Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/f08716-4d2a-46ed-bded-af3e7d42968d/1/rCQFs6YvGWUAxg9vVWInZlNxQI4.roa
File:                     rCQFs6YvGWUAxg9vVWInZlNxQI4.roa (raw, json)
Hash identifier:          +0NX89cMUvPysuXc7Y1nf0CYHUBQMqz9BTCGNPE3tAA=
Subject key identifier:   AC:24:05:B3:A6:2F:19:65:00:C6:0F:6F:55:62:27:66:53:71:40:8E
Certificate issuer:       /CN=994aadef709be37b9ccd42cc2b8c732c397150fa
Certificate serial:       019420D5BC4D8A6FADD2EF4889A3BA03EBBE
Authority key identifier: 99:4A:AD:EF:70:9B:E3:7B:9C:CD:42:CC:2B:8C:73:2C:39:71:50:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mUqt73Cb43uczULMK4xzLDlxUPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/f08716-4d2a-46ed-bded-af3e7d42968d/1/rCQFs6YvGWUAxg9vVWInZlNxQI4.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59780
IP address blocks:        85.115.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/f08716-4d2a-46ed-bded-af3e7d42968d/1/mUqt73Cb43uczULMK4xzLDlxUPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/f08716-4d2a-46ed-bded-af3e7d42968d/1/mUqt73Cb43uczULMK4xzLDlxUPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mUqt73Cb43uczULMK4xzLDlxUPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bc:4d:8a:6f:ad:d2:ef:48:89:a3:ba:03:eb:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=994aadef709be37b9ccd42cc2b8c732c397150fa
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac2405b3a62f196500c60f6f556227665371408e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c0:be:4a:2d:73:29:5a:13:15:64:52:25:0e:
                    ea:93:50:23:49:65:11:d2:92:10:79:96:8e:a8:d8:
                    77:b9:67:dc:ec:62:0e:e5:ba:15:fa:ad:bc:65:ca:
                    7f:72:a0:9c:35:53:47:dd:5a:28:5d:9f:d4:77:da:
                    3f:0f:1d:28:f4:0c:18:cf:64:04:24:d5:2d:c8:59:
                    4f:f2:d2:fc:87:fd:c9:3a:f6:40:75:f3:9d:ee:9a:
                    66:d9:ca:cc:fd:3d:e9:3d:8a:1d:d2:fb:f7:62:9e:
                    62:6e:1d:6b:d4:2d:21:b1:ce:6c:03:ba:c8:72:95:
                    4e:1f:5a:85:b7:19:4b:0f:6b:73:c0:f3:1f:49:c2:
                    08:91:59:20:71:25:b6:f7:58:11:d0:ab:71:2b:f1:
                    4d:5b:a2:13:7e:83:81:93:87:b4:a5:ee:2f:1c:40:
                    43:7c:f3:b6:30:94:7a:3f:65:92:17:ef:ab:55:82:
                    c9:dd:dd:ac:39:59:f0:53:80:17:ea:6c:44:0b:d7:
                    d1:84:23:da:f9:86:99:6f:34:59:5f:47:d3:99:99:
                    7f:ae:25:fb:b2:76:a9:1f:77:0c:d3:7a:7e:d6:79:
                    04:04:c6:09:d7:d5:f1:61:cf:9b:a6:81:aa:54:ff:
                    da:93:a3:27:da:6c:47:6d:50:fd:46:c1:a5:01:79:
                    28:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:24:05:B3:A6:2F:19:65:00:C6:0F:6F:55:62:27:66:53:71:40:8E
            X509v3 Authority Key Identifier:
                keyid:99:4A:AD:EF:70:9B:E3:7B:9C:CD:42:CC:2B:8C:73:2C:39:71:50:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mUqt73Cb43uczULMK4xzLDlxUPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/f08716-4d2a-46ed-bded-af3e7d42968d/1/rCQFs6YvGWUAxg9vVWInZlNxQI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/f08716-4d2a-46ed-bded-af3e7d42968d/1/mUqt73Cb43uczULMK4xzLDlxUPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:c6:e2:22:d3:76:9c:db:d7:24:c5:e4:f7:c3:07:a4:65:83:
         d7:69:d3:45:7d:73:0b:3e:28:8b:ae:e3:c1:cc:a6:da:64:ec:
         72:eb:23:80:be:bf:fa:db:1f:db:3f:1a:49:30:56:50:b7:b5:
         92:8a:59:63:a8:a5:15:0d:12:e7:1e:34:47:c0:2d:b6:0b:f2:
         3d:c5:0f:66:39:93:6b:4d:4d:a9:02:3f:aa:2f:dd:ba:83:4a:
         ab:e1:60:1f:c0:36:a6:19:b8:25:74:5a:42:42:50:bd:4c:2e:
         3e:42:0a:bb:3e:39:d1:99:dd:bc:91:4a:aa:f9:f0:7c:1d:b7:
         9e:47:60:54:76:b5:c0:2c:80:b5:52:38:12:f5:94:a6:c1:46:
         50:79:51:6d:73:75:8c:e7:c8:f9:49:ec:1c:47:74:18:d9:1e:
         eb:32:ff:7c:02:fc:c2:97:8d:15:65:b6:10:42:81:cb:91:5f:
         7d:b3:de:cc:1b:bf:72:e6:23:c1:03:b1:4a:11:b3:cb:5b:3f:
         f4:85:30:b8:f3:69:b9:a4:56:97:01:1b:e3:b9:c6:fe:b8:61:
         9c:53:9e:f7:c2:00:62:eb:28:91:c1:88:bd:24:12:a7:23:05:
         df:19:12:8b:57:b2:8f:94:bb:24:b2:bb:46:09:b2:2b:b8:69:
         1a:5c:6d:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bxNim+t0u9IiaO6A+u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NGFhZGVmNzA5YmUzN2I5Y2NkNDJjYzJiOGM3MzJjMzk3
MTUwZmEwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI0MDViM2E2MmYxOTY1MDBjNjBmNmY1NTYyMjc2NjUzNzE0MDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsC+Si1zKVoTFWRSJQ7qk1AjSWUR
0pIQeZaOqNh3uWfc7GIO5boV+q28Zcp/cqCcNVNH3VooXZ/Ud9o/Dx0o9AwYz2QE
JNUtyFlP8tL8h/3JOvZAdfOd7ppm2crM/T3pPYod0vv3Yp5ibh1r1C0hsc5sA7rI
cpVOH1qFtxlLD2tzwPMfScIIkVkgcSW291gR0KtxK/FNW6ITfoOBk4e0pe4vHEBD
fPO2MJR6P2WSF++rVYLJ3d2sOVnwU4AX6mxEC9fRhCPa+YaZbzRZX0fTmZl/riX7
snapH3cM03p+1nkEBMYJ19XxYc+bpoGqVP/ak6Mn2mxHbVD9RsGlAXko3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwkBbOmLxllAMYPb1ViJ2ZTcUCOMB8GA1UdIwQY
MBaAFJlKre9wm+N7nM1CzCuMcyw5cVD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVVxdDczQ2I0M3VjelVMTUs0eHpMRGx4VVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9mMDg3MTYtNGQyYS00NmVkLWJkZWQt
YWYzZTdkNDI5NjhkLzEvckNRRnM2WXZHV1VBeGc5dlZXSW5abE54UUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9mMDg3MTYtNGQyYS00NmVkLWJkZWQtYWYzZTdkNDI5Njhk
LzEvbVVxdDczQ2I0M3VjelVMTUs0eHpMRGx4VVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXPYMA0G
CSqGSIb3DQEBCwUAA4IBAQCNxuIi03ac29ckxeT3wwekZYPXadNFfXMLPiiLruPB
zKbaZOxy6yOAvr/62x/bPxpJMFZQt7WSilljqKUVDRLnHjRHwC22C/I9xQ9mOZNr
TU2pAj+qL926g0qr4WAfwDamGbgldFpCQlC9TC4+Qgq7PjnRmd28kUqq+fB8Hbee
R2BUdrXALIC1UjgS9ZSmwUZQeVFtc3WM58j5SewcR3QY2R7rMv98AvzCl40VZbYQ
QoHLkV99s97MG79y5iPBA7FKEbPLWz/0hTC482m5pFaXARvjucb+uGGcU573wgBi
6yiRwYi9JBKnIwXfGRKLV7KPlLsksrtGCbIruGkaXG1O
-----END CERTIFICATE-----