Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/EVIyNzvFh3uMP6XyrWA3IFFe4hQ.roa
File:                     EVIyNzvFh3uMP6XyrWA3IFFe4hQ.roa (raw, json)
Hash identifier:          834T496oaLtl2QjLsTn2BuyLbRB96IRAkx4NfRUupiw=
Subject key identifier:   11:52:32:37:3B:C5:87:7B:8C:3F:A5:F2:AD:60:37:20:51:5E:E2:14
Certificate issuer:       /CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
Certificate serial:       018CC727707FAFEF046E5A8D16596834CB1D
Authority key identifier: 1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/EVIyNzvFh3uMP6XyrWA3IFFe4hQ.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205007
IP address blocks:        185.48.250.0/24 maxlen: 24
                          2a04:b540:3000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:70:7f:af:ef:04:6e:5a:8d:16:59:68:34:cb:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=115232373bc5877b8c3fa5f2ad603720515ee214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b4:f0:49:70:d2:75:bf:58:8b:e8:8a:2b:02:
                    f4:bc:10:09:70:c0:da:7e:c5:69:d5:ed:26:d3:59:
                    bf:00:80:d1:95:38:03:d6:8c:9b:e5:3b:cb:0b:31:
                    6b:5c:90:cf:f0:e1:ff:a8:6e:d7:87:7d:18:c3:c3:
                    0d:73:10:37:81:de:32:dd:74:4b:9b:be:83:72:16:
                    22:46:f7:a8:0d:27:ed:9e:57:dc:4b:bd:43:22:a1:
                    b8:da:bf:f5:89:79:14:c3:2e:be:d4:d2:52:87:1c:
                    f7:dc:61:b0:60:93:24:20:3e:09:47:e6:6e:e1:1f:
                    ab:a3:b8:b8:1a:e9:78:e8:95:64:1a:6b:82:74:a9:
                    d9:52:0f:33:4a:17:ef:4b:d6:9b:d0:db:18:5b:4b:
                    84:d6:d5:61:62:a9:5f:88:90:5b:d4:6f:79:5d:0a:
                    e7:f6:87:6f:c9:91:05:59:97:46:0b:7e:ab:cd:13:
                    4d:b7:dc:38:6f:13:c7:0c:9b:4c:0e:e4:93:c7:7f:
                    ea:10:64:9d:77:69:28:18:7f:83:be:70:85:37:4e:
                    77:34:39:7e:a1:bd:b4:ec:a5:cb:09:ff:e3:be:6a:
                    63:b4:13:49:92:3f:6a:7d:1d:c9:00:62:22:c3:95:
                    73:40:ba:3a:49:2e:40:b6:de:c3:33:cf:d6:0d:56:
                    e4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:52:32:37:3B:C5:87:7B:8C:3F:A5:F2:AD:60:37:20:51:5E:E2:14
            X509v3 Authority Key Identifier:
                keyid:1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/EVIyNzvFh3uMP6XyrWA3IFFe4hQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.250.0/24
                IPv6:
                  2a04:b540:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3f:09:06:3c:cf:6b:b0:6c:d2:e8:c0:c1:ee:77:00:c3:03:bd:
         4a:85:95:e2:27:40:4e:5b:cb:e8:04:0a:49:6d:99:e4:47:16:
         21:24:b2:66:ec:71:3f:ab:d0:06:4f:38:34:ea:82:2c:4a:b5:
         a8:95:8a:48:0e:4b:62:6e:bd:e6:db:ad:52:ed:4b:50:f8:e1:
         f5:0c:0b:1e:b0:c5:5e:c8:c7:0f:14:2b:a9:fe:9f:0d:66:1f:
         ed:2f:8a:c6:70:05:a2:c3:0c:53:d6:b1:24:9a:52:de:03:37:
         c2:e1:78:fb:72:4a:64:16:fa:a0:33:3c:5d:02:63:76:b8:f0:
         57:21:f5:5e:c8:b4:3a:40:bb:8b:31:57:bb:96:7b:71:d2:cb:
         af:08:1d:71:13:80:ff:88:7e:0d:d1:fc:71:8f:11:7a:df:a4:
         04:7d:3a:61:03:f6:dd:89:84:98:e5:a6:77:cf:85:72:55:1f:
         3f:07:02:fd:e6:9b:66:e1:f6:0a:d2:6e:61:9c:38:3e:fa:a0:
         b8:bf:c1:15:4b:c7:09:2d:7e:7e:65:bd:86:aa:d7:12:40:83:
         72:66:30:8d:b1:3a:51:36:c1:ba:b7:f8:d7:aa:d8:14:b9:49:
         6b:80:a1:66:4e:c5:ec:f3:9b:da:0b:59:70:9b:76:93:68:09:
         ed:ab:38:9e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJ3B/r+8EblqNFlloNMsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOTgyODgzZTFkZmJmNDYzM2UwOGMwYjU4Yzg1ZTg5ZmZj
MzIxMDEwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTUyMzIzNzNiYzU4NzdiOGMzZmE1ZjJhZDYwMzcyMDUxNWVlMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLTwSXDSdb9Yi+iKKwL0vBAJcMDa
fsVp1e0m01m/AIDRlTgD1oyb5TvLCzFrXJDP8OH/qG7Xh30Yw8MNcxA3gd4y3XRL
m76DchYiRveoDSftnlfcS71DIqG42r/1iXkUwy6+1NJShxz33GGwYJMkID4JR+Zu
4R+ro7i4Gul46JVkGmuCdKnZUg8zShfvS9ab0NsYW0uE1tVhYqlfiJBb1G95XQrn
9odvyZEFWZdGC36rzRNNt9w4bxPHDJtMDuSTx3/qEGSdd2koGH+DvnCFN053NDl+
ob207KXLCf/jvmpjtBNJkj9qfR3JAGIiw5VzQLo6SS5Att7DM8/WDVbkmQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBFSMjc7xYd7jD+l8q1gNyBRXuIUMB8GA1UdIwQY
MBaAFBuYKIPh379GM+CMC1jIXon/wyEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2It
ZDA3OGVlYzgyYjJhLzEvRVZJeU56dkZoM3VNUDZYeXJXQTNJRkZlNGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2ItZDA3OGVlYzgyYjJh
LzEvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuTD6MA4E
AgACMAgDBgQqBLVAMDANBgkqhkiG9w0BAQsFAAOCAQEAPwkGPM9rsGzS6MDB7ncA
wwO9SoWV4idATlvL6AQKSW2Z5EcWISSyZuxxP6vQBk84NOqCLEq1qJWKSA5LYm69
5tutUu1LUPjh9QwLHrDFXsjHDxQrqf6fDWYf7S+KxnAFosMMU9axJJpS3gM3wuF4
+3JKZBb6oDM8XQJjdrjwVyH1Xsi0OkC7izFXu5Z7cdLLrwgdcROA/4h+DdH8cY8R
et+kBH06YQP23YmEmOWmd8+FclUfPwcC/eabZuH2CtJuYZw4PvqguL/BFUvHCS1+
fmW9hqrXEkCDcmYwjbE6UTbBurf416rYFLlJa4ChZk7F7POb2gtZcJt2k2gJ7as4
ng==
-----END CERTIFICATE-----