Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/sNpnw9uFH3lBebEmpU8WVl7D-Jc.roa
File:                     sNpnw9uFH3lBebEmpU8WVl7D-Jc.roa (raw, json)
Hash identifier:          /JNbmeeH5AuOh7BDYj9x+E/iFOAWtWXgTxCff0QM/R0=
Subject key identifier:   B0:DA:67:C3:DB:85:1F:79:41:79:B1:26:A5:4F:16:56:5E:C3:F8:97
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019325D0545BA845800F0430651640D5E711
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/sNpnw9uFH3lBebEmpU8WVl7D-Jc.roa
Signing time:             Wed 13 Nov 2024 13:57:10 +0000
ROA not before:           Wed 13 Nov 2024 13:57:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38195
IP address blocks:        85.203.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:25:d0:54:5b:a8:45:80:0f:04:30:65:16:40:d5:e7:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Nov 13 13:57:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0da67c3db851f794179b126a54f16565ec3f897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:62:dd:5f:6e:4e:b2:16:f1:53:01:ff:33:
                    db:7e:7e:b0:82:4b:e3:57:01:23:e7:6f:6e:12:15:
                    9b:2b:57:65:81:eb:3e:f6:8a:9f:4c:5e:bc:4d:07:
                    31:1f:70:07:a8:36:ac:c8:a2:ea:35:9b:f5:aa:8d:
                    0b:5e:a0:14:7d:68:bb:3a:ba:3d:43:5a:5d:3b:33:
                    09:10:81:52:60:94:5f:d4:49:e0:ce:1e:79:a6:6f:
                    47:46:72:c2:74:3f:1d:2e:87:79:7e:a3:ea:cd:59:
                    63:83:9a:3b:65:84:58:f1:ea:c0:13:c6:e9:c1:67:
                    70:68:de:50:dc:0d:63:ab:4e:07:30:b7:c2:ad:43:
                    99:ab:a9:9d:45:df:b8:40:3c:f1:8f:1f:16:f7:c2:
                    e6:de:05:fb:1b:d6:0b:fe:e7:1f:be:2c:94:30:9d:
                    fe:ad:c3:37:de:4b:30:fc:1b:f0:d3:81:d9:e5:0a:
                    ce:44:2a:2d:b4:75:d6:7f:08:0b:49:0c:fe:b3:54:
                    21:e6:ee:68:65:56:a5:bf:b2:63:7f:7b:59:d2:83:
                    c0:2b:67:38:c4:a5:10:89:8a:bb:9f:b5:7a:b2:75:
                    dd:2a:5d:73:a3:d2:b3:0d:0d:7f:c1:40:65:a0:9b:
                    83:f9:57:e3:40:17:b6:4f:c8:a3:e5:20:07:d5:94:
                    94:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DA:67:C3:DB:85:1F:79:41:79:B1:26:A5:4F:16:56:5E:C3:F8:97
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/sNpnw9uFH3lBebEmpU8WVl7D-Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:14:94:f7:43:ff:77:dc:47:98:93:41:ed:c6:8c:dc:89:50:
         d2:d0:63:f0:c7:ac:a4:2a:56:72:51:ad:91:18:d9:4a:20:3e:
         60:9b:bb:9d:e4:7a:d4:2b:53:e1:9e:8d:3f:76:dc:e0:5b:1d:
         60:2f:fd:e6:3b:0e:d1:95:66:35:68:4b:91:81:c0:7e:0e:1f:
         2e:07:a3:67:40:68:6d:c8:f2:0b:d1:96:87:c9:45:b8:35:f0:
         ba:22:99:42:9e:87:d2:6a:f5:c2:0d:93:01:e6:72:56:d5:c1:
         c3:8e:2a:a1:b8:96:05:7e:24:86:91:14:3e:97:d5:41:fd:3b:
         13:a7:a6:59:b1:ed:af:48:1a:30:7e:01:a8:bd:ae:06:57:dd:
         e7:3c:61:c9:db:67:6e:56:dd:2f:3f:5b:b1:74:82:87:e6:3c:
         b4:d0:f6:7c:34:f9:b7:ba:5a:a5:a1:83:ef:d1:04:5e:92:67:
         4b:54:a2:1b:18:41:1c:ed:9d:72:f8:82:b9:13:c8:c7:9f:36:
         76:0a:26:d9:90:fe:90:59:8e:28:86:96:ad:52:e6:ec:16:23:
         3c:d3:ec:fa:bd:d5:28:6a:f3:a2:e7:9b:9a:60:dc:56:09:3b:
         bd:ae:05:7b:e8:d4:ad:d6:73:ed:4e:2d:33:04:86:2b:1c:c1:
         18:c9:e6:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMl0FRbqEWADwQwZRZA1ecRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQxMTEzMTM1NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGRhNjdjM2RiODUxZjc5NDE3OWIxMjZhNTRmMTY1NjVlYzNmODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXdi3V9uTrIW8VMB/zPbfn6wgkvj
VwEj529uEhWbK1dlges+9oqfTF68TQcxH3AHqDasyKLqNZv1qo0LXqAUfWi7Oro9
Q1pdOzMJEIFSYJRf1Engzh55pm9HRnLCdD8dLod5fqPqzVljg5o7ZYRY8erAE8bp
wWdwaN5Q3A1jq04HMLfCrUOZq6mdRd+4QDzxjx8W98Lm3gX7G9YL/ucfviyUMJ3+
rcM33ksw/Bvw04HZ5QrORCottHXWfwgLSQz+s1Qh5u5oZValv7Jjf3tZ0oPAK2c4
xKUQiYq7n7V6snXdKl1zo9KzDQ1/wUBloJuD+VfjQBe2T8ij5SAH1ZSUSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDaZ8PbhR95QXmxJqVPFlZew/iXMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvc05wbnc5dUZIM2xCZWJFbXBVOFdWbDdELUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcs8MA0G
CSqGSIb3DQEBCwUAA4IBAQAoFJT3Q/933EeYk0HtxozciVDS0GPwx6ykKlZyUa2R
GNlKID5gm7ud5HrUK1Phno0/dtzgWx1gL/3mOw7RlWY1aEuRgcB+Dh8uB6NnQGht
yPIL0ZaHyUW4NfC6IplCnofSavXCDZMB5nJW1cHDjiqhuJYFfiSGkRQ+l9VB/TsT
p6ZZse2vSBowfgGova4GV93nPGHJ22duVt0vP1uxdIKH5jy00PZ8NPm3ulqloYPv
0QRekmdLVKIbGEEc7Z1y+IK5E8jHnzZ2CibZkP6QWY4ohpatUubsFiM80+z6vdUo
avOi55uaYNxWCTu9rgV76NSt1nPtTi0zBIYrHMEYyeaP
-----END CERTIFICATE-----