Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/b85MZ4WinFf_UE0cBlcSvifgg7I.roa
File:                     b85MZ4WinFf_UE0cBlcSvifgg7I.roa (raw, json)
Hash identifier:          uJf/EeGTiSuFi2jO3q5f34ZIMuvCCFqx997bjLZrpdM=
Subject key identifier:   6F:CE:4C:67:85:A2:9C:57:FF:50:4D:1C:06:57:12:BE:27:E0:83:B2
Certificate issuer:       /CN=3814b648dd5742025c3dda5eaa66491ffdb2e5d9
Certificate serial:       01942521F5FC19A59CE31899D56367C07B08
Authority key identifier: 38:14:B6:48:DD:57:42:02:5C:3D:DA:5E:AA:66:49:1F:FD:B2:E5:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OBS2SN1XQgJcPdpeqmZJH_2y5dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/b85MZ4WinFf_UE0cBlcSvifgg7I.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31140
IP address blocks:        193.22.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/OBS2SN1XQgJcPdpeqmZJH_2y5dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/OBS2SN1XQgJcPdpeqmZJH_2y5dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OBS2SN1XQgJcPdpeqmZJH_2y5dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f5:fc:19:a5:9c:e3:18:99:d5:63:67:c0:7b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3814b648dd5742025c3dda5eaa66491ffdb2e5d9
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fce4c6785a29c57ff504d1c065712be27e083b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ca:26:07:98:60:60:2b:ac:34:e5:86:31:4d:
                    bd:bf:1e:58:54:ad:e5:ba:cf:2b:5c:75:b7:76:67:
                    e0:3f:b3:d2:47:b8:53:aa:e0:76:c8:17:66:d0:53:
                    be:68:8f:3d:b8:f5:92:0b:04:d4:29:35:6e:b6:9c:
                    68:43:9c:81:95:8e:de:99:b1:f5:e4:16:89:8d:5c:
                    85:c0:18:5b:2b:c8:15:35:8c:4e:f7:02:15:51:a1:
                    11:e2:cf:5b:17:b1:2f:98:62:fa:1a:9f:60:69:73:
                    80:f5:d1:c8:02:b9:d4:f1:10:25:81:af:f2:cd:57:
                    b2:51:98:67:09:36:6a:db:ef:fa:07:55:3f:28:c0:
                    ae:3b:ab:c0:38:f3:2b:d8:fd:24:d6:48:c6:52:c4:
                    21:52:1f:82:b9:d0:e2:24:f4:f8:d3:dc:0b:42:08:
                    19:b4:21:91:22:ee:a2:34:6c:de:33:fc:1f:62:19:
                    72:d0:ec:ca:bd:0c:bf:e0:76:de:7b:8d:88:1e:38:
                    c0:bc:c9:96:d4:16:07:85:28:86:61:b5:ea:b5:f0:
                    96:20:6d:53:41:fe:5a:c7:dd:9f:56:70:f6:5c:e8:
                    71:20:82:66:94:2d:e3:ef:7a:c7:22:71:c9:b7:4d:
                    76:c6:a4:ca:96:3a:21:cf:86:b4:16:22:86:7f:30:
                    f6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CE:4C:67:85:A2:9C:57:FF:50:4D:1C:06:57:12:BE:27:E0:83:B2
            X509v3 Authority Key Identifier:
                keyid:38:14:B6:48:DD:57:42:02:5C:3D:DA:5E:AA:66:49:1F:FD:B2:E5:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OBS2SN1XQgJcPdpeqmZJH_2y5dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/b85MZ4WinFf_UE0cBlcSvifgg7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/OBS2SN1XQgJcPdpeqmZJH_2y5dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:a1:18:d2:96:ec:5b:d2:6a:17:8b:27:e5:89:a1:22:8b:86:
         08:cc:ba:1c:dd:b3:3b:fb:42:13:11:59:d2:23:fb:96:b2:3b:
         dd:7e:c3:ea:24:58:10:88:71:fb:4c:62:42:51:fe:e1:8f:98:
         44:2b:4b:0a:ae:28:4a:79:56:14:9f:69:2d:26:b4:08:45:a5:
         86:a1:2a:7a:b4:fd:f1:08:48:1a:91:9d:14:10:38:65:05:2f:
         1c:a9:2e:03:08:e9:ac:18:f1:c9:19:64:68:cc:79:11:64:14:
         12:f6:a2:93:c2:02:67:a1:6d:9a:1e:15:98:15:46:24:72:f8:
         68:8f:34:2c:88:a6:2d:28:66:86:56:79:af:17:cd:a7:94:32:
         dd:d8:77:0f:d3:bc:6f:db:2e:24:36:74:b1:13:0a:05:d9:d4:
         e8:5a:ee:cf:3c:5e:5e:55:33:bf:61:3a:f3:f0:4c:99:4a:30:
         18:54:47:57:45:35:db:1f:86:68:b6:a4:5a:0e:b6:69:b2:a3:
         8a:3e:71:64:06:56:cf:66:4c:b3:ae:42:99:d8:f0:03:19:18:
         14:d6:34:7d:28:1d:c7:53:3c:40:2a:76:4c:fb:28:ee:65:ec:
         39:46:5d:60:77:36:80:03:fe:32:8e:20:34:41:b5:b9:ba:2a:
         fc:a2:63:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIfX8GaWc4xiZ1WNnwHsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MTRiNjQ4ZGQ1NzQyMDI1YzNkZGE1ZWFhNjY0OTFmZmRi
MmU1ZDkwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNlNGM2Nzg1YTI5YzU3ZmY1MDRkMWMwNjU3MTJiZTI3ZTA4M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8omB5hgYCusNOWGMU29vx5YVK3l
us8rXHW3dmfgP7PSR7hTquB2yBdm0FO+aI89uPWSCwTUKTVutpxoQ5yBlY7embH1
5BaJjVyFwBhbK8gVNYxO9wIVUaER4s9bF7EvmGL6Gp9gaXOA9dHIArnU8RAlga/y
zVeyUZhnCTZq2+/6B1U/KMCuO6vAOPMr2P0k1kjGUsQhUh+CudDiJPT409wLQggZ
tCGRIu6iNGzeM/wfYhly0OzKvQy/4Hbee42IHjjAvMmW1BYHhSiGYbXqtfCWIG1T
Qf5ax92fVnD2XOhxIIJmlC3j73rHInHJt012xqTKljohz4a0FiKGfzD2wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/OTGeFopxX/1BNHAZXEr4n4IOyMB8GA1UdIwQY
MBaAFDgUtkjdV0ICXD3aXqpmSR/9suXZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0JTMlNOMVhRZ0pjUGRwZXFtWkpIXzJ5NWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8xMmRmMmQtOTRmMS00ZDEwLTk0YTQt
MWY4MzY4ODAxZmRjLzEvYjg1TVo0V2luRmZfVUUwY0JsY1N2aWZnZzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8xMmRmMmQtOTRmMS00ZDEwLTk0YTQtMWY4MzY4ODAxZmRj
LzEvT0JTMlNOMVhRZ0pjUGRwZXFtWkpIXzJ5NWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRb4MA0G
CSqGSIb3DQEBCwUAA4IBAQBSoRjSluxb0moXiyfliaEii4YIzLoc3bM7+0ITEVnS
I/uWsjvdfsPqJFgQiHH7TGJCUf7hj5hEK0sKrihKeVYUn2ktJrQIRaWGoSp6tP3x
CEgakZ0UEDhlBS8cqS4DCOmsGPHJGWRozHkRZBQS9qKTwgJnoW2aHhWYFUYkcvho
jzQsiKYtKGaGVnmvF82nlDLd2HcP07xv2y4kNnSxEwoF2dToWu7PPF5eVTO/YTrz
8EyZSjAYVEdXRTXbH4ZotqRaDrZpsqOKPnFkBlbPZkyzrkKZ2PADGRgU1jR9KB3H
UzxAKnZM+yjuZew5Rl1gdzaAA/4yjiA0QbW5uir8omOS
-----END CERTIFICATE-----