Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/XyTFIR0QdKtF-UAJH2b0g4lsEk4.roa
File:                     XyTFIR0QdKtF-UAJH2b0g4lsEk4.roa (raw, json)
Hash identifier:          iemK7EF1DUBLi/WCXSuJEO3I5OIpdILx0zln0n1QpOU=
Subject key identifier:   5F:24:C5:21:1D:10:74:AB:45:F9:40:09:1F:66:F4:83:89:6C:12:4E
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       01921EFA3B9B644A2BCC38BEC09D5F235D5A
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/XyTFIR0QdKtF-UAJH2b0g4lsEk4.roa
Signing time:             Mon 23 Sep 2024 13:02:48 +0000
ROA not before:           Mon 23 Sep 2024 13:02:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        85.209.217.0/24 maxlen: 24
                          195.206.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1e:fa:3b:9b:64:4a:2b:cc:38:be:c0:9d:5f:23:5d:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Sep 23 13:02:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f24c5211d1074ab45f940091f66f483896c124e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e3:2e:7f:26:88:e7:aa:52:7d:8a:80:3f:9b:
                    ef:20:7e:fc:b3:f8:1d:51:65:e3:07:ae:13:7b:18:
                    8b:03:fb:ab:c2:f0:98:c6:f2:a6:03:48:6c:10:d4:
                    fc:d5:a1:b3:ae:f4:f6:e1:15:6b:b5:2f:e8:b4:df:
                    ee:e8:4a:dc:ed:e9:b8:b6:8a:a3:72:a8:d1:31:12:
                    01:00:ef:b0:06:3b:1c:ba:d9:7d:b7:55:9e:86:bd:
                    14:7a:39:2d:b8:e5:92:35:95:b7:ff:56:20:26:4f:
                    14:48:d5:22:cc:74:74:56:34:29:73:49:55:2f:bc:
                    19:83:00:62:38:5e:07:e7:19:2d:4f:5e:a0:b5:40:
                    e5:f0:79:ed:cc:a0:23:97:99:ee:d8:62:2f:67:2a:
                    32:2d:32:e1:1c:ae:2b:21:58:61:fa:37:f3:06:28:
                    ad:46:bc:00:bb:9c:96:f5:55:9c:54:68:58:74:0c:
                    ad:25:16:0a:42:86:c9:a9:09:02:2d:fd:33:e0:82:
                    81:eb:a5:3a:55:79:76:e9:0b:78:a4:e6:0b:9a:8d:
                    69:a5:64:10:0d:6a:cc:67:65:21:68:ab:91:cf:d6:
                    b9:c3:b6:03:5b:5d:94:95:4b:af:fb:39:51:b8:ce:
                    ae:6d:ca:e1:bc:cf:9d:35:72:a0:ba:1b:ff:fe:c2:
                    d1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:24:C5:21:1D:10:74:AB:45:F9:40:09:1F:66:F4:83:89:6C:12:4E
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/XyTFIR0QdKtF-UAJH2b0g4lsEk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.217.0/24
                  195.206.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ea:0c:2b:a2:bd:dd:ec:10:4c:c1:35:6a:2d:1e:71:bc:6f:
         3d:7a:96:4a:0b:d3:de:0a:24:8e:c3:43:08:a5:b8:83:6e:65:
         37:3d:68:f6:88:7b:5a:9f:7f:b4:49:3c:ba:fa:19:d9:a6:21:
         fb:3e:eb:52:02:5d:1b:a0:fb:25:09:50:6e:d0:5b:2d:ec:5a:
         eb:54:e6:30:67:bd:72:46:fa:53:bc:41:ac:0e:ce:d5:17:5e:
         31:c3:01:ee:49:34:4a:bf:55:df:b0:8e:1c:1f:03:96:57:93:
         48:b3:ef:73:88:e3:86:c6:76:38:8c:b5:b6:e6:af:a3:35:30:
         86:11:91:53:1b:e5:a3:46:c5:0d:ba:bc:f7:33:71:fe:3c:69:
         80:86:34:16:0b:84:39:ef:92:34:13:b9:cd:82:6e:d4:52:5b:
         73:85:51:ef:fa:84:d7:d0:a5:3a:5f:be:f9:ec:ee:a7:e7:00:
         0a:74:b1:e9:04:e8:33:8b:48:0a:26:cc:25:0f:65:53:7c:9c:
         6f:3b:44:a9:8b:7e:36:41:80:f9:12:b8:21:44:0b:2f:44:24:
         81:8b:df:04:ac:f2:f1:08:49:ea:32:44:be:98:2c:99:2f:0c:
         aa:b6:0f:64:28:d9:f7:62:7a:1a:b9:c2:49:dd:1d:34:1b:25:
         f4:7e:37:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIe+jubZEorzDi+wJ1fI11aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwOTIzMTMwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjI0YzUyMTFkMTA3NGFiNDVmOTQwMDkxZjY2ZjQ4Mzg5NmMxMjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruMufyaI56pSfYqAP5vvIH78s/gd
UWXjB64TexiLA/urwvCYxvKmA0hsENT81aGzrvT24RVrtS/otN/u6Erc7em4toqj
cqjRMRIBAO+wBjscutl9t1Wehr0UejktuOWSNZW3/1YgJk8USNUizHR0VjQpc0lV
L7wZgwBiOF4H5xktT16gtUDl8HntzKAjl5nu2GIvZyoyLTLhHK4rIVhh+jfzBiit
RrwAu5yW9VWcVGhYdAytJRYKQobJqQkCLf0z4IKB66U6VXl26Qt4pOYLmo1ppWQQ
DWrMZ2UhaKuRz9a5w7YDW12UlUuv+zlRuM6ubcrhvM+dNXKguhv//sLRoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF8kxSEdEHSrRflACR9m9IOJbBJOMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvWHlURklSMFFkS3RGLVVBSkgyYjBnNGxzRWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVdHZAwQA
w85tMA0GCSqGSIb3DQEBCwUAA4IBAQA16gwror3d7BBMwTVqLR5xvG89epZKC9Pe
CiSOw0MIpbiDbmU3PWj2iHtan3+0STy6+hnZpiH7PutSAl0boPslCVBu0Fst7Frr
VOYwZ71yRvpTvEGsDs7VF14xwwHuSTRKv1XfsI4cHwOWV5NIs+9ziOOGxnY4jLW2
5q+jNTCGEZFTG+WjRsUNurz3M3H+PGmAhjQWC4Q575I0E7nNgm7UUltzhVHv+oTX
0KU6X7757O6n5wAKdLHpBOgzi0gKJswlD2VTfJxvO0Spi342QYD5ErghRAsvRCSB
i98ErPLxCEnqMkS+mCyZLwyqtg9kKNn3YnoaucJJ3R00GyX0fjdx
-----END CERTIFICATE-----