Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/EID29ENSWychSsL0QkO90mVdgq8.roa
File:                     EID29ENSWychSsL0QkO90mVdgq8.roa (raw, json)
Hash identifier:          cQORP9B1U0Nxodalcp+0xvd//qzmPc4mconl/rHtfLM=
Subject key identifier:   10:80:F6:F4:43:52:5B:27:21:4A:C2:F4:42:43:BD:D2:65:5D:82:AF
Certificate issuer:       /CN=aecd64c97837d7bfac06637dd952bdede0c25d85
Certificate serial:       018CC42480EAA2A4F908A341F5A27748DFE4
Authority key identifier: AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/EID29ENSWychSsL0QkO90mVdgq8.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41211
IP address blocks:        85.112.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:80:ea:a2:a4:f9:08:a3:41:f5:a2:77:48:df:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecd64c97837d7bfac06637dd952bdede0c25d85
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1080f6f443525b27214ac2f44243bdd2655d82af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f5:c0:27:93:51:9b:30:2c:f6:c3:ca:79:69:
                    69:e8:ee:93:5c:88:99:59:d6:e3:cc:cb:af:69:66:
                    6f:a9:03:b2:33:b5:ef:ac:ab:9e:e3:b8:bd:5a:d7:
                    07:34:f4:c8:94:4f:73:36:a1:5a:29:12:7b:6e:dc:
                    a3:98:3c:3f:9a:96:d9:63:58:ef:11:ea:64:ef:51:
                    8c:2e:f0:94:ad:ac:4c:25:e4:f3:2f:3a:a8:4f:19:
                    3f:b2:3b:f1:ef:84:0b:46:b3:f0:6e:88:ab:df:15:
                    a1:ba:f2:d5:d2:09:32:fc:d8:39:b1:26:11:ea:dd:
                    1f:96:36:ce:73:07:25:dd:7e:16:0b:02:e2:0b:a2:
                    5d:f2:65:02:a3:b8:b7:e3:a3:e9:94:7a:0b:a1:8c:
                    57:70:fd:31:5c:bf:97:59:b7:06:21:4f:70:f0:3c:
                    55:ed:03:00:21:3a:9a:8d:2d:c5:64:01:98:39:aa:
                    d7:dd:d0:0d:2c:86:cd:04:e0:7b:c6:95:87:9d:29:
                    b9:02:2a:ef:61:fc:bb:7d:90:33:7e:6e:ce:f0:55:
                    29:52:d0:37:59:ce:71:6c:c0:24:07:13:24:26:08:
                    25:d8:a1:a7:e6:ef:d5:a2:79:af:2e:70:f0:c8:4c:
                    87:e3:b3:fe:e1:ea:1e:b8:68:3b:ae:21:ad:fa:d5:
                    2a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:80:F6:F4:43:52:5B:27:21:4A:C2:F4:42:43:BD:D2:65:5D:82:AF
            X509v3 Authority Key Identifier:
                keyid:AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/EID29ENSWychSsL0QkO90mVdgq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.112.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:5b:c9:bd:d3:6c:e8:ab:46:7f:10:9f:5f:9a:97:73:c1:8e:
         1e:fc:35:a4:af:12:96:45:7f:e4:27:d1:27:b6:85:7b:9e:3e:
         03:db:55:1f:60:a0:69:52:5b:39:cf:33:b5:cf:6b:90:ce:39:
         27:f2:ef:f5:22:4f:7e:62:e0:91:6a:11:f7:75:4b:a2:9c:11:
         93:5c:41:84:b2:c0:e4:fe:73:05:c3:61:e9:3c:47:6d:7d:97:
         b0:17:ff:72:ee:97:93:e7:00:79:13:e7:b4:e1:63:55:ab:10:
         0d:8a:1a:ff:7b:8f:90:1b:1c:23:ba:16:b8:4f:00:b5:c4:25:
         37:75:f7:08:ba:3b:8e:81:3f:16:dc:02:ef:15:f7:44:33:ea:
         82:92:ac:4d:80:7e:22:b0:aa:b9:d1:c9:7f:98:59:02:4a:22:
         a5:4f:a1:1b:3b:61:d7:60:dc:15:1e:ef:03:55:94:f7:2d:52:
         58:5d:2d:64:84:2c:29:8a:d8:4e:74:93:d4:92:4d:99:f1:82:
         5e:c2:61:ef:27:e8:2a:eb:a8:a1:a9:f0:20:63:02:c4:15:49:
         88:66:ba:e3:69:03:87:e6:7b:90:fb:cf:db:f1:ef:c5:56:9d:
         cc:0b:df:17:79:8c:f6:99:b5:c0:fd:4a:da:ce:2c:1d:5c:9a:
         af:d7:da:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIDqoqT5CKNB9aJ3SN/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlY2Q2NGM5NzgzN2Q3YmZhYzA2NjM3ZGQ5NTJiZGVkZTBj
MjVkODUwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDgwZjZmNDQzNTI1YjI3MjE0YWMyZjQ0MjQzYmRkMjY1NWQ4MmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfXAJ5NRmzAs9sPKeWlp6O6TXIiZ
WdbjzMuvaWZvqQOyM7XvrKue47i9WtcHNPTIlE9zNqFaKRJ7btyjmDw/mpbZY1jv
Eepk71GMLvCUraxMJeTzLzqoTxk/sjvx74QLRrPwboir3xWhuvLV0gky/Ng5sSYR
6t0fljbOcwcl3X4WCwLiC6Jd8mUCo7i346PplHoLoYxXcP0xXL+XWbcGIU9w8DxV
7QMAITqajS3FZAGYOarX3dANLIbNBOB7xpWHnSm5AirvYfy7fZAzfm7O8FUpUtA3
Wc5xbMAkBxMkJggl2KGn5u/VonmvLnDwyEyH47P+4eoeuGg7riGt+tUqcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCA9vRDUlsnIUrC9EJDvdJlXYKvMB8GA1UdIwQY
MBaAFK7NZMl4N9e/rAZjfdlSve3gwl2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzIt
MWVjZGUxNzkxNTExLzEvRUlEMjlFTlNXeWNoU3NMMFFrTzkwbVZkZ3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzItMWVjZGUxNzkxNTEx
LzEvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXBRMA0G
CSqGSIb3DQEBCwUAA4IBAQAKW8m902zoq0Z/EJ9fmpdzwY4e/DWkrxKWRX/kJ9En
toV7nj4D21UfYKBpUls5zzO1z2uQzjkn8u/1Ik9+YuCRahH3dUuinBGTXEGEssDk
/nMFw2HpPEdtfZewF/9y7peT5wB5E+e04WNVqxANihr/e4+QGxwjuha4TwC1xCU3
dfcIujuOgT8W3ALvFfdEM+qCkqxNgH4isKq50cl/mFkCSiKlT6EbO2HXYNwVHu8D
VZT3LVJYXS1khCwpithOdJPUkk2Z8YJewmHvJ+gq66ihqfAgYwLEFUmIZrrjaQOH
5nuQ+8/b8e/FVp3MC98XeYz2mbXA/UraziwdXJqv19pu
-----END CERTIFICATE-----