Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/feyHvV90JQZepyReVEbg1fDqPgY.roa
File:                     feyHvV90JQZepyReVEbg1fDqPgY.roa (raw, json)
Hash identifier:          3UqbOI+us08lVtQPeDC7NJMUEfxbRp/CGLk4IFSnFUY=
Subject key identifier:   7D:EC:87:BD:5F:74:25:06:5E:A7:24:5E:54:46:E0:D5:F0:EA:3E:06
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB69BF6BFE0AC34736F57C125CCDD
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/feyHvV90JQZepyReVEbg1fDqPgY.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29272
IP address blocks:        85.232.255.128/25 maxlen: 25
                          2001:1a68:2b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b6:9b:f6:bf:e0:ac:34:73:6f:57:c1:25:cc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dec87bd5f7425065ea7245e5446e0d5f0ea3e06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a7:36:d6:9e:be:9a:10:0c:cc:70:e2:bd:df:
                    58:ef:fd:d4:6c:48:65:74:ea:b4:b9:e6:46:9a:6f:
                    b2:72:68:9c:bd:15:80:14:89:38:b5:38:17:6b:46:
                    27:dd:d7:22:8d:05:1c:d0:76:62:56:b9:6a:78:30:
                    fb:e4:6a:8c:5b:7a:30:fb:ed:37:a3:72:be:77:26:
                    62:19:6e:87:05:1e:fe:55:52:d9:5c:27:85:57:9b:
                    88:60:2b:b3:d6:42:4e:96:9c:b8:25:b9:ba:96:44:
                    29:01:15:4a:8c:c3:b0:ba:77:24:4b:4c:a4:71:93:
                    62:d2:87:f8:ea:a7:d5:0a:09:ef:78:88:d5:78:f8:
                    b3:4c:9b:a7:2f:86:15:8c:15:20:a4:b8:c9:37:86:
                    f7:00:1b:7c:33:77:22:31:61:4d:53:da:01:5d:90:
                    e3:0e:cb:77:7d:c5:05:a0:56:f4:ad:67:64:ce:8a:
                    93:38:17:6f:b6:6f:75:1d:41:ee:66:c8:af:7c:46:
                    45:2c:35:81:bb:3d:18:68:0c:1d:f7:cb:fe:ea:df:
                    6a:d0:73:00:8d:b8:11:65:4d:44:9a:e7:b5:cb:c9:
                    84:ae:c3:4e:57:42:d2:c2:b0:61:f4:82:6d:82:06:
                    91:58:0b:e4:6d:54:91:a9:07:2d:0c:0d:d6:0c:f6:
                    7d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:EC:87:BD:5F:74:25:06:5E:A7:24:5E:54:46:E0:D5:F0:EA:3E:06
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/feyHvV90JQZepyReVEbg1fDqPgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.255.128/25
                IPv6:
                  2001:1a68:2b::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:91:76:07:bd:be:6b:c1:df:50:df:84:11:1b:73:25:96:9e:
         af:22:60:46:eb:eb:cc:5a:35:83:53:92:e8:15:bf:a4:1e:f0:
         40:7e:fc:40:74:f4:bf:8e:05:7e:60:89:71:c1:c8:cb:9d:75:
         69:cd:82:26:a3:df:34:2b:e6:4a:c1:b9:70:ac:61:a5:36:03:
         0f:5b:d4:38:e1:ea:48:2f:5d:84:bb:ec:59:d9:46:a5:69:29:
         db:9e:35:2a:16:b8:8c:cb:b2:54:d8:81:42:c4:b3:ee:59:8f:
         00:00:94:46:88:ea:b7:9f:65:dd:ff:90:07:bb:e6:d6:84:1d:
         3e:b4:33:06:ce:e4:76:48:46:7b:47:13:be:21:9f:90:45:e2:
         90:14:fc:10:c2:c8:23:19:c7:32:d2:ba:25:7f:51:b3:54:b9:
         43:09:9d:d3:c5:63:39:11:c4:16:60:97:bd:f7:b3:4e:0b:85:
         52:60:4d:16:9f:f6:04:8e:08:52:9c:aa:be:a6:54:9c:4c:df:
         cc:20:4c:28:ca:42:ea:c6:52:4c:86:72:0f:f5:31:6a:a4:51:
         c3:a6:ed:6e:8a:19:de:1d:2b:98:4c:2c:3e:5b:b2:71:81:01:
         61:55:56:66:f1:65:61:22:df:f3:4b:74:f4:6f:32:b9:62:90:
         91:97:02:d6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKK7ab9r/grDRzb1fBJczdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGVjODdiZDVmNzQyNTA2NWVhNzI0NWU1NDQ2ZTBkNWYwZWEzZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtac21p6+mhAMzHDivd9Y7/3UbEhl
dOq0ueZGmm+ycmicvRWAFIk4tTgXa0Yn3dcijQUc0HZiVrlqeDD75GqMW3ow++03
o3K+dyZiGW6HBR7+VVLZXCeFV5uIYCuz1kJOlpy4Jbm6lkQpARVKjMOwunckS0yk
cZNi0of46qfVCgnveIjVePizTJunL4YVjBUgpLjJN4b3ABt8M3ciMWFNU9oBXZDj
Dst3fcUFoFb0rWdkzoqTOBdvtm91HUHuZsivfEZFLDWBuz0YaAwd98v+6t9q0HMA
jbgRZU1Emue1y8mErsNOV0LSwrBh9IJtggaRWAvkbVSRqQctDA3WDPZ9dQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFH3sh71fdCUGXqckXlRG4NXw6j4GMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvZmV5SHZWOTBKUVplcHlSZVZFYmcxZkRxUGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUHVej/gDAP
BAIAAjAJAwcAIAEaaAArMA0GCSqGSIb3DQEBCwUAA4IBAQCekXYHvb5rwd9Q34QR
G3Mllp6vImBG6+vMWjWDU5LoFb+kHvBAfvxAdPS/jgV+YIlxwcjLnXVpzYImo980
K+ZKwblwrGGlNgMPW9Q44epIL12Eu+xZ2UalaSnbnjUqFriMy7JU2IFCxLPuWY8A
AJRGiOq3n2Xd/5AHu+bWhB0+tDMGzuR2SEZ7RxO+IZ+QReKQFPwQwsgjGccy0rol
f1GzVLlDCZ3TxWM5EcQWYJe997NOC4VSYE0Wn/YEjghSnKq+plScTN/MIEwoykLq
xlJMhnIP9TFqpFHDpu1uihneHSuYTCw+W7JxgQFhVVZm8WVhIt/zS3T0bzK5YpCR
lwLW
-----END CERTIFICATE-----