Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s66DaDNvkug9fSEC8sw7OM-TPjg.roa
File:                     s66DaDNvkug9fSEC8sw7OM-TPjg.roa (raw, json)
Hash identifier:          q8dDmJ3ZmhPJ65ujJbqbUJopzO2L2F5JJU+TOyroBZQ=
Subject key identifier:   B3:AE:83:68:33:6F:92:E8:3D:7D:21:02:F2:CC:3B:38:CF:93:3E:38
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B8D6D01155703F2DD19823A024AA5
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s66DaDNvkug9fSEC8sw7OM-TPjg.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199910
IP address blocks:        85.202.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8d:6d:01:15:57:03:f2:dd:19:82:3a:02:4a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3ae8368336f92e83d7d2102f2cc3b38cf933e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:ad:91:a8:84:2f:b3:3a:c7:54:e0:38:0f:
                    b7:41:16:3a:c4:38:e1:cf:40:03:19:2c:52:48:b7:
                    bd:6b:bf:d0:bb:ba:41:63:2d:16:66:43:22:5a:46:
                    56:be:61:0c:6d:b2:33:d1:f7:f0:d2:53:1b:ae:29:
                    2b:c1:47:83:32:1a:3f:bc:7e:73:01:c8:7f:54:7d:
                    5d:7d:de:3e:b4:b7:3c:53:fa:3b:d1:ef:8e:b1:57:
                    86:ee:b0:21:91:54:34:29:15:5a:36:bc:12:3a:40:
                    99:4a:e0:e2:7b:94:e5:b8:58:83:f1:14:40:79:80:
                    60:c2:0e:66:e1:12:3a:49:eb:2c:b6:36:90:57:61:
                    f0:70:dc:c0:ec:11:97:be:fd:85:f9:60:97:69:cf:
                    19:5e:2c:9a:71:77:e5:30:35:a1:f5:96:9d:af:df:
                    16:c0:49:a2:62:c9:c5:83:07:b1:05:bd:89:d5:aa:
                    cc:e1:98:b3:83:dd:8b:9b:8b:dc:21:08:0f:80:ee:
                    03:c4:3b:5d:81:82:6d:af:e6:ae:84:e8:38:26:1f:
                    76:10:5e:16:d3:7e:fe:26:f3:0a:07:87:df:98:a4:
                    6f:f9:26:d5:6b:80:ce:65:3c:65:62:5b:3b:af:9c:
                    59:b3:df:85:5d:6e:5a:be:e5:1e:2c:17:e0:e5:3b:
                    08:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:AE:83:68:33:6F:92:E8:3D:7D:21:02:F2:CC:3B:38:CF:93:3E:38
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s66DaDNvkug9fSEC8sw7OM-TPjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:96:64:af:08:f1:20:7f:98:7d:5e:70:ee:9a:8e:e0:0c:62:
         e7:22:11:3e:cd:7e:20:d8:08:dc:66:b2:21:dc:71:30:b0:02:
         7c:7e:2f:bd:4e:46:e4:8a:22:aa:08:0b:b2:f2:20:ed:f2:3d:
         d3:d9:48:37:c0:b6:72:d8:86:3a:78:77:d9:7b:63:3a:0a:f5:
         8f:6f:bc:05:3b:6c:c2:c6:2e:e7:93:7d:08:76:ca:c4:34:b7:
         dc:18:dc:f6:3f:f3:a7:6b:04:73:8a:76:3a:70:6e:75:37:c7:
         bc:2c:38:9b:99:9a:e2:ca:a6:7b:f7:82:03:65:aa:7e:58:95:
         49:d0:1d:57:16:d3:57:78:ad:3d:72:e8:36:51:29:1f:78:5a:
         a5:34:38:0c:cb:2e:f5:e3:d5:48:98:24:8c:b6:51:a7:77:08:
         7b:61:18:0a:33:e8:10:e1:56:87:2d:b2:9a:4e:ab:a7:50:aa:
         47:6c:16:89:10:4f:a3:d4:60:4f:d5:b5:0b:49:e1:a2:d8:a7:
         ee:0a:19:e2:fe:28:ec:d3:12:60:af:eb:b6:a1:e3:84:91:1a:
         f2:5e:46:d5:b5:06:ca:12:b1:fd:47:f8:2e:ce:59:1f:a2:2a:
         c0:65:22:8a:d5:55:59:87:6d:95:35:31:4c:ea:50:d6:00:27:
         17:84:50:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS41tARVXA/LdGYI6AkqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2FlODM2ODMzNmY5MmU4M2Q3ZDIxMDJmMmNjM2IzOGNmOTMzZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozGtkaiEL7M6x1TgOA+3QRY6xDjh
z0ADGSxSSLe9a7/Qu7pBYy0WZkMiWkZWvmEMbbIz0ffw0lMbrikrwUeDMho/vH5z
Ach/VH1dfd4+tLc8U/o70e+OsVeG7rAhkVQ0KRVaNrwSOkCZSuDie5TluFiD8RRA
eYBgwg5m4RI6SesstjaQV2HwcNzA7BGXvv2F+WCXac8ZXiyacXflMDWh9Zadr98W
wEmiYsnFgwexBb2J1arM4Zizg92Lm4vcIQgPgO4DxDtdgYJtr+auhOg4Jh92EF4W
037+JvMKB4ffmKRv+SbVa4DOZTxlYls7r5xZs9+FXW5avuUeLBfg5TsIXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOug2gzb5LoPX0hAvLMOzjPkz44MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvczY2RGFETnZrdWc5ZlNFQzhzdzdPTS1UUGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcozMA0G
CSqGSIb3DQEBCwUAA4IBAQB+lmSvCPEgf5h9XnDumo7gDGLnIhE+zX4g2AjcZrIh
3HEwsAJ8fi+9TkbkiiKqCAuy8iDt8j3T2Ug3wLZy2IY6eHfZe2M6CvWPb7wFO2zC
xi7nk30IdsrENLfcGNz2P/OnawRzinY6cG51N8e8LDibmZriyqZ794IDZap+WJVJ
0B1XFtNXeK09cug2USkfeFqlNDgMyy7149VImCSMtlGndwh7YRgKM+gQ4VaHLbKa
TqunUKpHbBaJEE+j1GBP1bULSeGi2KfuChni/ijs0xJgr+u2oeOEkRryXkbVtQbK
ErH9R/guzlkfoirAZSKK1VVZh22VNTFM6lDWACcXhFCi
-----END CERTIFICATE-----