Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BEefK3y6hoI_Wycw2hf3dbBRQOA.roa
File:                     BEefK3y6hoI_Wycw2hf3dbBRQOA.roa (raw, json)
Hash identifier:          NB1hAxQOybom1Mh+EYXUd+3YMxuI/kD8DvmwOoi2SHs=
Subject key identifier:   04:47:9F:2B:7C:BA:86:82:3F:5B:27:30:DA:17:F7:75:B0:51:40:E0
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA2989DA68A88FAB661E30EC1AC3F4B7
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BEefK3y6hoI_Wycw2hf3dbBRQOA.roa
Signing time:             Tue 02 Jan 2024 12:32:49 +0000
ROA not before:           Tue 02 Jan 2024 12:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        85.203.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:89:da:68:a8:8f:ab:66:1e:30:ec:1a:c3:f4:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04479f2b7cba86823f5b2730da17f775b05140e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7a:e6:24:15:1a:7b:16:95:90:e9:15:08:7a:
                    09:8d:da:a3:7a:9e:3a:61:62:b1:30:a5:eb:09:90:
                    74:b4:73:0e:86:02:0f:c0:1c:0f:5b:89:8c:e5:c6:
                    66:3d:29:34:03:f3:b0:d7:09:05:4d:18:0f:53:a7:
                    5b:67:bb:e8:e3:e7:ac:0c:b8:05:c9:37:57:0a:c3:
                    03:d9:7e:ff:ad:ad:b9:3a:fa:66:44:a7:ae:14:f8:
                    e5:97:e9:be:1b:2b:30:29:97:ff:83:f3:63:c8:43:
                    2a:f8:b7:88:e6:71:13:45:7f:bf:80:f4:c8:29:23:
                    14:98:c7:18:cc:00:1c:67:b0:1c:33:4e:9d:58:f9:
                    15:05:1b:2c:9d:fa:76:a8:8a:33:4c:1e:86:6e:e6:
                    76:b2:c8:dd:68:f6:f3:de:54:34:03:ad:a4:6d:25:
                    f5:11:a7:48:ad:2c:6f:94:57:1b:1b:5b:9d:1c:3d:
                    d4:b2:3d:c4:e2:03:86:bb:aa:a1:9d:08:e7:42:bb:
                    de:31:7b:8c:9b:7d:5d:70:3f:67:44:1b:0d:c5:81:
                    2b:52:70:fe:16:85:68:4e:15:da:75:08:f0:bc:a7:
                    15:9c:59:2f:db:8d:7c:42:40:92:97:b2:35:86:82:
                    45:d9:10:e2:c4:bd:d5:e2:d3:81:0f:b0:5b:cb:81:
                    0b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:47:9F:2B:7C:BA:86:82:3F:5B:27:30:DA:17:F7:75:B0:51:40:E0
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BEefK3y6hoI_Wycw2hf3dbBRQOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:75:e3:21:7d:bf:1b:5f:f5:4b:f5:b8:1f:78:3e:46:ef:a7:
         95:8f:b2:ea:9c:1d:61:eb:68:be:d7:55:df:a6:bc:1b:22:11:
         42:d9:27:6a:24:e2:df:30:1b:e7:49:15:a5:a9:a7:1c:d3:60:
         4a:51:92:72:d9:b1:75:72:89:65:b5:88:f7:78:57:0a:d2:df:
         47:bc:bd:39:8d:36:e9:75:8d:a5:aa:6f:96:58:e0:e8:23:24:
         c8:a7:4f:7a:e5:64:16:5a:17:70:34:7c:4c:12:cb:e0:eb:61:
         a4:6b:f2:92:8c:de:a2:f4:13:86:62:de:70:3a:6e:99:1b:f1:
         21:5d:12:b2:d3:20:74:99:8d:ea:65:1d:06:9b:db:b2:91:7e:
         44:67:28:da:bb:38:7c:c5:51:bb:5c:55:a0:68:48:3b:a2:da:
         05:b5:7c:13:04:4e:71:14:21:4a:89:ab:43:d7:5f:f8:ea:fc:
         53:d0:14:59:0a:e2:3e:01:ab:63:8f:a5:33:12:a5:f9:a1:98:
         4b:d2:8c:5c:35:24:69:08:74:ac:e6:d6:04:09:b2:99:f9:b6:
         2d:06:e2:4d:86:43:4f:64:5f:b3:3e:fe:e5:78:cf:3a:42:9f:
         38:25:8a:70:da:b0:e3:8b:d4:31:4f:65:37:e2:cf:75:21:dd:
         17:77:e0:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKYnaaKiPq2YeMOwaw/S3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQ3OWYyYjdjYmE4NjgyM2Y1YjI3MzBkYTE3Zjc3NWIwNTE0MGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXrmJBUaexaVkOkVCHoJjdqjep46
YWKxMKXrCZB0tHMOhgIPwBwPW4mM5cZmPSk0A/Ow1wkFTRgPU6dbZ7vo4+esDLgF
yTdXCsMD2X7/ra25OvpmRKeuFPjll+m+GyswKZf/g/NjyEMq+LeI5nETRX+/gPTI
KSMUmMcYzAAcZ7AcM06dWPkVBRssnfp2qIozTB6GbuZ2ssjdaPbz3lQ0A62kbSX1
EadIrSxvlFcbG1udHD3Usj3E4gOGu6qhnQjnQrveMXuMm31dcD9nRBsNxYErUnD+
FoVoThXadQjwvKcVnFkv2418QkCSl7I1hoJF2RDixL3V4tOBD7Bby4ELsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARHnyt8uoaCP1snMNoX93WwUUDgMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvQkVlZkszeTZob0lfV3ljdzJoZjNkYkJSUU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcsoMA0G
CSqGSIb3DQEBCwUAA4IBAQAkdeMhfb8bX/VL9bgfeD5G76eVj7LqnB1h62i+11Xf
prwbIhFC2SdqJOLfMBvnSRWlqacc02BKUZJy2bF1colltYj3eFcK0t9HvL05jTbp
dY2lqm+WWODoIyTIp0965WQWWhdwNHxMEsvg62Gka/KSjN6i9BOGYt5wOm6ZG/Eh
XRKy0yB0mY3qZR0Gm9uykX5EZyjauzh8xVG7XFWgaEg7otoFtXwTBE5xFCFKiatD
11/46vxT0BRZCuI+Aatjj6UzEqX5oZhL0oxcNSRpCHSs5tYECbKZ+bYtBuJNhkNP
ZF+zPv7leM86Qp84JYpw2rDji9QxT2U34s91Id0Xd+BU
-----END CERTIFICATE-----