Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/evn5KW3UeSUsy80tQjfai6x-oDs.roa
File:                     evn5KW3UeSUsy80tQjfai6x-oDs.roa (raw, json)
Hash identifier:          20DYrGL8vpo8Pf257SPLiB+um0iPwEWNbdGy8acAp9w=
Subject key identifier:   7A:F9:F9:29:6D:D4:79:25:2C:CB:CD:2D:42:37:DA:8B:AC:7E:A0:3B
Certificate issuer:       /CN=2e43dac8ea55693439dd1b8b4812ba71834f1031
Certificate serial:       018CC5DD1242B7EEEAF56D8781FABEA98127
Authority key identifier: 2E:43:DA:C8:EA:55:69:34:39:DD:1B:8B:48:12:BA:71:83:4F:10:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkPayOpVaTQ53RuLSBK6cYNPEDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/evn5KW3UeSUsy80tQjfai6x-oDs.roa
Signing time:             Mon 01 Jan 2024 16:30:48 +0000
ROA not before:           Mon 01 Jan 2024 16:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51559
IP address blocks:        88.214.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/LkPayOpVaTQ53RuLSBK6cYNPEDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/LkPayOpVaTQ53RuLSBK6cYNPEDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkPayOpVaTQ53RuLSBK6cYNPEDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:12:42:b7:ee:ea:f5:6d:87:81:fa:be:a9:81:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e43dac8ea55693439dd1b8b4812ba71834f1031
        Validity
            Not Before: Jan  1 16:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7af9f9296dd479252ccbcd2d4237da8bac7ea03b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:93:58:d5:b4:c4:86:11:1f:ad:86:87:08:57:
                    71:aa:ed:ae:6f:52:88:12:c0:65:e9:2c:ab:62:df:
                    a8:f5:d5:85:ba:6e:7f:6d:6b:21:9c:63:68:52:56:
                    5e:db:ae:11:e4:a0:f1:6f:de:46:27:22:df:15:f8:
                    6b:89:2b:0b:40:f6:b1:00:44:5d:00:dc:ba:66:ef:
                    86:91:46:20:69:f6:d9:eb:3a:44:00:b5:37:61:2e:
                    89:f5:8b:15:fe:b5:93:10:59:d4:44:d9:67:cd:14:
                    c3:ec:09:14:2d:78:09:0a:81:fb:05:59:27:98:09:
                    02:ea:cd:94:78:e0:c4:a4:79:71:0c:4f:13:c6:bb:
                    00:8b:5d:5f:45:5a:7f:2a:d7:66:ef:ce:79:cb:de:
                    ca:54:9f:f0:da:7a:d0:20:7e:8f:c6:65:e1:4f:11:
                    0d:23:84:23:f6:77:6e:f1:95:50:80:a6:91:d5:ea:
                    8e:6c:47:71:bb:1f:ed:92:b8:cf:07:d3:5f:d1:4f:
                    07:bf:e2:40:cd:01:c6:95:69:6c:bb:fb:68:ab:62:
                    89:ce:88:3b:9b:14:49:39:d4:a7:23:4c:94:5a:15:
                    3e:da:ef:ca:18:65:40:b2:22:0f:48:f6:09:83:f7:
                    c0:8d:3b:82:f6:dc:6c:7b:06:22:c2:62:13:54:c5:
                    c2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F9:F9:29:6D:D4:79:25:2C:CB:CD:2D:42:37:DA:8B:AC:7E:A0:3B
            X509v3 Authority Key Identifier:
                keyid:2E:43:DA:C8:EA:55:69:34:39:DD:1B:8B:48:12:BA:71:83:4F:10:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkPayOpVaTQ53RuLSBK6cYNPEDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/evn5KW3UeSUsy80tQjfai6x-oDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/86ba36-78b8-44bb-9fb4-26c7c963a769/1/LkPayOpVaTQ53RuLSBK6cYNPEDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:01:00:8c:fc:4b:11:11:ea:f8:c8:6d:ec:23:b4:02:a9:08:
         96:56:48:14:58:6a:8f:e2:a0:52:3e:1b:a1:99:af:77:8c:83:
         27:e3:2b:43:97:05:47:6c:42:16:ce:9b:71:c6:7f:52:cb:b6:
         b9:6a:4f:d9:5e:07:e5:05:52:2d:0e:79:e3:2c:53:eb:00:6d:
         d3:c3:ad:22:93:e4:f4:39:e3:52:f6:9e:2c:0b:86:fa:06:d5:
         f7:71:15:53:c8:f9:41:89:33:e0:b2:ac:71:dc:fd:f9:e7:06:
         39:22:e3:35:57:a6:bf:70:db:ea:7d:53:c5:f3:bd:61:4c:ab:
         99:13:dc:e4:f3:fe:46:fd:12:43:d8:a5:5d:aa:52:0e:9d:0b:
         10:89:af:d3:e3:46:f1:ce:06:58:99:4a:35:0f:d0:5c:50:7a:
         9b:79:24:4f:bb:5d:e2:1d:4a:38:0b:cd:57:76:03:1f:42:b1:
         7b:d4:d5:7d:9e:f0:ee:c0:dc:94:e7:28:5e:3a:46:55:27:1b:
         d9:85:7b:b7:c2:14:b6:8c:df:e3:42:b2:59:3e:93:0c:83:ce:
         0e:cb:a8:e6:2c:b5:62:95:f5:0b:13:1c:5b:d8:a6:b5:3a:ff:
         b8:d6:09:45:da:19:46:bc:98:ab:d7:64:54:b9:9c:54:4d:93:
         47:ba:e8:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RJCt+7q9W2Hgfq+qYEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNDNkYWM4ZWE1NTY5MzQzOWRkMWI4YjQ4MTJiYTcxODM0
ZjEwMzEwHhcNMjQwMTAxMTYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWY5ZjkyOTZkZDQ3OTI1MmNjYmNkMmQ0MjM3ZGE4YmFjN2VhMDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5NY1bTEhhEfrYaHCFdxqu2ub1KI
EsBl6SyrYt+o9dWFum5/bWshnGNoUlZe264R5KDxb95GJyLfFfhriSsLQPaxAERd
ANy6Zu+GkUYgafbZ6zpEALU3YS6J9YsV/rWTEFnURNlnzRTD7AkULXgJCoH7BVkn
mAkC6s2UeODEpHlxDE8TxrsAi11fRVp/Ktdm7855y97KVJ/w2nrQIH6PxmXhTxEN
I4Qj9ndu8ZVQgKaR1eqObEdxux/tkrjPB9Nf0U8Hv+JAzQHGlWlsu/toq2KJzog7
mxRJOdSnI0yUWhU+2u/KGGVAsiIPSPYJg/fAjTuC9txsewYiwmITVMXC9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHr5+Slt1HklLMvNLUI32ousfqA7MB8GA1UdIwQY
MBaAFC5D2sjqVWk0Od0bi0gSunGDTxAxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGtQYXlPcFZhVFE1M1J1TFNCSzZjWU5QRURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84NmJhMzYtNzhiOC00NGJiLTlmYjQt
MjZjN2M5NjNhNzY5LzEvZXZuNUtXM1VlU1VzeTgwdFFqZmFpNngtb0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84NmJhMzYtNzhiOC00NGJiLTlmYjQtMjZjN2M5NjNhNzY5
LzEvTGtQYXlPcFZhVFE1M1J1TFNCSzZjWU5QRURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNYrMA0G
CSqGSIb3DQEBCwUAA4IBAQCYAQCM/EsREer4yG3sI7QCqQiWVkgUWGqP4qBSPhuh
ma93jIMn4ytDlwVHbEIWzptxxn9Sy7a5ak/ZXgflBVItDnnjLFPrAG3Tw60ik+T0
OeNS9p4sC4b6BtX3cRVTyPlBiTPgsqxx3P355wY5IuM1V6a/cNvqfVPF871hTKuZ
E9zk8/5G/RJD2KVdqlIOnQsQia/T40bxzgZYmUo1D9BcUHqbeSRPu13iHUo4C81X
dgMfQrF71NV9nvDuwNyU5yheOkZVJxvZhXu3whS2jN/jQrJZPpMMg84Oy6jmLLVi
lfULExxb2Ka1Ov+41glF2hlGvJir12RUuZxUTZNHuuhX
-----END CERTIFICATE-----