Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/tm6nPkefp_7Sfp5JzXIBvoDYr4k.roa
File:                     tm6nPkefp_7Sfp5JzXIBvoDYr4k.roa (raw, json)
Hash identifier:          EXzf0PgTjjqDBwKS1vdWyulgHoaEhgZCr3wXfgWuxT8=
Subject key identifier:   B6:6E:A7:3E:47:9F:A7:FE:D2:7E:9E:49:CD:72:01:BE:80:D8:AF:89
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019427484C5602CD51D12A30369FE4C90256
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/tm6nPkefp_7Sfp5JzXIBvoDYr4k.roa
Signing time:             Thu 02 Jan 2025 13:50:37 +0000
ROA not before:           Thu 02 Jan 2025 13:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206092
IP address blocks:        85.203.13.0/24 maxlen: 24
                          85.203.21.0/24 maxlen: 24
                          85.203.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4c:56:02:cd:51:d1:2a:30:36:9f:e4:c9:02:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b66ea73e479fa7fed27e9e49cd7201be80d8af89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:79:24:6f:13:7e:7d:7a:8e:a3:ac:c9:33:8a:
                    6b:1d:5c:12:41:b6:a3:c9:29:80:3c:a8:19:ca:30:
                    75:e3:76:8d:20:3f:15:c7:23:04:09:7f:5d:a4:f7:
                    0e:2f:0f:b7:3c:4c:c3:ea:30:58:ec:0b:84:e1:1f:
                    3f:da:71:ec:c7:bc:c5:92:0c:59:a1:7c:9a:74:c0:
                    ea:2b:1c:15:5c:c5:16:71:36:d0:5c:1b:32:df:c0:
                    d5:ed:29:0f:c8:74:d3:6f:d0:41:ec:e8:2c:0b:6c:
                    f7:ce:cb:58:65:96:5f:12:25:d4:42:5d:e2:51:e1:
                    58:e2:52:85:48:cf:24:88:cc:46:ad:ce:31:70:07:
                    db:8a:23:8a:65:8b:d7:61:d9:2f:9c:83:77:01:2b:
                    5c:c9:f2:a8:3e:4d:3b:34:52:9c:c6:c7:7a:4c:78:
                    35:41:c5:53:3f:3a:48:eb:41:02:f2:23:06:11:3c:
                    c8:60:f3:37:89:31:ad:2a:22:74:5b:15:ec:26:bb:
                    e1:19:6d:31:25:c4:75:75:3a:c6:90:54:2a:19:39:
                    6f:6d:34:69:3d:f5:6f:69:b0:b2:70:18:d0:a2:44:
                    95:10:35:dd:b9:e5:50:c2:57:4a:1f:98:bd:98:93:
                    98:ef:85:f0:76:5a:66:1e:3d:5b:e3:db:7d:3d:8b:
                    3c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6E:A7:3E:47:9F:A7:FE:D2:7E:9E:49:CD:72:01:BE:80:D8:AF:89
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/tm6nPkefp_7Sfp5JzXIBvoDYr4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.13.0/24
                  85.203.21.0/24
                  85.203.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:b8:46:36:28:ea:cf:b2:77:1e:0c:ec:af:52:8a:2b:bf:e1:
         c8:b0:f0:f3:74:c3:7d:ec:71:f7:be:99:da:97:10:ce:dc:0a:
         19:bf:64:ae:4b:ab:5e:02:36:27:d8:59:88:15:c3:43:85:08:
         6a:3a:b7:1d:e7:bf:0d:e7:8d:ff:6f:48:63:9a:b5:3b:d6:c9:
         84:a7:2b:73:50:7c:a9:12:ab:3d:d1:8a:39:46:77:17:23:0e:
         29:f8:6e:5d:41:ad:25:c3:3b:02:8a:6a:98:8b:42:5e:bb:dc:
         fa:67:03:1a:62:af:72:9a:61:17:2f:a5:eb:6d:9e:8e:ca:de:
         89:25:92:b4:bf:e9:32:ae:9f:b8:65:35:70:0f:f2:75:f6:0c:
         1f:47:82:c3:01:84:e4:06:3f:53:57:3b:a6:3f:1b:a0:14:c6:
         84:4b:e3:23:57:53:a6:f6:d2:ab:83:49:15:3d:c5:cf:90:bf:
         1b:35:a6:d3:65:5c:91:87:90:3e:5e:1b:97:84:53:1f:23:4e:
         22:a1:f9:11:6e:2b:ff:d8:60:60:f2:29:f8:d6:30:67:3d:23:
         c4:37:ec:8f:0d:12:f6:b0:e0:53:3d:d5:86:1d:0d:59:63:37:
         23:ac:d8:c5:6e:ce:11:b6:ee:d5:27:31:ad:4b:91:d1:9e:e6:
         d9:8c:cc:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnSExWAs1R0SowNp/kyQJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZlYTczZTQ3OWZhN2ZlZDI3ZTllNDljZDcyMDFiZTgwZDhhZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3kkbxN+fXqOo6zJM4prHVwSQbaj
ySmAPKgZyjB143aNID8VxyMECX9dpPcOLw+3PEzD6jBY7AuE4R8/2nHsx7zFkgxZ
oXyadMDqKxwVXMUWcTbQXBsy38DV7SkPyHTTb9BB7OgsC2z3zstYZZZfEiXUQl3i
UeFY4lKFSM8kiMxGrc4xcAfbiiOKZYvXYdkvnIN3AStcyfKoPk07NFKcxsd6THg1
QcVTPzpI60EC8iMGETzIYPM3iTGtKiJ0WxXsJrvhGW0xJcR1dTrGkFQqGTlvbTRp
PfVvabCycBjQokSVEDXdueVQwldKH5i9mJOY74XwdlpmHj1b49t9PYs8nwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLZupz5Hn6f+0n6eSc1yAb6A2K+JMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvdG02blBrZWZwXzdTZnA1SnpYSUJ2b0RZcjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVcsNAwQA
VcsVAwQAVcsiMA0GCSqGSIb3DQEBCwUAA4IBAQCAuEY2KOrPsnceDOyvUoorv+HI
sPDzdMN97HH3vpnalxDO3AoZv2SuS6teAjYn2FmIFcNDhQhqOrcd578N543/b0hj
mrU71smEpytzUHypEqs90Yo5RncXIw4p+G5dQa0lwzsCimqYi0Jeu9z6ZwMaYq9y
mmEXL6XrbZ6Oyt6JJZK0v+kyrp+4ZTVwD/J19gwfR4LDAYTkBj9TVzumPxugFMaE
S+MjV1Om9tKrg0kVPcXPkL8bNabTZVyRh5A+XhuXhFMfI04iofkRbiv/2GBg8in4
1jBnPSPEN+yPDRL2sOBTPdWGHQ1ZYzcjrNjFbs4Rtu7VJzGtS5HRnubZjMwz
-----END CERTIFICATE-----