Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/CJWoMIuHhVD-Efxrbw0jAFhbe-w.roa
File:                     CJWoMIuHhVD-Efxrbw0jAFhbe-w.roa (raw, json)
Hash identifier:          Kgwm9eLnChXzut1Wvo58jSxKdzv5IWvQsGfIpc5SNrY=
Subject key identifier:   08:95:A8:30:8B:87:85:50:FE:11:FC:6B:6F:0D:23:00:58:5B:7B:EC
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0194258F143A9ADFEDE2C8F4E1B1BC44B1EE
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/CJWoMIuHhVD-Efxrbw0jAFhbe-w.roa
Signing time:             Thu 02 Jan 2025 05:48:41 +0000
ROA not before:           Thu 02 Jan 2025 05:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212667
IP address blocks:        85.235.81.0/24 maxlen: 24
                          192.109.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:14:3a:9a:df:ed:e2:c8:f4:e1:b1:bc:44:b1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 05:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0895a8308b878550fe11fc6b6f0d2300585b7bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:06:eb:b5:fb:a6:82:1a:8c:09:fd:f2:ba:f1:
                    87:09:56:56:d2:43:67:0b:af:3c:d5:10:7d:8a:49:
                    af:35:43:d9:d2:89:9d:29:c7:6d:50:85:2f:15:12:
                    ed:cd:2b:ed:7c:ac:73:6b:d2:17:d8:4a:44:b3:92:
                    eb:3d:f8:b4:46:af:2d:a3:41:3a:3f:8e:bc:ff:e9:
                    14:df:c0:1c:8b:f1:cd:d3:85:6c:0d:31:70:8b:b0:
                    7d:e0:22:fb:6f:ed:76:bc:3d:56:4d:aa:cd:2a:91:
                    57:0d:ee:ac:1b:59:e7:fa:7a:5e:05:df:eb:d0:17:
                    96:f4:54:19:d3:db:66:c3:4f:50:84:54:64:75:95:
                    0f:69:c9:6c:f3:2e:bc:59:40:9c:c6:be:4d:7b:06:
                    5f:28:1b:fe:d4:44:c0:9a:c7:54:d6:d2:1b:5e:02:
                    5a:9b:20:54:81:39:64:5a:08:aa:e7:35:1b:3b:fb:
                    e5:d6:91:4d:e2:d1:1e:66:48:46:1f:bd:8d:36:ed:
                    ca:a9:e0:b7:0d:0a:dc:97:31:98:49:12:5f:49:e2:
                    51:47:09:16:87:f8:7c:9d:14:1a:1d:fb:c8:80:d8:
                    52:1b:2b:56:cb:97:9f:05:5a:26:3b:4f:f9:ae:ac:
                    0c:16:ed:c1:e0:eb:a6:bb:96:9f:ab:af:08:a4:e8:
                    ec:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:95:A8:30:8B:87:85:50:FE:11:FC:6B:6F:0D:23:00:58:5B:7B:EC
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/CJWoMIuHhVD-Efxrbw0jAFhbe-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.81.0/24
                  192.109.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:86:03:72:8d:2a:5b:13:57:01:21:88:f2:df:d1:48:a8:4b:
         f0:18:12:89:e9:db:9c:bf:72:7d:f6:f3:bc:ed:8b:db:0d:85:
         b6:ac:53:b9:46:87:4b:d6:93:fb:04:67:8d:ad:90:e6:17:d2:
         37:c0:13:9c:3f:44:13:6d:e3:36:3a:06:0e:48:64:d0:98:10:
         ea:0c:91:65:20:a2:d3:d3:71:94:bd:76:93:9c:26:db:34:0c:
         55:d1:7f:0b:f6:12:98:42:0c:36:4b:4e:e5:59:01:0c:70:91:
         06:37:7d:09:95:b0:a0:81:a6:c4:ea:18:39:30:a6:ef:c4:31:
         f9:fa:9f:85:34:63:6d:be:a6:60:d9:14:fa:a8:4a:c1:e1:0a:
         8d:88:2e:49:d7:ec:eb:e3:88:ee:d1:f9:c5:68:4e:04:8b:e6:
         06:b0:e5:d4:eb:cd:81:98:b2:6a:15:bc:c0:3f:ef:aa:de:e1:
         0f:b7:ba:8c:68:6c:14:92:a5:e2:eb:6a:52:cb:75:ea:2b:0c:
         cf:a5:b3:6f:86:0f:24:94:10:c6:42:6d:e0:35:b3:7a:0e:13:
         e1:8d:81:f6:d8:4a:5d:4c:af:85:6f:77:8f:51:1a:41:3c:21:
         86:8d:e4:b5:bf:d5:ee:c5:4f:c8:cb:6f:d6:52:0e:36:ea:0a:
         98:d9:58:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljxQ6mt/t4sj04bG8RLHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMTAyMDU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODk1YTgzMDhiODc4NTUwZmUxMWZjNmI2ZjBkMjMwMDU4NWI3YmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8gbrtfumghqMCf3yuvGHCVZW0kNn
C6881RB9ikmvNUPZ0omdKcdtUIUvFRLtzSvtfKxza9IX2EpEs5LrPfi0Rq8to0E6
P468/+kU38Aci/HN04VsDTFwi7B94CL7b+12vD1WTarNKpFXDe6sG1nn+npeBd/r
0BeW9FQZ09tmw09QhFRkdZUPacls8y68WUCcxr5NewZfKBv+1ETAmsdU1tIbXgJa
myBUgTlkWgiq5zUbO/vl1pFN4tEeZkhGH72NNu3KqeC3DQrclzGYSRJfSeJRRwkW
h/h8nRQaHfvIgNhSGytWy5efBVomO0/5rqwMFu3B4Oumu5afq68IpOjs4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAiVqDCLh4VQ/hH8a28NIwBYW3vsMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvQ0pXb01JdUhoVkQtRWZ4cmJ3MGpBRmhiZS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVetRAwQA
wG1hMA0GCSqGSIb3DQEBCwUAA4IBAQAhhgNyjSpbE1cBIYjy39FIqEvwGBKJ6duc
v3J99vO87YvbDYW2rFO5RodL1pP7BGeNrZDmF9I3wBOcP0QTbeM2OgYOSGTQmBDq
DJFlIKLT03GUvXaTnCbbNAxV0X8L9hKYQgw2S07lWQEMcJEGN30JlbCggabE6hg5
MKbvxDH5+p+FNGNtvqZg2RT6qErB4QqNiC5J1+zr44ju0fnFaE4Ei+YGsOXU682B
mLJqFbzAP++q3uEPt7qMaGwUkqXi62pSy3XqKwzPpbNvhg8klBDGQm3gNbN6DhPh
jYH22EpdTK+Fb3ePURpBPCGGjeS1v9XuxU/Iy2/WUg426gqY2ViZ
-----END CERTIFICATE-----