MjYzNDdmNGU5NjQ1ZjY4MjRkM2I5M2Y0
N2U1ZGUwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTU1M2UzZTg5ZTJiZjc5ZjYyY2NkZTI0NTIxNDJjMjM4MDRhMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgC84IVNivHFaqZnkFkMDRtLaKVcg
k4MYxXb1zCFlHfR5MlZJ4IZImAzEKWs1UX1ifnLQfVZD3yb9AaSqdFoU+8i0O29N
9BL3epSyaIGTlS2oAxLRfK93yB7AgyPsl9jo4fSFz1Qp1CliHEQuT4zkRa7NG9oM
a8/Z0cncllJUIrM3QLI7tXQOh748oLCBp34E7ewcMUnQOxgkmgNw0CHm4AY/6ONd
hASSWDx9d3hg6BvFQnByo1iKlWq/jLe49JMybTSnFNwh+lwga3ZbuihaTAmMzVOU
CKQY0x+Nr9Ynrc5mbi6geajhMMwSqXgel/WUCTSxu5Sy71aI9G9SF9fjdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBFVPj6J4r959izN4kUhQsI4BKASMB8GA1UdIwQY
MBaAFLA0AlHxgmNH9OlkX2gk07k/R+XeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0RRQ1VmR0NZMGYwNldSZmFDVFR1VDlINWQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mNTIxMGQtMDU5MC00M2EzLTllZWQt
NmE4MzU2M2I2NTViLzEvRVZVLVBvbml2M24yTE0zaVJTRkN3amdFb0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mNTIxMGQtMDU5MC00M2EzLTllZWQtNmE4MzU2M2I2NTVi
LzEvc0RRQ1VmR0NZMGYwNldSZmFDVFR1VDlINWQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWc+YMA0E
AgACMAcDBQAqE1sAMA0GCSqGSIb3DQEBCwUAA4IBAQAWMXiYh4p1OPy2e37wMIWd
hp0P4WmzURtg5IYnO16Mwp3oApsyh9OMowbmT/CyjaTutT5itkG+s7ZjkQGMzJcY
63cQGg1A+qXhzBSZDxmBt+S6AKfvGXjlBi23Q0L7PoaZtAFugl3WlX/RaQPDKBSE
XWlCoiFYojyfm4Nq8gR8b/pVTZrnkpqKTK5OTCiI9xeYJ0Mhr5MY8B1pdrKVPh0h
Fwq6kRbZM7nPnPibrZUV7JkJq/cvbG9GKlMzyufxnUDxQouoIyKgEhm2aMheg0ZH
AuCoNeXV4GtC1Cg09rQsbPnBdwQ4uKhcly16wPtOprm8NKqHwwYLlCruw+Wt8U23
-----END CERTIFICATE-----