Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/zyuFCEk-UaRyNWD5i9erdDjFdkI.roa
File:                     zyuFCEk-UaRyNWD5i9erdDjFdkI.roa (raw, json)
Hash identifier:          6kT92w4BI7cT4JzL74NmJ1CZ3z+k/V0Geg1XVf9cceM=
Subject key identifier:   CF:2B:85:08:49:3E:51:A4:72:35:60:F9:8B:D7:AB:74:38:C5:76:42
Certificate issuer:       /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial:       0191A71D051FD1BC8DC234FCAFCFBE1D2504
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/zyuFCEk-UaRyNWD5i9erdDjFdkI.roa
Signing time:             Sat 31 Aug 2024 06:26:22 +0000
ROA not before:           Sat 31 Aug 2024 06:26:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        85.116.192.0/22 maxlen: 22
                          85.116.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a7:1d:05:1f:d1:bc:8d:c2:34:fc:af:cf:be:1d:25:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
        Validity
            Not Before: Aug 31 06:26:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf2b8508493e51a4723560f98bd7ab7438c57642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:40:f7:e8:94:f7:d9:af:a4:16:ae:02:01:18:
                    cc:f3:96:44:34:a1:65:43:9a:99:0e:cc:5c:19:cc:
                    27:80:fe:34:20:1b:53:a1:2d:57:a8:bc:04:c6:38:
                    cc:bb:85:8f:25:d0:4f:b2:ae:1c:cb:14:d6:72:28:
                    15:aa:ae:f1:66:a3:43:83:14:c1:97:66:72:f9:93:
                    3c:14:64:47:dd:95:fc:00:ed:5e:a5:2d:b0:c9:97:
                    19:a3:fb:75:89:a7:dd:4c:44:6d:26:7d:39:58:57:
                    45:9a:e7:ac:fa:72:03:ee:76:0e:b3:46:6d:a2:e5:
                    09:9a:ab:fe:07:b9:1f:10:12:5e:8e:4f:17:4a:ce:
                    34:35:13:e9:c5:88:3a:f2:59:88:4e:52:a0:67:94:
                    c1:c7:6e:ac:84:af:56:fa:91:6a:00:62:65:0b:a5:
                    bb:c6:b4:26:4b:8e:b2:37:0d:ec:70:27:79:93:2f:
                    aa:96:2c:37:0c:c1:c7:cd:3c:56:a9:09:8f:d1:e8:
                    fd:ff:09:b3:95:da:9e:ad:87:79:c4:c9:63:df:46:
                    48:1b:8d:2f:c8:8b:1a:65:d7:0c:a5:75:6a:1c:c5:
                    b9:b3:a9:ef:d4:90:0b:5a:df:bd:2a:1b:91:0d:39:
                    ac:ed:c8:8d:14:d7:64:c1:f4:14:0e:01:02:db:51:
                    47:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2B:85:08:49:3E:51:A4:72:35:60:F9:8B:D7:AB:74:38:C5:76:42
            X509v3 Authority Key Identifier:
                keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/zyuFCEk-UaRyNWD5i9erdDjFdkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.192.0/22
                  85.116.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:16:d4:48:c7:33:1c:3e:e4:c2:f8:7a:26:4a:df:4d:f3:1f:
         58:9d:09:7b:ef:3a:5f:70:7d:d0:4b:28:dd:05:43:49:ac:7b:
         35:9c:48:81:20:8f:1b:67:f1:49:fc:29:f2:7c:68:72:6d:72:
         94:c7:6e:0d:a0:b8:6f:d8:e3:96:8a:a9:98:fa:76:a9:b8:c7:
         f1:20:5f:72:f7:68:a7:86:06:9e:43:76:65:5f:d4:cd:46:67:
         3b:f4:0b:df:83:13:f4:b5:28:6f:43:b4:28:c2:64:17:31:69:
         2d:f4:e5:90:be:65:8c:aa:56:d6:67:c1:df:68:f0:6d:f4:03:
         42:80:2e:97:0f:4f:4d:70:6e:20:bc:88:08:61:5f:e0:a6:4d:
         e6:90:b9:d6:b9:ed:fa:eb:02:9b:47:28:f2:35:ef:3f:ad:fa:
         c8:c9:c4:ce:d4:3d:9e:f4:4a:d9:19:84:8c:96:d4:fd:7c:0e:
         00:13:4c:88:62:6d:df:bd:a3:94:af:90:c6:b8:79:1b:c5:e7:
         d0:27:99:b5:6a:2b:a9:68:99:6b:1e:4c:ea:d3:5c:e5:c6:0c:
         6e:43:28:ed:9c:ad:f4:d6:85:52:e5:8e:31:4f:d7:64:44:28:
         ca:8a:9c:6c:05:2d:13:a3:be:3f:bb:ef:93:29:35:1a:14:08:
         e4:73:6a:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGnHQUf0byNwjT8r8++HSUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjQwODMxMDYyNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjJiODUwODQ5M2U1MWE0NzIzNTYwZjk4YmQ3YWI3NDM4YzU3NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArED36JT32a+kFq4CARjM85ZENKFl
Q5qZDsxcGcwngP40IBtToS1XqLwExjjMu4WPJdBPsq4cyxTWcigVqq7xZqNDgxTB
l2Zy+ZM8FGRH3ZX8AO1epS2wyZcZo/t1iafdTERtJn05WFdFmues+nID7nYOs0Zt
ouUJmqv+B7kfEBJejk8XSs40NRPpxYg68lmITlKgZ5TBx26shK9W+pFqAGJlC6W7
xrQmS46yNw3scCd5ky+qliw3DMHHzTxWqQmP0ej9/wmzldqerYd5xMlj30ZIG40v
yIsaZdcMpXVqHMW5s6nv1JALWt+9KhuRDTms7ciNFNdkwfQUDgEC21FHAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM8rhQhJPlGkcjVg+YvXq3Q4xXZCMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvenl1RkNFay1VYVJ5TldENWk5ZXJkRGpGZGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVXTAAwQC
VXTYMA0GCSqGSIb3DQEBCwUAA4IBAQBJFtRIxzMcPuTC+HomSt9N8x9YnQl77zpf
cH3QSyjdBUNJrHs1nEiBII8bZ/FJ/CnyfGhybXKUx24NoLhv2OOWiqmY+napuMfx
IF9y92inhgaeQ3ZlX9TNRmc79AvfgxP0tShvQ7QowmQXMWkt9OWQvmWMqlbWZ8Hf
aPBt9ANCgC6XD09NcG4gvIgIYV/gpk3mkLnWue366wKbRyjyNe8/rfrIycTO1D2e
9ErZGYSMltT9fA4AE0yIYm3fvaOUr5DGuHkbxefQJ5m1aiupaJlrHkzq01zlxgxu
QyjtnK301oVS5Y4xT9dkRCjKipxsBS0To74/u++TKTUaFAjkc2rd
-----END CERTIFICATE-----