Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/vxhTN1By4lMiNMyOzxGwyr7QhR4.roa
File:                     vxhTN1By4lMiNMyOzxGwyr7QhR4.roa (raw, json)
Hash identifier:          Ifos+E1fPLCwRcBMt2WCu8lSioPDUu6uUrn5J7VTK/U=
Subject key identifier:   BF:18:53:37:50:72:E2:53:22:34:CC:8E:CF:11:B0:CA:BE:D0:85:1E
Certificate issuer:       /CN=aecd64c97837d7bfac06637dd952bdede0c25d85
Certificate serial:       0194266BEAA8A0B8F3DE1022D6A0248EE06F
Authority key identifier: AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/vxhTN1By4lMiNMyOzxGwyr7QhR4.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39868
IP address blocks:        85.112.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ea:a8:a0:b8:f3:de:10:22:d6:a0:24:8e:e0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecd64c97837d7bfac06637dd952bdede0c25d85
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf1853375072e2532234cc8ecf11b0cabed0851e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7b:7d:3d:82:78:5e:00:81:93:9c:89:bb:db:
                    7b:5c:c0:b6:a8:4a:db:3f:0f:1d:39:4d:7b:ac:91:
                    ee:ee:47:f5:78:65:ca:18:6b:21:5e:f0:17:74:ea:
                    70:4d:60:68:ee:93:df:9b:83:e7:1e:1d:83:3e:4f:
                    6f:a7:a0:62:90:9e:14:91:2c:99:d3:d8:54:32:39:
                    25:cd:cd:be:fb:71:62:6c:64:9f:d6:af:08:a1:8c:
                    02:6b:36:0c:65:b4:4a:15:41:1a:49:58:37:f2:fa:
                    a8:ae:86:c6:21:46:3f:a2:33:39:98:52:b4:e3:76:
                    66:0b:32:e1:ba:09:f8:bf:c4:b8:f7:8f:11:2a:68:
                    a4:5a:fd:7e:6b:9a:6c:af:f1:dc:1a:b7:35:43:ca:
                    76:09:f8:54:a5:73:b6:7f:a8:77:6b:5f:c3:c5:d1:
                    53:e5:fd:dd:44:e3:e2:e3:3f:3e:89:29:d6:fb:9a:
                    63:e5:6e:e3:ca:40:0b:45:3f:90:b2:cb:93:2d:4a:
                    19:a8:50:ea:8d:ed:ac:f9:7f:2b:10:95:55:0c:f0:
                    81:83:93:db:52:3a:7e:f9:da:e6:15:55:4e:53:c4:
                    79:0c:ef:78:58:fc:7b:67:91:ac:0a:bb:44:e6:3a:
                    c0:0a:f7:77:aa:ec:88:67:cb:a8:51:04:06:79:a0:
                    23:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:18:53:37:50:72:E2:53:22:34:CC:8E:CF:11:B0:CA:BE:D0:85:1E
            X509v3 Authority Key Identifier:
                keyid:AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/vxhTN1By4lMiNMyOzxGwyr7QhR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.112.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:0b:34:b9:01:29:bb:53:13:54:80:5a:e2:04:15:95:8a:f8:
         ba:bc:1b:66:3e:8b:78:11:a0:4a:2a:c1:66:d7:a9:4d:c0:4f:
         1c:ac:ca:33:e3:d0:ee:1a:4b:e2:12:85:48:bc:01:81:5e:e7:
         c9:45:65:cb:5e:19:c3:93:e0:13:93:d7:85:14:7b:c8:c7:2b:
         cd:d2:af:63:99:f2:5f:f4:a3:8a:ca:6f:3c:61:74:a9:85:fb:
         94:68:d9:7b:9b:4e:65:fd:f8:47:cf:17:7c:55:40:6a:24:ae:
         bf:71:ce:c7:17:e9:3b:60:7a:28:e8:12:6b:78:ad:99:d2:17:
         77:4d:2e:f6:85:71:de:aa:41:4d:37:52:01:27:b4:f2:d2:20:
         be:7a:13:3a:4a:a4:ec:4a:d8:ff:ef:df:bf:0b:9d:7a:fb:87:
         68:40:49:69:52:6b:ce:e3:b3:72:a2:44:91:e8:ee:ae:c6:34:
         cc:3b:15:ff:ba:e2:6b:8f:f0:48:cd:17:31:55:13:ac:5c:9d:
         3f:ff:9f:64:a6:c3:52:72:fb:80:55:58:cb:b4:cf:65:ab:30:
         6a:f0:5f:93:18:d1:52:45:4a:a9:ae:0b:b1:7e:16:c0:15:ac:
         c2:b4:ea:12:c9:fb:ff:7a:ca:e9:a5:a9:d3:59:f2:16:74:4d:
         ad:a7:61:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+qooLjz3hAi1qAkjuBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlY2Q2NGM5NzgzN2Q3YmZhYzA2NjM3ZGQ5NTJiZGVkZTBj
MjVkODUwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjE4NTMzNzUwNzJlMjUzMjIzNGNjOGVjZjExYjBjYWJlZDA4NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ht9PYJ4XgCBk5yJu9t7XMC2qErb
Pw8dOU17rJHu7kf1eGXKGGshXvAXdOpwTWBo7pPfm4PnHh2DPk9vp6BikJ4UkSyZ
09hUMjklzc2++3FibGSf1q8IoYwCazYMZbRKFUEaSVg38vqorobGIUY/ojM5mFK0
43ZmCzLhugn4v8S4948RKmikWv1+a5psr/HcGrc1Q8p2CfhUpXO2f6h3a1/DxdFT
5f3dROPi4z8+iSnW+5pj5W7jykALRT+QssuTLUoZqFDqje2s+X8rEJVVDPCBg5Pb
Ujp++drmFVVOU8R5DO94WPx7Z5GsCrtE5jrACvd3quyIZ8uoUQQGeaAjpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8YUzdQcuJTIjTMjs8RsMq+0IUeMB8GA1UdIwQY
MBaAFK7NZMl4N9e/rAZjfdlSve3gwl2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzIt
MWVjZGUxNzkxNTExLzEvdnhoVE4xQnk0bE1pTk15T3p4R3d5cjdRaFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzItMWVjZGUxNzkxNTEx
LzEvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXBPMA0G
CSqGSIb3DQEBCwUAA4IBAQB2CzS5ASm7UxNUgFriBBWVivi6vBtmPot4EaBKKsFm
16lNwE8crMoz49DuGkviEoVIvAGBXufJRWXLXhnDk+ATk9eFFHvIxyvN0q9jmfJf
9KOKym88YXSphfuUaNl7m05l/fhHzxd8VUBqJK6/cc7HF+k7YHoo6BJreK2Z0hd3
TS72hXHeqkFNN1IBJ7Ty0iC+ehM6SqTsStj/79+/C516+4doQElpUmvO47NyokSR
6O6uxjTMOxX/uuJrj/BIzRcxVROsXJ0//59kpsNScvuAVVjLtM9lqzBq8F+TGNFS
RUqprguxfhbAFazCtOoSyfv/esrppanTWfIWdE2tp2FR
-----END CERTIFICATE-----