Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/k2P7Z7u0anaMO4T307Cve-Yh4yE.roa
File:                     k2P7Z7u0anaMO4T307Cve-Yh4yE.roa (raw, json)
Hash identifier:          YkYsHt9U/L+9jc9IpVGJcI9LKHqB2R8L+4MCKRC/UeI=
Subject key identifier:   93:63:FB:67:BB:B4:6A:76:8C:3B:84:F7:D3:B0:AF:7B:E6:21:E3:21
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0192DDA21BD44C3CCC47C21371F431019E7C
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/k2P7Z7u0anaMO4T307Cve-Yh4yE.roa
Signing time:             Wed 30 Oct 2024 13:34:01 +0000
ROA not before:           Wed 30 Oct 2024 13:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208992
IP address blocks:        85.158.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:a2:1b:d4:4c:3c:cc:47:c2:13:71:f4:31:01:9e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Oct 30 13:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9363fb67bbb46a768c3b84f7d3b0af7be621e321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3b:1f:b3:22:d9:84:f3:18:e8:11:8c:70:d9:
                    65:aa:6b:07:33:e3:ad:d9:21:b9:4b:74:c6:95:0a:
                    30:6c:c1:be:e8:c1:27:78:40:d0:79:9f:a1:79:9f:
                    ec:af:5f:92:cd:7c:cc:50:6c:03:a9:c8:3b:0b:8b:
                    65:a0:7a:14:aa:75:6a:59:1e:3f:24:26:e1:f0:f1:
                    7d:ef:91:ed:c4:81:b1:c3:77:f2:85:f0:de:7c:00:
                    49:ad:e0:7e:e3:88:74:5b:ab:64:b1:2b:b0:fa:5c:
                    76:e3:12:cf:a3:5e:6d:80:50:3b:2e:0a:45:d7:95:
                    7f:f9:4a:06:a5:87:cb:b8:dc:02:a9:ad:d6:b1:0d:
                    1f:39:85:24:9d:41:4f:f3:d3:01:f6:9e:0a:46:0f:
                    50:7f:41:22:7f:ac:59:5a:e8:ae:56:c7:55:dd:8e:
                    cb:fe:f4:0a:bb:80:af:3d:af:56:af:75:23:f0:49:
                    2e:14:25:fa:65:46:92:37:91:b1:7c:26:40:eb:22:
                    7a:01:96:4c:4e:16:59:c4:2d:ac:6e:3e:8c:d6:ba:
                    2c:a2:e3:b1:60:d8:70:44:0b:39:dd:78:16:c8:1a:
                    3f:17:58:27:e8:a9:35:fa:56:59:4a:76:8e:07:21:
                    0c:e2:26:14:eb:82:17:c7:e0:b5:5e:52:49:9c:44:
                    96:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:63:FB:67:BB:B4:6A:76:8C:3B:84:F7:D3:B0:AF:7B:E6:21:E3:21
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/k2P7Z7u0anaMO4T307Cve-Yh4yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:81:54:61:10:c3:a5:be:99:0a:1b:63:5a:42:d0:ce:9b:b7:
         d1:c2:ee:d5:50:8d:00:d0:c9:39:50:e7:9e:2b:d9:d3:4f:61:
         0c:a3:dd:52:cc:6a:3a:05:d1:07:f4:29:d2:38:c7:de:e9:7e:
         f3:a1:0a:47:df:30:d3:29:fe:92:a7:3d:f9:08:7b:fc:8f:a5:
         d8:af:4c:af:f6:e9:02:e2:ff:a2:e1:0a:e0:d5:60:0f:0f:a4:
         64:e2:cc:12:8a:39:d9:5b:42:01:a0:b7:95:36:d1:e6:da:d2:
         18:28:52:15:15:55:d0:4b:6f:2b:50:63:e0:6e:ab:a4:3e:b4:
         da:ca:ec:ae:f0:36:0a:b4:11:08:39:87:ef:dc:d0:47:08:8c:
         d1:3d:ed:67:70:d9:89:c2:2d:41:1a:d2:0a:1b:f9:eb:33:71:
         6b:be:09:3b:56:24:c5:c9:6c:b4:45:8b:d6:11:db:a3:d0:d1:
         fc:2c:f4:bb:62:8f:22:b1:e1:55:56:8f:23:69:3d:d1:d4:20:
         0f:ba:91:8e:53:53:d6:fa:08:88:50:db:67:a0:53:a5:d5:1a:
         d4:5d:07:38:d2:f8:9e:b4:67:d4:4e:51:8f:ff:7b:73:50:05:
         a2:75:e4:be:15:76:9e:56:a6:2d:60:5f:f0:35:28:e6:93:04:
         7a:67:52:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLdohvUTDzMR8ITcfQxAZ58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQxMDMwMTMzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzYzZmI2N2JiYjQ2YTc2OGMzYjg0ZjdkM2IwYWY3YmU2MjFlMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTsfsyLZhPMY6BGMcNllqmsHM+Ot
2SG5S3TGlQowbMG+6MEneEDQeZ+heZ/sr1+SzXzMUGwDqcg7C4tloHoUqnVqWR4/
JCbh8PF975HtxIGxw3fyhfDefABJreB+44h0W6tksSuw+lx24xLPo15tgFA7LgpF
15V/+UoGpYfLuNwCqa3WsQ0fOYUknUFP89MB9p4KRg9Qf0Eif6xZWuiuVsdV3Y7L
/vQKu4CvPa9Wr3Uj8EkuFCX6ZUaSN5GxfCZA6yJ6AZZMThZZxC2sbj6M1rosouOx
YNhwRAs53XgWyBo/F1gn6Kk1+lZZSnaOByEM4iYU64IXx+C1XlJJnESWYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNj+2e7tGp2jDuE99Owr3vmIeMhMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvazJQN1o3dTBhbmFNTzRUMzA3Q3ZlLVloNHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ64MA0G
CSqGSIb3DQEBCwUAA4IBAQA/gVRhEMOlvpkKG2NaQtDOm7fRwu7VUI0A0Mk5UOee
K9nTT2EMo91SzGo6BdEH9CnSOMfe6X7zoQpH3zDTKf6Spz35CHv8j6XYr0yv9ukC
4v+i4Qrg1WAPD6Rk4swSijnZW0IBoLeVNtHm2tIYKFIVFVXQS28rUGPgbqukPrTa
yuyu8DYKtBEIOYfv3NBHCIzRPe1ncNmJwi1BGtIKG/nrM3Frvgk7ViTFyWy0RYvW
Eduj0NH8LPS7Yo8iseFVVo8jaT3R1CAPupGOU1PW+giIUNtnoFOl1RrUXQc40vie
tGfUTlGP/3tzUAWideS+FXaeVqYtYF/wNSjmkwR6Z1KC
-----END CERTIFICATE-----