Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/zUsvlRwm2Y4aYcPbQZCM15fzPAQ.roa
File:                     zUsvlRwm2Y4aYcPbQZCM15fzPAQ.roa (raw, json)
Hash identifier:          dX5wbheft/MURoOoVBjg1by/94YeeID35BfgwA4LKic=
Subject key identifier:   CD:4B:2F:95:1C:26:D9:8E:1A:61:C3:DB:41:90:8C:D7:97:F3:3C:04
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018FE2F9B9AF76BAEEB34CFB632C22711D5D
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/zUsvlRwm2Y4aYcPbQZCM15fzPAQ.roa
Signing time:             Tue 04 Jun 2024 11:19:27 +0000
ROA not before:           Tue 04 Jun 2024 11:19:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        85.203.8.0/24 maxlen: 24
                          85.203.15.0/24 maxlen: 24
                          85.203.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:f9:b9:af:76:ba:ee:b3:4c:fb:63:2c:22:71:1d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jun  4 11:19:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd4b2f951c26d98e1a61c3db41908cd797f33c04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ff:40:9c:95:f1:0b:f3:2a:b6:83:43:0c:e3:c9:
                    e3:7e:25:18:5a:59:b7:63:8d:ab:65:7b:96:b4:92:
                    da:ad:71:ee:61:57:75:dc:a7:e5:4d:3a:cf:a8:5e:
                    cc:03:ee:21:f2:e4:18:58:2f:77:cd:4a:06:f2:c0:
                    8b:3f:13:5e:f8:72:a8:8b:69:81:12:71:d0:a3:e2:
                    f9:93:97:c9:4c:a9:7c:26:b5:f4:8a:1b:80:be:5a:
                    0c:44:c9:bd:b9:68:78:30:3e:ad:1a:47:18:13:42:
                    79:43:df:1a:ab:0d:dd:7d:08:c8:ed:05:ec:ad:fe:
                    17:9a:2a:ce:a5:04:c1:6d:a2:8c:5b:28:bf:ef:1f:
                    4b:c8:78:fb:36:10:a0:c8:e6:69:18:15:ff:d9:2d:
                    48:26:b4:08:18:d0:d0:b5:2b:ae:51:c5:88:be:7d:
                    ec:6c:8b:a4:31:a7:ad:85:88:6c:89:4d:e8:ac:28:
                    9c:36:3e:ef:7e:78:08:4d:b9:dc:08:5c:50:1a:f2:
                    9b:ab:92:93:16:cc:08:87:1a:d5:7c:9c:c0:4d:bf:
                    3d:8c:36:17:9f:26:36:30:cd:18:60:13:f2:42:a2:
                    32:93:0b:73:a9:f4:d2:94:13:69:0c:48:81:49:7d:
                    90:9e:77:13:80:90:35:59:fb:f0:5c:c5:7a:2a:2c:
                    87:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:4B:2F:95:1C:26:D9:8E:1A:61:C3:DB:41:90:8C:D7:97:F3:3C:04
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/zUsvlRwm2Y4aYcPbQZCM15fzPAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.8.0/24
                  85.203.15.0/24
                  85.203.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:21:4a:23:5c:0f:28:66:2b:46:9a:41:f7:84:e3:de:f4:a9:
         04:78:f5:68:f1:c1:3b:7e:7b:c4:dd:68:e3:6d:a6:70:9a:08:
         29:a3:7d:7c:c0:9e:cf:6d:6d:1c:6d:4c:79:dd:8f:72:35:f6:
         69:89:fa:3d:8a:36:87:cd:b5:f2:28:a7:f6:5c:f3:43:fc:93:
         4e:70:6b:c5:af:1c:f8:e1:55:96:6f:43:bf:5c:f8:bb:e6:65:
         93:d7:41:e1:c0:8e:6d:f9:eb:dc:b7:e4:53:3b:f8:b2:d0:61:
         71:35:d7:a8:c1:9f:0e:d4:47:43:04:1d:bc:07:d9:06:94:06:
         25:53:47:fa:93:8e:5a:76:28:be:64:19:1c:8e:10:f7:18:a5:
         fb:0d:91:aa:ec:0d:33:26:6b:63:6d:c8:ce:49:6c:d7:63:14:
         2b:23:9e:55:35:e7:ee:14:f5:4e:77:56:eb:80:e2:53:a6:39:
         48:7b:d2:ad:b1:fe:b8:d6:55:d6:a8:1f:06:ba:22:df:e3:f7:
         83:e5:d2:55:47:64:29:9a:46:08:72:71:68:6f:88:d2:e0:1c:
         a1:f0:91:f1:f9:9d:96:d5:42:46:2a:8f:39:32:8b:94:7a:84:
         8f:53:30:b7:4b:55:a2:12:0e:af:d8:82:38:93:5c:dc:ae:fc:
         4e:bf:3f:dd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/i+bmvdrrus0z7YywicR1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwNjA0MTExOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDRiMmY5NTFjMjZkOThlMWE2MWMzZGI0MTkwOGNkNzk3ZjMzYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/0CclfEL8yq2g0MM48njfiUYWlm3
Y42rZXuWtJLarXHuYVd13KflTTrPqF7MA+4h8uQYWC93zUoG8sCLPxNe+HKoi2mB
EnHQo+L5k5fJTKl8JrX0ihuAvloMRMm9uWh4MD6tGkcYE0J5Q98aqw3dfQjI7QXs
rf4XmirOpQTBbaKMWyi/7x9LyHj7NhCgyOZpGBX/2S1IJrQIGNDQtSuuUcWIvn3s
bIukMaethYhsiU3orCicNj7vfngITbncCFxQGvKbq5KTFswIhxrVfJzATb89jDYX
nyY2MM0YYBPyQqIykwtzqfTSlBNpDEiBSX2QnncTgJA1WfvwXMV6KiyHdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM1LL5UcJtmOGmHD20GQjNeX8zwEMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvelVzdmxSd20yWTRhWWNQYlFaQ00xNWZ6UEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVcsIAwQA
VcsPAwQAVcskMA0GCSqGSIb3DQEBCwUAA4IBAQAxIUojXA8oZitGmkH3hOPe9KkE
ePVo8cE7fnvE3WjjbaZwmggpo318wJ7PbW0cbUx53Y9yNfZpifo9ijaHzbXyKKf2
XPND/JNOcGvFrxz44VWWb0O/XPi75mWT10HhwI5t+evct+RTO/iy0GFxNdeowZ8O
1EdDBB28B9kGlAYlU0f6k45adii+ZBkcjhD3GKX7DZGq7A0zJmtjbcjOSWzXYxQr
I55VNefuFPVOd1brgOJTpjlIe9Ktsf641lXWqB8GuiLf4/eD5dJVR2QpmkYIcnFo
b4jS4Byh8JHx+Z2W1UJGKo85MouUeoSPUzC3S1WiEg6v2II4k1zcrvxOvz/d
-----END CERTIFICATE-----