Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/nYMrZ6FBKnRoSg-kRC8zap2GnTI.roa
File:                     nYMrZ6FBKnRoSg-kRC8zap2GnTI.roa (raw, json)
Hash identifier:          wUcT5zCtAaTUEJibuSnx5gSio0ilE12UoQwz9XhhEGs=
Subject key identifier:   9D:83:2B:67:A1:41:2A:74:68:4A:0F:A4:44:2F:33:6A:9D:86:9D:32
Certificate issuer:       /CN=aecd64c97837d7bfac06637dd952bdede0c25d85
Certificate serial:       018CC42480508E245DFF2FD95F1E973E890C
Authority key identifier: AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/nYMrZ6FBKnRoSg-kRC8zap2GnTI.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39868
IP address blocks:        85.112.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:80:50:8e:24:5d:ff:2f:d9:5f:1e:97:3e:89:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecd64c97837d7bfac06637dd952bdede0c25d85
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d832b67a1412a74684a0fa4442f336a9d869d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:9e:07:12:43:4d:a3:af:c2:85:41:17:ba:7b:
                    ad:71:b2:30:42:31:97:8c:fe:62:23:10:16:f1:85:
                    d9:bd:a4:5c:9b:c4:a5:39:18:36:1a:bf:fa:3f:56:
                    1d:20:fe:2d:68:74:a4:86:63:bc:cd:3b:87:06:28:
                    35:98:10:5a:48:9a:da:cd:69:d4:31:2d:96:c5:72:
                    e7:26:45:37:27:29:26:91:d3:70:02:2d:89:ed:2f:
                    b1:23:70:cf:38:1a:3f:e4:aa:91:2b:c8:a7:02:14:
                    96:1b:a9:c0:3f:ab:1f:e5:36:58:fe:5f:f4:e1:a0:
                    a8:a4:13:f4:2e:f3:46:43:0c:ec:e6:20:e1:68:f1:
                    a9:3c:ec:4e:b7:4b:67:f1:8b:b0:9d:eb:e8:b2:fa:
                    ba:34:81:42:43:5d:63:03:00:cd:0f:5e:c7:07:09:
                    8b:2f:4b:05:3f:a2:14:9b:78:19:4d:19:35:6d:b4:
                    3f:d1:01:64:e7:13:4c:3d:f3:9f:43:39:c9:cc:0b:
                    25:c6:22:f6:da:8d:4c:f1:d0:94:6a:8e:bb:97:d0:
                    74:dd:da:3e:72:77:0e:35:55:98:38:38:44:ce:1f:
                    43:a7:04:07:ad:5e:12:89:d3:b8:9c:78:cd:eb:20:
                    62:f2:1a:f1:d8:2f:0f:34:5d:61:b0:83:31:80:24:
                    57:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:83:2B:67:A1:41:2A:74:68:4A:0F:A4:44:2F:33:6A:9D:86:9D:32
            X509v3 Authority Key Identifier:
                keyid:AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/nYMrZ6FBKnRoSg-kRC8zap2GnTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.112.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:62:6c:f1:a2:84:74:d2:ea:42:c1:ce:18:00:ce:63:04:d4:
         a5:6c:d8:30:35:9d:7d:c7:bb:51:14:cc:78:24:b6:9f:43:23:
         93:2e:b6:63:36:f3:3d:d6:9a:11:8b:07:27:07:61:36:8b:6c:
         c0:b1:76:81:c3:35:b4:51:e1:59:1c:5d:51:5a:24:d3:b0:f4:
         5f:9b:59:62:95:1d:b4:59:b7:27:ac:88:1b:be:5b:1d:ce:be:
         73:ea:fd:bb:3d:5f:82:cc:06:36:6c:5f:bf:fa:91:29:6f:73:
         97:dd:01:ed:3a:94:62:cd:6b:46:3f:0f:3a:10:87:34:e9:4f:
         39:48:01:ed:82:f3:ac:99:e7:f9:6c:80:68:6e:b5:bb:fd:7a:
         64:0d:45:f9:93:d0:7e:25:d4:b7:2d:e6:0a:26:5d:58:58:aa:
         0f:15:14:0a:73:b2:ee:48:01:72:07:c8:ed:48:c1:19:44:a2:
         23:9d:f3:4f:7f:09:6f:dd:b9:79:0a:65:a9:ae:dd:09:8c:05:
         fe:af:fa:23:7a:81:ab:27:bd:0f:83:8c:22:f4:24:16:f8:b6:
         7e:0e:da:f6:d3:6e:af:3c:7a:78:84:81:d3:ab:e0:9a:4e:5a:
         31:f8:65:bd:36:6b:bc:84:b8:41:bc:28:51:f1:de:68:12:a5:
         57:bf:b5:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIBQjiRd/y/ZXx6XPokMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlY2Q2NGM5NzgzN2Q3YmZhYzA2NjM3ZGQ5NTJiZGVkZTBj
MjVkODUwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDgzMmI2N2ExNDEyYTc0Njg0YTBmYTQ0NDJmMzM2YTlkODY5ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4J4HEkNNo6/ChUEXunutcbIwQjGX
jP5iIxAW8YXZvaRcm8SlORg2Gr/6P1YdIP4taHSkhmO8zTuHBig1mBBaSJrazWnU
MS2WxXLnJkU3JykmkdNwAi2J7S+xI3DPOBo/5KqRK8inAhSWG6nAP6sf5TZY/l/0
4aCopBP0LvNGQwzs5iDhaPGpPOxOt0tn8Yuwnevosvq6NIFCQ11jAwDND17HBwmL
L0sFP6IUm3gZTRk1bbQ/0QFk5xNMPfOfQznJzAslxiL22o1M8dCUao67l9B03do+
cncONVWYODhEzh9DpwQHrV4SidO4nHjN6yBi8hrx2C8PNF1hsIMxgCRX+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2DK2ehQSp0aEoPpEQvM2qdhp0yMB8GA1UdIwQY
MBaAFK7NZMl4N9e/rAZjfdlSve3gwl2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzIt
MWVjZGUxNzkxNTExLzEvbllNclo2RkJLblJvU2cta1JDOHphcDJHblRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzItMWVjZGUxNzkxNTEx
LzEvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXBPMA0G
CSqGSIb3DQEBCwUAA4IBAQBoYmzxooR00upCwc4YAM5jBNSlbNgwNZ19x7tRFMx4
JLafQyOTLrZjNvM91poRiwcnB2E2i2zAsXaBwzW0UeFZHF1RWiTTsPRfm1lilR20
WbcnrIgbvlsdzr5z6v27PV+CzAY2bF+/+pEpb3OX3QHtOpRizWtGPw86EIc06U85
SAHtgvOsmef5bIBobrW7/XpkDUX5k9B+JdS3LeYKJl1YWKoPFRQKc7LuSAFyB8jt
SMEZRKIjnfNPfwlv3bl5CmWprt0JjAX+r/ojeoGrJ70Pg4wi9CQW+LZ+Dtr2026v
PHp4hIHTq+CaTlox+GW9Nmu8hLhBvChR8d5oEqVXv7Xo
-----END CERTIFICATE-----