Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Ks2uIuWRCIn1DlHxLZexGL6eZhs.roa
File:                     Ks2uIuWRCIn1DlHxLZexGL6eZhs.roa (raw, json)
Hash identifier:          +yq6omQq06xV5zJEjwDP7EqE+lNPpgR+xvecRInM694=
Subject key identifier:   2A:CD:AE:22:E5:91:08:89:F5:0E:51:F1:2D:97:B1:18:BE:9E:66:1B
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018CC6B818CEAE0F88690BDEC4BBCB50DED7
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Ks2uIuWRCIn1DlHxLZexGL6eZhs.roa
Signing time:             Mon 01 Jan 2024 20:30:02 +0000
ROA not before:           Mon 01 Jan 2024 20:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48400
IP address blocks:        85.140.93.0/24 maxlen: 24
                          85.140.92.0/23 maxlen: 23
                          85.140.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:18:ce:ae:0f:88:69:0b:de:c4:bb:cb:50:de:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 20:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2acdae22e5910889f50e51f12d97b118be9e661b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:98:b1:07:45:35:cb:05:28:d4:d0:0b:e8:9f:
                    02:60:96:01:e4:7d:97:e2:40:fd:a6:e8:52:6e:9e:
                    d2:3b:55:d5:b6:b6:7b:27:b2:8b:76:bf:53:2d:c1:
                    30:1b:1a:0e:43:7e:f8:35:e4:6c:fb:8b:68:f4:a7:
                    5e:2e:ff:58:c4:37:c2:c7:e1:72:63:ea:7f:05:77:
                    47:9c:8e:cc:6d:76:ef:00:0a:8f:a1:7e:12:c1:f1:
                    55:4d:4d:66:4b:00:1c:0a:13:af:25:c4:f1:0a:97:
                    5c:0d:c2:e3:14:1d:89:fe:e4:45:3b:7b:0b:bc:c7:
                    53:08:5a:0e:6a:0f:9e:24:8d:7a:c0:f5:f5:d5:e2:
                    6d:e8:2d:4c:ce:bd:6a:55:ec:14:7f:87:23:4f:83:
                    fb:db:2a:c0:a5:a3:09:78:3b:60:ad:5e:ad:76:78:
                    26:2d:d7:15:89:62:58:e5:6f:77:86:88:4a:63:94:
                    54:15:91:2b:99:27:05:b0:3b:a9:1a:1d:6c:9f:01:
                    f1:93:eb:0e:09:26:a9:50:6c:39:5d:61:ba:16:bf:
                    c5:08:58:c4:c3:1e:81:a5:35:2a:13:50:8a:88:c4:
                    63:33:dc:b8:53:c1:fb:98:f9:c9:6f:cf:2a:35:3b:
                    c6:d8:6f:92:e2:60:2c:52:c9:73:b9:6f:60:d8:ae:
                    7b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:CD:AE:22:E5:91:08:89:F5:0E:51:F1:2D:97:B1:18:BE:9E:66:1B
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/Ks2uIuWRCIn1DlHxLZexGL6eZhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.140.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:50:22:08:fc:85:50:80:ba:a5:6a:5f:6a:3e:54:10:28:a9:
         96:a6:2c:d4:17:cb:6b:b2:02:6c:ea:8a:10:35:87:3f:41:83:
         9c:2e:9a:9d:da:13:52:a0:4c:b1:69:b2:53:5c:99:a3:41:93:
         f6:13:30:d4:11:ef:14:a5:7e:f5:b4:1d:fd:ea:b6:37:97:e9:
         15:33:eb:5a:bb:f0:76:ba:02:3f:8e:46:18:3a:3e:b7:5a:e7:
         7f:b0:c5:7a:54:2a:19:b1:f7:ac:bc:e0:da:a3:2e:d8:aa:61:
         8c:6b:cd:f4:d3:86:a2:ab:e8:d0:af:26:fe:c4:81:d6:80:36:
         8b:8a:4c:c3:a3:d9:38:78:a4:83:82:b4:73:ac:06:2e:0d:8c:
         22:09:31:2e:97:91:52:cd:f9:69:a8:f9:70:a6:b3:57:33:9a:
         8a:25:8a:77:43:20:6e:bc:5e:c6:1b:30:5b:94:49:9b:7b:3d:
         a7:60:ec:b7:8f:a0:d4:65:78:f0:31:4a:cb:77:0e:6a:f2:23:
         03:b1:37:66:a5:4f:8a:12:b7:22:b6:42:e6:23:14:7d:51:01:
         33:f9:19:9d:9c:c5:dd:33:d4:f1:13:47:d4:e2:b5:32:0b:e6:
         8a:f8:65:f4:8f:72:c5:46:7d:60:7a:44:b6:8c:25:2a:be:9e:
         50:b4:62:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuBjOrg+IaQvexLvLUN7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWNkYWUyMmU1OTEwODg5ZjUwZTUxZjEyZDk3YjExOGJlOWU2NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZixB0U1ywUo1NAL6J8CYJYB5H2X
4kD9puhSbp7SO1XVtrZ7J7KLdr9TLcEwGxoOQ374NeRs+4to9KdeLv9YxDfCx+Fy
Y+p/BXdHnI7MbXbvAAqPoX4SwfFVTU1mSwAcChOvJcTxCpdcDcLjFB2J/uRFO3sL
vMdTCFoOag+eJI16wPX11eJt6C1Mzr1qVewUf4cjT4P72yrApaMJeDtgrV6tdngm
LdcViWJY5W93hohKY5RUFZErmScFsDupGh1snwHxk+sOCSapUGw5XWG6Fr/FCFjE
wx6BpTUqE1CKiMRjM9y4U8H7mPnJb88qNTvG2G+S4mAsUslzuW9g2K57bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrNriLlkQiJ9Q5R8S2XsRi+nmYbMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvS3MydUl1V1JDSW4xRGxIeExaZXhHTDZlWmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVYxcMA0G
CSqGSIb3DQEBCwUAA4IBAQBWUCII/IVQgLqlal9qPlQQKKmWpizUF8trsgJs6ooQ
NYc/QYOcLpqd2hNSoEyxabJTXJmjQZP2EzDUEe8UpX71tB396rY3l+kVM+tau/B2
ugI/jkYYOj63Wud/sMV6VCoZsfesvODaoy7YqmGMa83004aiq+jQryb+xIHWgDaL
ikzDo9k4eKSDgrRzrAYuDYwiCTEul5FSzflpqPlwprNXM5qKJYp3QyBuvF7GGzBb
lEmbez2nYOy3j6DUZXjwMUrLdw5q8iMDsTdmpU+KErcitkLmIxR9UQEz+RmdnMXd
M9TxE0fU4rUyC+aK+GX0j3LFRn1gekS2jCUqvp5QtGIh
-----END CERTIFICATE-----