Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/VuOq2BZETwGpaqxtzV6wTd_bw6E.roa
File:                     VuOq2BZETwGpaqxtzV6wTd_bw6E.roa (raw, json)
Hash identifier:          SsXqSajz6yR3XmxW+I0yrgDW6FEbpTRuCKc8fKp2xok=
Subject key identifier:   56:E3:AA:D8:16:44:4F:01:A9:6A:AC:6D:CD:5E:B0:4D:DF:DB:C3:A1
Certificate issuer:       /CN=85492f2a6910433c5bcd8269c440e8c1c7800d6b
Certificate serial:       018DAE12C3A0713DFE9F2358FD436CD8E6CE
Authority key identifier: 85:49:2F:2A:69:10:43:3C:5B:CD:82:69:C4:40:E8:C1:C7:80:0D:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUkvKmkQQzxbzYJpxEDowceADWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/VuOq2BZETwGpaqxtzV6wTd_bw6E.roa
Signing time:             Thu 15 Feb 2024 18:41:21 +0000
ROA not before:           Thu 15 Feb 2024 18:41:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198435
IP address blocks:        85.208.248.0/24 maxlen: 24
                          85.208.249.0/24 maxlen: 24
                          85.208.250.0/24 maxlen: 24
                          85.208.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUkvKmkQQzxbzYJpxEDowceADWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ae:12:c3:a0:71:3d:fe:9f:23:58:fd:43:6c:d8:e6:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85492f2a6910433c5bcd8269c440e8c1c7800d6b
        Validity
            Not Before: Feb 15 18:41:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56e3aad816444f01a96aac6dcd5eb04ddfdbc3a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ee:f8:da:00:8d:96:aa:cc:32:4b:2f:85:29:
                    79:27:58:6f:7c:b2:81:34:c4:d3:df:e2:1b:a1:ee:
                    f1:31:7e:94:c1:3d:5e:fb:df:84:ae:d6:ca:9a:a2:
                    85:11:c8:81:20:6e:4e:28:23:4d:be:c5:f6:10:8c:
                    39:d7:d2:4b:ac:37:d7:23:60:64:32:5a:ae:aa:7d:
                    a5:ef:87:92:e7:bc:41:b0:69:c5:a6:f1:9a:a3:75:
                    b6:6c:de:d2:72:80:de:6d:23:7a:d9:c4:ef:6d:1f:
                    af:f3:e1:e9:c4:e9:a3:95:ac:24:77:ff:5e:1d:d1:
                    15:65:11:e8:47:5c:68:58:60:7b:d9:bd:e2:79:0c:
                    20:e2:3e:9e:97:cd:e4:05:36:ed:e2:6c:24:78:7e:
                    66:83:41:c6:f4:4a:f3:04:81:76:08:61:36:98:8c:
                    7c:55:d9:1b:d5:d4:4e:56:34:7f:e3:fc:b8:ac:de:
                    88:38:e4:ea:f2:a4:7a:18:81:f8:f8:b1:7b:f5:01:
                    99:7c:d5:1b:9d:c8:a7:17:45:fd:86:cc:75:a4:3b:
                    95:00:09:24:e8:9b:bd:1a:c0:d4:c6:93:1d:4a:33:
                    73:76:e5:ec:1f:81:f1:c6:ca:77:92:c9:e7:5b:bf:
                    51:c0:a9:97:e9:5e:84:db:fe:d7:f3:d4:6c:f4:ca:
                    ce:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:E3:AA:D8:16:44:4F:01:A9:6A:AC:6D:CD:5E:B0:4D:DF:DB:C3:A1
            X509v3 Authority Key Identifier:
                keyid:85:49:2F:2A:69:10:43:3C:5B:CD:82:69:C4:40:E8:C1:C7:80:0D:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUkvKmkQQzxbzYJpxEDowceADWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/VuOq2BZETwGpaqxtzV6wTd_bw6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b38228-0875-491c-9d4f-d6a9a28284cf/1/hUkvKmkQQzxbzYJpxEDowceADWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:1e:11:c0:d2:8f:00:10:2e:76:a0:81:10:bf:e0:9d:e7:37:
         75:a5:6d:7f:40:e2:52:26:d9:d3:2f:ca:b7:10:64:ee:4b:db:
         3f:9f:8a:22:ed:a2:13:f8:b2:37:d7:2b:e3:00:69:4c:ec:68:
         1f:68:86:29:07:67:48:c0:da:85:be:6b:ef:a1:af:66:84:ed:
         95:98:d2:9e:ba:02:5c:a1:01:a2:65:33:98:31:87:b7:52:8a:
         3d:8b:5b:a2:9f:76:d8:a5:54:28:83:8f:51:d0:5e:41:07:39:
         f2:d5:59:e0:58:ea:44:23:a4:b6:c6:d7:93:35:81:0e:5b:56:
         08:35:88:aa:bd:3e:cf:94:c5:48:b9:a2:37:f8:dc:7f:e7:1e:
         79:20:ad:58:53:0e:e0:d6:4e:87:a4:6b:13:fc:3b:df:73:ef:
         6c:a6:96:d0:9f:d3:32:4f:b5:b9:91:93:d1:0f:bc:72:61:b8:
         98:59:24:56:16:a9:5f:56:e4:3a:23:da:fc:69:41:fe:25:9f:
         50:f1:bb:6a:70:c6:9b:dc:a5:0d:9b:f4:4b:6c:c0:c7:4a:af:
         82:50:0a:fc:a7:6e:aa:ec:34:68:0e:b6:0c:98:8b:06:bd:70:
         85:62:9c:a4:15:3a:a2:b7:3b:3f:ba:81:87:77:ca:1c:c7:b4:
         20:0e:d2:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2uEsOgcT3+nyNY/UNs2ObOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NDkyZjJhNjkxMDQzM2M1YmNkODI2OWM0NDBlOGMxYzc4
MDBkNmIwHhcNMjQwMjE1MTg0MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmUzYWFkODE2NDQ0ZjAxYTk2YWFjNmRjZDVlYjA0ZGRmZGJjM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u742gCNlqrMMksvhSl5J1hvfLKB
NMTT3+Iboe7xMX6UwT1e+9+ErtbKmqKFEciBIG5OKCNNvsX2EIw519JLrDfXI2Bk
Mlquqn2l74eS57xBsGnFpvGao3W2bN7ScoDebSN62cTvbR+v8+HpxOmjlawkd/9e
HdEVZRHoR1xoWGB72b3ieQwg4j6el83kBTbt4mwkeH5mg0HG9ErzBIF2CGE2mIx8
Vdkb1dROVjR/4/y4rN6IOOTq8qR6GIH4+LF79QGZfNUbncinF0X9hsx1pDuVAAkk
6Ju9GsDUxpMdSjNzduXsH4Hxxsp3ksnnW79RwKmX6V6E2/7X89Rs9MrOmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbjqtgWRE8BqWqsbc1esE3f28OhMB8GA1UdIwQY
MBaAFIVJLyppEEM8W82CacRA6MHHgA1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFVrdktta1FRenhiellKcHhFRG93Y2VBRFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iMzgyMjgtMDg3NS00OTFjLTlkNGYt
ZDZhOWEyODI4NGNmLzEvVnVPcTJCWkVUd0dwYXF4dHpWNndUZF9idzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iMzgyMjgtMDg3NS00OTFjLTlkNGYtZDZhOWEyODI4NGNm
LzEvaFVrdktta1FRenhiellKcHhFRG93Y2VBRFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdD4MA0G
CSqGSIb3DQEBCwUAA4IBAQBGHhHA0o8AEC52oIEQv+Cd5zd1pW1/QOJSJtnTL8q3
EGTuS9s/n4oi7aIT+LI31yvjAGlM7GgfaIYpB2dIwNqFvmvvoa9mhO2VmNKeugJc
oQGiZTOYMYe3Uoo9i1uin3bYpVQog49R0F5BBzny1VngWOpEI6S2xteTNYEOW1YI
NYiqvT7PlMVIuaI3+Nx/5x55IK1YUw7g1k6HpGsT/Dvfc+9sppbQn9MyT7W5kZPR
D7xyYbiYWSRWFqlfVuQ6I9r8aUH+JZ9Q8btqcMab3KUNm/RLbMDHSq+CUAr8p26q
7DRoDrYMmIsGvXCFYpykFTqitzs/uoGHd8ocx7QgDtLP
-----END CERTIFICATE-----