Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/EvoVW_yeZADg0zSm4DoHeURbEJg.roa
File:                     EvoVW_yeZADg0zSm4DoHeURbEJg.roa (raw, json)
Hash identifier:          to43LVk8z5V+IVedT1JaoLFOBh7Hymk2V8n4NQ0qFmA=
Subject key identifier:   12:FA:15:5B:FC:9E:64:00:E0:D3:34:A6:E0:3A:07:79:44:5B:10:98
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       019160B99D17E786AFF9D3712C825845FCDF
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/EvoVW_yeZADg0zSm4DoHeURbEJg.roa
Signing time:             Sat 17 Aug 2024 14:24:22 +0000
ROA not before:           Sat 17 Aug 2024 14:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400536
IP address blocks:        45.129.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:60:b9:9d:17:e7:86:af:f9:d3:71:2c:82:58:45:fc:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Aug 17 14:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12fa155bfc9e6400e0d334a6e03a0779445b1098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:61:72:f0:20:32:1f:91:77:1d:64:ca:05:
                    e6:87:f9:74:b3:02:5b:e9:fa:42:2c:5a:e8:a2:e7:
                    87:94:ab:8c:af:9c:04:80:34:ab:0e:6a:f6:4b:b2:
                    ff:da:ab:d7:55:f3:ec:8a:18:50:ff:99:cc:cc:56:
                    9d:11:09:17:ce:ab:de:86:a6:f4:26:d2:aa:74:15:
                    73:86:25:d9:82:88:f7:9e:98:60:68:79:32:89:b6:
                    f9:3f:8d:69:84:ea:0c:0e:c6:31:91:10:0c:a6:f0:
                    8f:9f:14:9e:55:43:7d:b5:52:20:de:c5:46:42:bb:
                    3d:8f:83:f7:1d:ea:0d:74:e4:fa:c8:d3:17:df:96:
                    ef:57:0c:e9:97:b2:33:e0:27:51:7a:45:3d:f5:2e:
                    43:9c:fa:80:b3:c8:af:68:80:9a:a5:4b:1a:a0:9a:
                    6b:b3:b7:32:86:f3:1f:77:e5:5b:3f:63:48:46:79:
                    1d:0e:b5:45:fe:21:24:61:10:33:83:df:82:38:6c:
                    f6:af:01:f4:1f:45:04:cd:9e:6d:eb:cd:96:e0:07:
                    55:13:22:4e:81:2b:5d:54:f0:d0:1c:c1:2e:84:25:
                    61:17:26:9e:10:d3:56:36:7c:39:39:f9:74:c7:b8:
                    a3:1c:d8:f0:0f:63:d2:ec:b5:b7:bf:49:8b:a4:fa:
                    18:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FA:15:5B:FC:9E:64:00:E0:D3:34:A6:E0:3A:07:79:44:5B:10:98
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/EvoVW_yeZADg0zSm4DoHeURbEJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b5:3d:0e:80:c2:13:d9:7b:f2:0b:e4:85:bd:85:3c:42:b6:
         d5:10:75:8f:7c:ac:7a:15:c9:ed:bf:8b:df:e7:2f:0b:5b:61:
         84:28:af:3c:b3:25:50:36:14:b8:1b:c1:df:6e:98:57:56:73:
         1d:0a:b7:04:1e:1c:6d:3a:9d:33:4e:60:d7:1b:ba:19:f7:dd:
         80:d3:78:39:92:95:b5:25:bf:29:b9:40:5d:5a:5f:31:08:54:
         79:95:9d:9a:bb:f3:25:bf:75:36:93:63:48:a7:24:f4:a1:d6:
         6e:27:2b:ff:2b:13:40:8f:f6:8a:6c:bf:d4:f6:79:41:a8:0b:
         1c:0e:f3:b7:89:1b:d3:d6:c3:29:b1:86:62:11:77:2d:73:a0:
         a9:07:13:eb:06:eb:3f:8b:6c:43:2d:77:98:24:15:81:d1:15:
         65:22:b2:8d:67:a8:3c:e2:a5:31:0e:4b:0b:69:57:39:65:07:
         b1:89:e4:a0:bd:89:14:5f:30:18:32:d6:ba:d9:25:3e:b5:03:
         39:de:c6:08:32:a1:a9:a3:42:48:49:b6:b3:6e:5f:eb:8e:ec:
         08:af:8b:d8:c6:61:5a:1c:c9:14:ad:3f:00:8e:0e:fa:3d:5d:
         c3:1e:0a:5f:4e:ab:46:32:69:99:35:c6:f4:ba:2e:cc:67:6b:
         6b:ed:47:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFguZ0X54av+dNxLIJYRfzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwODE3MTQyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmZhMTU1YmZjOWU2NDAwZTBkMzM0YTZlMDNhMDc3OTQ0NWIxMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv61hcvAgMh+Rdx1kygXmh/l0swJb
6fpCLFrooueHlKuMr5wEgDSrDmr2S7L/2qvXVfPsihhQ/5nMzFadEQkXzqvehqb0
JtKqdBVzhiXZgoj3nphgaHkyibb5P41phOoMDsYxkRAMpvCPnxSeVUN9tVIg3sVG
Qrs9j4P3HeoNdOT6yNMX35bvVwzpl7Iz4CdRekU99S5DnPqAs8ivaICapUsaoJpr
s7cyhvMfd+VbP2NIRnkdDrVF/iEkYRAzg9+COGz2rwH0H0UEzZ5t682W4AdVEyJO
gStdVPDQHMEuhCVhFyaeENNWNnw5Ofl0x7ijHNjwD2PS7LW3v0mLpPoYnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBL6FVv8nmQA4NM0puA6B3lEWxCYMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvRXZvVldfeWVaQURnMHpTbTREb0hlVVJiRUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFcMA0G
CSqGSIb3DQEBCwUAA4IBAQCLtT0OgMIT2XvyC+SFvYU8QrbVEHWPfKx6Fcntv4vf
5y8LW2GEKK88syVQNhS4G8HfbphXVnMdCrcEHhxtOp0zTmDXG7oZ992A03g5kpW1
Jb8puUBdWl8xCFR5lZ2au/Mlv3U2k2NIpyT0odZuJyv/KxNAj/aKbL/U9nlBqAsc
DvO3iRvT1sMpsYZiEXctc6CpBxPrBus/i2xDLXeYJBWB0RVlIrKNZ6g84qUxDksL
aVc5ZQexieSgvYkUXzAYMta62SU+tQM53sYIMqGpo0JISbazbl/rjuwIr4vYxmFa
HMkUrT8Ajg76PV3DHgpfTqtGMmmZNcb0ui7MZ2tr7Ud2
-----END CERTIFICATE-----