Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s12qOVMIO4w3emvAGbZbwDQOa5k.roa
File:                     s12qOVMIO4w3emvAGbZbwDQOa5k.roa (raw, json)
Hash identifier:          zu5XOMjXUX97QtRDnqPp4C7ZHn0QmPOwYKpgftqKKcM=
Subject key identifier:   B3:5D:AA:39:53:08:3B:8C:37:7A:6B:C0:19:B6:5B:C0:34:0E:6B:99
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B87A5F481E442B57147D5FF756526
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s12qOVMIO4w3emvAGbZbwDQOa5k.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57321
IP address blocks:        85.202.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:87:a5:f4:81:e4:42:b5:71:47:d5:ff:75:65:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b35daa3953083b8c377a6bc019b65bc0340e6b99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:34:c2:0e:a1:e1:59:49:19:d7:3a:cd:b2:
                    8f:53:3c:fd:8e:dd:2d:fd:08:ea:3b:d6:97:69:6b:
                    5e:f0:52:46:c3:a0:2b:d5:50:3b:2e:e6:5f:73:90:
                    cb:c8:52:51:0d:84:a2:ec:20:b7:92:29:dc:7d:72:
                    75:58:2f:08:db:9b:50:c3:c9:9c:52:dc:b2:ed:24:
                    91:a5:22:fb:e9:0a:c0:ce:db:2f:da:77:20:76:21:
                    15:6d:95:fc:11:2f:3a:80:1e:1e:d8:b6:b8:84:e8:
                    ff:c4:e1:6b:fa:db:9e:6c:d2:ef:9e:87:8c:7d:87:
                    26:c9:96:b3:64:ef:68:7f:44:df:0a:1b:b7:c5:35:
                    89:6d:f1:89:79:55:a2:e5:84:b0:ab:ae:eb:ab:fc:
                    65:7c:a9:7a:10:1b:b8:32:21:cd:21:41:b4:7b:1e:
                    1d:09:60:66:e3:21:76:ee:ff:46:df:9f:22:39:7c:
                    6b:ad:d3:eb:03:60:1d:36:45:5e:29:e8:39:64:ae:
                    ce:d5:e2:47:23:bf:ce:60:0c:2c:0b:93:f8:7f:84:
                    ae:c2:4b:ef:d0:27:60:c2:69:96:cf:63:09:43:4c:
                    0c:fb:71:c7:2a:d5:00:96:fb:e8:31:8e:30:6a:36:
                    04:69:95:c5:ae:86:f6:f7:c7:36:75:dc:b4:2a:ef:
                    67:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5D:AA:39:53:08:3B:8C:37:7A:6B:C0:19:B6:5B:C0:34:0E:6B:99
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/s12qOVMIO4w3emvAGbZbwDQOa5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d8:ae:03:55:e9:e8:7b:a9:46:69:1f:98:fa:8d:51:e8:c6:
         20:80:a3:c1:4b:e7:9f:69:18:8e:8d:ce:5d:c4:e3:fd:76:0f:
         ea:4b:68:b4:d7:b9:28:f8:76:ee:ab:cb:b6:e9:54:30:d9:84:
         9d:70:db:28:e2:ba:6e:a5:16:bf:c7:dc:ff:9e:63:4f:87:b6:
         b8:7e:a2:1f:e1:5b:2c:5b:13:ea:e0:75:08:10:14:55:59:9a:
         b3:dd:77:28:5c:00:d2:7b:36:6d:59:72:da:b8:47:90:0a:06:
         7d:92:c9:ca:cb:49:71:2f:fd:31:3f:ad:c9:d7:e2:3c:ec:ae:
         79:29:b1:39:46:36:35:3a:ed:23:87:f8:7d:8a:76:4a:e3:c8:
         1f:6b:34:57:c4:29:b8:e8:61:a1:fb:e2:23:91:21:9b:bc:b2:
         f1:ad:3b:91:2d:22:de:b0:a2:dc:10:f0:47:38:5c:ae:52:b9:
         ac:74:78:81:4e:bd:4e:39:3e:ef:c8:aa:9c:63:00:70:f0:30:
         e2:a3:35:e9:57:2f:08:26:b7:32:c9:3e:65:37:1c:50:be:5b:
         8b:22:69:8d:45:a7:da:03:b4:60:63:9c:43:2c:e3:e0:68:80:
         51:3a:89:f4:00:5b:f8:5f:00:96:25:1e:e6:22:11:1b:28:00:
         e3:5d:21:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4el9IHkQrVxR9X/dWUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVkYWEzOTUzMDgzYjhjMzc3YTZiYzAxOWI2NWJjMDM0MGU2Yjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRM0wg6h4VlJGdc6zbKPUzz9jt0t
/QjqO9aXaWte8FJGw6Ar1VA7LuZfc5DLyFJRDYSi7CC3kincfXJ1WC8I25tQw8mc
Utyy7SSRpSL76QrAztsv2ncgdiEVbZX8ES86gB4e2La4hOj/xOFr+tuebNLvnoeM
fYcmyZazZO9of0TfChu3xTWJbfGJeVWi5YSwq67rq/xlfKl6EBu4MiHNIUG0ex4d
CWBm4yF27v9G358iOXxrrdPrA2AdNkVeKeg5ZK7O1eJHI7/OYAwsC5P4f4Suwkvv
0CdgwmmWz2MJQ0wM+3HHKtUAlvvoMY4wajYEaZXFrob298c2ddy0Ku9nZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNdqjlTCDuMN3prwBm2W8A0DmuZMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvczEycU9WTUlPNHczZW12QUdiWmJ3RFFPYTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVco0MA0G
CSqGSIb3DQEBCwUAA4IBAQAi2K4DVenoe6lGaR+Y+o1R6MYggKPBS+efaRiOjc5d
xOP9dg/qS2i017ko+Hbuq8u26VQw2YSdcNso4rpupRa/x9z/nmNPh7a4fqIf4Vss
WxPq4HUIEBRVWZqz3XcoXADSezZtWXLauEeQCgZ9ksnKy0lxL/0xP63J1+I87K55
KbE5RjY1Ou0jh/h9inZK48gfazRXxCm46GGh++IjkSGbvLLxrTuRLSLesKLcEPBH
OFyuUrmsdHiBTr1OOT7vyKqcYwBw8DDiozXpVy8IJrcyyT5lNxxQvluLImmNRafa
A7RgY5xDLOPgaIBROon0AFv4XwCWJR7mIhEbKADjXSEV
-----END CERTIFICATE-----