Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/X5kU848uaciw2tFmKyZzttN4ZuY.roa
File:                     X5kU848uaciw2tFmKyZzttN4ZuY.roa (raw, json)
Hash identifier:          GStKdG+YVmoA3mrFiyIvZZ+AFVjYfAiUGDSW2JLFiXU=
Subject key identifier:   5F:99:14:F3:8F:2E:69:C8:B0:DA:D1:66:2B:26:73:B6:D3:78:66:E6
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA298785C59539A4CAE824551D6B7E06
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/X5kU848uaciw2tFmKyZzttN4ZuY.roa
Signing time:             Tue 02 Jan 2024 12:32:48 +0000
ROA not before:           Tue 02 Jan 2024 12:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        85.203.21.0/24 maxlen: 24
                          85.203.20.0/24 maxlen: 24
                          85.203.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:87:85:c5:95:39:a4:ca:e8:24:55:1d:6b:7e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f9914f38f2e69c8b0dad1662b2673b6d37866e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0e:cf:74:a5:82:45:19:8c:0c:37:02:19:a7:
                    95:93:c9:4a:b5:e3:c4:e6:95:f7:e9:86:13:8d:d7:
                    ad:d4:81:c1:53:01:a0:bc:e1:f1:a5:ca:64:74:66:
                    54:2d:85:47:54:1b:2c:86:67:f0:d3:98:b8:ea:6a:
                    cd:4a:56:22:01:68:b8:fd:8d:51:5c:ff:c9:a4:6f:
                    f6:1b:39:80:96:32:2e:ea:b2:6d:f7:ff:6b:b6:8c:
                    15:97:80:36:1f:6b:3b:4c:0b:db:77:9e:f6:a3:c8:
                    ca:65:f5:c1:45:ec:9d:e1:e6:d6:d3:63:d9:01:67:
                    60:48:b8:ae:85:63:6f:93:3d:da:8a:75:ba:43:64:
                    a3:61:ab:07:66:29:a2:6e:37:ce:bd:09:4f:e9:61:
                    d8:c6:4a:10:8a:fa:fa:c8:3e:0a:e9:43:84:a8:f9:
                    5e:0d:99:93:87:81:ba:24:fc:8d:94:f5:24:de:0a:
                    8c:c7:90:cf:3a:d0:fe:93:75:22:9a:93:80:2b:9e:
                    de:8d:91:2d:30:9e:c5:eb:7d:19:ad:f0:a5:b2:e2:
                    22:1a:43:e8:be:78:ce:07:7a:51:b2:65:20:14:b3:
                    1f:7c:7b:d9:bf:4d:a1:42:9c:b1:2b:d4:f9:0d:47:
                    95:e7:27:b8:41:ac:3f:50:ab:c1:90:70:b6:52:6e:
                    82:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:99:14:F3:8F:2E:69:C8:B0:DA:D1:66:2B:26:73:B6:D3:78:66:E6
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/X5kU848uaciw2tFmKyZzttN4ZuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.20.0/23
                  85.203.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:3f:68:3c:75:c1:64:e6:26:5b:49:3a:b2:14:22:33:78:4b:
         bc:c0:1c:25:e4:7a:20:70:43:2b:e5:a4:32:92:d7:0e:2c:d3:
         e5:9a:77:2f:9e:6c:5c:b6:ba:73:e8:e5:f7:31:b8:ff:a7:66:
         a1:23:85:73:20:6f:51:50:7b:ce:15:1b:31:c8:d5:de:7c:6f:
         57:02:3e:bd:08:57:17:a3:73:7a:0c:05:3a:c6:5e:ec:78:37:
         cf:15:5b:c9:b2:b9:df:8b:ce:24:b7:ee:c6:d2:bc:c6:d9:57:
         d8:e4:8f:c2:16:3e:c0:f7:ed:9c:7f:95:ee:c6:8e:49:b9:40:
         1c:00:84:a1:54:bb:d1:8f:9c:c7:10:af:13:92:ef:fb:19:13:
         26:48:95:a6:3a:58:ee:b1:76:a7:d2:ad:e1:89:f5:f7:cf:f2:
         44:87:f5:96:1f:c0:31:8d:2c:14:02:74:33:50:63:e4:54:16:
         9b:d8:45:7c:8d:6d:3a:d4:11:14:0a:cd:b5:c7:8a:e9:3d:e0:
         3a:e3:91:f9:ba:2a:06:f2:43:27:ca:a1:2a:ed:d2:9a:ee:75:
         25:03:58:e9:e5:54:74:07:c8:2f:5b:32:91:52:f1:06:bd:30:
         23:25:6c:7a:48:ff:03:1b:ad:62:95:0f:ed:67:83:0e:b5:b7:
         1a:15:61:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKYeFxZU5pMroJFUda34GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjk5MTRmMzhmMmU2OWM4YjBkYWQxNjYyYjI2NzNiNmQzNzg2NmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApg7PdKWCRRmMDDcCGaeVk8lKtePE
5pX36YYTjdet1IHBUwGgvOHxpcpkdGZULYVHVBsshmfw05i46mrNSlYiAWi4/Y1R
XP/JpG/2GzmAljIu6rJt9/9rtowVl4A2H2s7TAvbd572o8jKZfXBReyd4ebW02PZ
AWdgSLiuhWNvkz3ainW6Q2SjYasHZimibjfOvQlP6WHYxkoQivr6yD4K6UOEqPle
DZmTh4G6JPyNlPUk3gqMx5DPOtD+k3UimpOAK57ejZEtMJ7F630ZrfClsuIiGkPo
vnjOB3pRsmUgFLMffHvZv02hQpyxK9T5DUeV5ye4Qaw/UKvBkHC2Um6CtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+ZFPOPLmnIsNrRZismc7bTeGbmMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvWDVrVTg0OHVhY2l3MnRGbUt5Wnp0dE40WnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVcsUAwQA
VcsiMA0GCSqGSIb3DQEBCwUAA4IBAQBcP2g8dcFk5iZbSTqyFCIzeEu8wBwl5Hog
cEMr5aQyktcOLNPlmncvnmxctrpz6OX3Mbj/p2ahI4VzIG9RUHvOFRsxyNXefG9X
Aj69CFcXo3N6DAU6xl7seDfPFVvJsrnfi84kt+7G0rzG2VfY5I/CFj7A9+2cf5Xu
xo5JuUAcAIShVLvRj5zHEK8Tku/7GRMmSJWmOljusXan0q3hifX3z/JEh/WWH8Ax
jSwUAnQzUGPkVBab2EV8jW061BEUCs21x4rpPeA645H5uioG8kMnyqEq7dKa7nUl
A1jp5VR0B8gvWzKRUvEGvTAjJWx6SP8DG61ilQ/tZ4MOtbcaFWH1
-----END CERTIFICATE-----