Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/rqQSCNO75Yq0NVx9Oscw7lxTPlI.roa
File:                     rqQSCNO75Yq0NVx9Oscw7lxTPlI.roa (raw, json)
Hash identifier:          itx5LC6Qq1rjeqsInn5w2f9bkHoOMJVl8BoTuFSdj1k=
Subject key identifier:   AE:A4:12:08:D3:BB:E5:8A:B4:35:5C:7D:3A:C7:30:EE:5C:53:3E:52
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA2985750A18164B082842ADFB91FAA7
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/rqQSCNO75Yq0NVx9Oscw7lxTPlI.roa
Signing time:             Tue 02 Jan 2024 12:32:47 +0000
ROA not before:           Tue 02 Jan 2024 12:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48806
IP address blocks:        85.203.8.0/24 maxlen: 24
                          85.203.24.0/24 maxlen: 24
                          85.203.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:85:75:0a:18:16:4b:08:28:42:ad:fb:91:fa:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aea41208d3bbe58ab4355c7d3ac730ee5c533e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c9:e0:2c:4f:b1:9a:01:9b:a0:b2:b1:86:28:
                    36:f2:13:8a:00:41:8d:41:fe:16:a5:ae:a2:b7:eb:
                    84:f7:d4:49:41:30:ab:49:b9:0d:d6:70:53:8c:36:
                    49:17:27:f8:d9:74:3b:1f:f1:e6:55:88:2f:d3:72:
                    d9:23:a5:c4:bb:5f:e9:34:16:aa:dc:ab:29:9f:56:
                    4e:2a:27:ef:d6:fe:ab:67:89:8c:d9:0b:c0:f7:d4:
                    6f:e9:c8:4e:c0:00:0c:aa:f8:86:12:c7:61:fa:96:
                    3a:88:9c:5b:81:67:64:90:c2:01:4a:d8:da:fd:ef:
                    43:11:24:50:1c:65:04:51:ee:9d:46:16:cb:0d:e7:
                    e1:f9:84:07:a7:b2:81:ed:63:fe:57:9f:6a:ba:5c:
                    a7:79:69:2f:38:18:85:1d:dc:e8:62:6c:81:a2:36:
                    51:2e:e2:90:81:7a:c4:21:73:1d:84:d5:d1:89:35:
                    5d:de:40:93:02:0f:51:38:6a:7c:16:98:34:7b:bf:
                    39:87:4d:e4:b5:c0:1d:74:dc:b8:45:86:72:81:a0:
                    30:2e:9d:75:ef:0f:b7:f9:01:44:3a:60:16:b1:6f:
                    16:60:b6:92:e4:38:09:55:20:5d:42:af:79:1f:2f:
                    21:77:9b:c3:64:de:ca:0c:45:fd:2d:6e:63:64:1f:
                    9b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:A4:12:08:D3:BB:E5:8A:B4:35:5C:7D:3A:C7:30:EE:5C:53:3E:52
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/rqQSCNO75Yq0NVx9Oscw7lxTPlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.8.0/24
                  85.203.24.0/24
                  85.203.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:b1:9c:d2:47:36:e6:9e:b9:16:a8:4e:75:49:f8:f1:89:6c:
         fb:26:47:cc:71:5a:53:0f:a8:b5:e0:13:80:5d:f0:39:0b:e9:
         d2:66:b3:58:13:04:90:b6:81:81:10:d7:bb:a6:61:84:b9:0f:
         c9:3e:85:d5:ed:82:ab:29:22:e9:3c:ff:5e:d3:3a:2b:18:f4:
         1a:5f:df:9c:2e:a1:ff:e4:db:ca:ad:a7:75:30:a8:4e:0a:af:
         4f:39:d4:b3:b1:c4:83:a2:07:ae:74:67:ec:a5:ec:ab:63:92:
         67:c2:71:31:bf:d1:ae:4d:f5:87:06:58:97:2b:a1:31:14:22:
         33:d3:51:36:87:9b:2a:bc:90:27:82:0d:4e:2e:a0:04:11:52:
         68:f0:51:84:8e:68:5a:40:61:3f:fd:96:6b:e2:a8:00:75:da:
         62:30:45:61:0f:74:e4:87:84:f3:27:6d:13:a6:aa:f5:94:b7:
         3f:33:47:74:7d:04:7b:55:6e:c8:40:1d:9d:b9:7f:cd:36:b6:
         27:1f:83:1a:4c:99:c7:a1:54:d3:68:a2:1a:cc:ce:44:5a:ce:
         60:c7:69:86:07:12:a3:fc:3c:52:eb:ff:21:54:80:95:02:74:
         22:bb:a7:9c:75:c1:16:29:d2:b8:10:0a:27:8e:e2:4a:be:70:
         01:22:1d:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKYV1ChgWSwgoQq37kfqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWE0MTIwOGQzYmJlNThhYjQzNTVjN2QzYWM3MzBlZTVjNTMzZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksngLE+xmgGboLKxhig28hOKAEGN
Qf4Wpa6it+uE99RJQTCrSbkN1nBTjDZJFyf42XQ7H/HmVYgv03LZI6XEu1/pNBaq
3Kspn1ZOKifv1v6rZ4mM2QvA99Rv6chOwAAMqviGEsdh+pY6iJxbgWdkkMIBStja
/e9DESRQHGUEUe6dRhbLDefh+YQHp7KB7WP+V59qulyneWkvOBiFHdzoYmyBojZR
LuKQgXrEIXMdhNXRiTVd3kCTAg9ROGp8Fpg0e785h03ktcAddNy4RYZygaAwLp11
7w+3+QFEOmAWsW8WYLaS5DgJVSBdQq95Hy8hd5vDZN7KDEX9LW5jZB+bIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK6kEgjTu+WKtDVcfTrHMO5cUz5SMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvcnFRU0NOTzc1WXEwTlZ4OU9zY3c3bHhUUGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVcsIAwQA
VcsYAwQAVcsjMA0GCSqGSIb3DQEBCwUAA4IBAQB0sZzSRzbmnrkWqE51SfjxiWz7
JkfMcVpTD6i14BOAXfA5C+nSZrNYEwSQtoGBENe7pmGEuQ/JPoXV7YKrKSLpPP9e
0zorGPQaX9+cLqH/5NvKrad1MKhOCq9POdSzscSDogeudGfspeyrY5JnwnExv9Gu
TfWHBliXK6ExFCIz01E2h5sqvJAngg1OLqAEEVJo8FGEjmhaQGE//ZZr4qgAddpi
MEVhD3Tkh4TzJ20Tpqr1lLc/M0d0fQR7VW7IQB2duX/NNrYnH4MaTJnHoVTTaKIa
zM5EWs5gx2mGBxKj/DxS6/8hVICVAnQiu6ecdcEWKdK4EAonjuJKvnABIh0Y
-----END CERTIFICATE-----