Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/P1E18rB0vudcCgEJk4cHNNscKe4.roa
File:                     P1E18rB0vudcCgEJk4cHNNscKe4.roa (raw, json)
Hash identifier:          I1pAXbx7hKq9ts7g+6X1gt4WvS+w/+PEIRGV9MlGl/w=
Subject key identifier:   3F:51:35:F2:B0:74:BE:E7:5C:0A:01:09:93:87:07:34:DB:1C:29:EE
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DB11AA275EE1FF64EB8F600AA50B5
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/P1E18rB0vudcCgEJk4cHNNscKe4.roa
Signing time:             Wed 01 Jan 2025 15:48:18 +0000
ROA not before:           Wed 01 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211634
IP address blocks:        85.153.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b1:1a:a2:75:ee:1f:f6:4e:b8:f6:00:aa:50:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f5135f2b074bee75c0a010993870734db1c29ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:dd:45:df:41:24:4e:f3:62:58:f7:80:4a:5d:
                    5a:cb:f5:3a:c2:d4:f1:ea:3d:07:ac:80:15:81:09:
                    8a:78:bf:8d:79:4c:8d:97:b9:f9:b1:52:78:94:99:
                    5d:ee:cc:f6:d1:9d:ac:8e:fd:06:e2:59:df:71:9d:
                    3b:43:9d:3b:a5:c2:d7:e4:8a:b2:b2:e1:d4:b6:88:
                    7b:c1:28:b2:89:1e:58:bf:6f:da:c5:bb:3a:f3:79:
                    c2:49:17:07:f3:dd:cd:10:8e:60:9e:60:77:05:45:
                    6f:20:78:9b:b0:e1:ca:00:25:ea:5e:cc:7d:78:43:
                    8f:07:e5:a5:7a:ba:2c:45:9a:57:65:d7:c2:61:12:
                    99:48:14:8f:f4:6d:1a:29:bf:a0:24:27:b9:03:7c:
                    c0:ac:c8:2b:2a:d0:20:d5:65:b5:0c:cc:08:c8:91:
                    23:f0:87:1f:65:22:0f:d9:de:9c:7a:b2:3b:32:09:
                    04:67:3c:b8:1e:87:05:84:65:cb:01:49:c7:85:c7:
                    9c:35:6a:20:82:0f:b4:b0:a6:e4:a5:16:49:ce:3d:
                    42:e8:aa:9a:b8:8a:f0:5a:61:ee:50:2e:55:67:df:
                    ff:08:f0:38:83:43:f7:cb:b5:8b:7a:da:9a:7b:03:
                    0d:7a:cb:00:3d:d5:e2:ae:da:4c:a2:db:98:9a:18:
                    c5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:51:35:F2:B0:74:BE:E7:5C:0A:01:09:93:87:07:34:DB:1C:29:EE
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/P1E18rB0vudcCgEJk4cHNNscKe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:f6:88:50:60:9a:e8:d5:f1:a0:b8:1b:81:c4:65:5c:5c:1c:
         37:16:43:95:ea:33:5a:07:3a:47:1c:e0:8f:87:19:71:08:4d:
         8e:41:b2:b8:83:bb:d5:25:b6:f2:01:f7:8e:ca:91:e2:76:cf:
         0b:c5:0f:d1:d9:c8:1d:df:42:3c:e2:14:8c:0f:07:83:3c:48:
         b9:80:3a:81:b4:f5:40:82:e7:61:50:f3:85:b0:0c:4a:31:f8:
         06:02:27:9e:a8:5c:f8:4f:21:d0:34:bf:d3:9e:0b:99:f5:cc:
         b6:8c:00:2a:95:c1:84:09:5f:73:69:6d:54:88:42:e3:da:d5:
         93:78:e3:b7:0e:61:8f:d4:cd:9c:e8:08:1b:f6:d2:1f:1b:a9:
         de:82:00:6a:75:7e:f6:0e:50:c1:c0:9b:86:41:bc:6b:8f:c8:
         ca:99:5b:5f:66:b4:90:98:1d:93:8b:0d:5e:21:5d:a9:5c:5f:
         d0:c0:2d:d7:60:59:4d:03:99:36:3d:38:36:de:1d:93:95:21:
         92:9b:8f:72:e4:ac:cf:a2:dc:98:c5:6a:86:c4:09:fd:40:aa:
         80:37:2c:fb:16:94:c4:8d:e8:aa:20:ff:a8:b8:55:1b:f1:68:
         47:7b:19:61:98:97:5e:5f:0a:53:91:30:b5:cc:c5:b1:86:34:
         61:75:22:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbEaonXuH/ZOuPYAqlC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjUxMzVmMmIwNzRiZWU3NWMwYTAxMDk5Mzg3MDczNGRiMWMyOWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd1F30EkTvNiWPeASl1ay/U6wtTx
6j0HrIAVgQmKeL+NeUyNl7n5sVJ4lJld7sz20Z2sjv0G4lnfcZ07Q507pcLX5Iqy
suHUtoh7wSiyiR5Yv2/axbs683nCSRcH893NEI5gnmB3BUVvIHibsOHKACXqXsx9
eEOPB+WlerosRZpXZdfCYRKZSBSP9G0aKb+gJCe5A3zArMgrKtAg1WW1DMwIyJEj
8IcfZSIP2d6cerI7MgkEZzy4HocFhGXLAUnHhcecNWoggg+0sKbkpRZJzj1C6Kqa
uIrwWmHuUC5VZ9//CPA4g0P3y7WLetqaewMNessAPdXirtpMotuYmhjFFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9RNfKwdL7nXAoBCZOHBzTbHCnuMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvUDFFMThyQjB2dWRjQ2dFSms0Y0hOTnNjS2U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZmfMA0G
CSqGSIb3DQEBCwUAA4IBAQB39ohQYJro1fGguBuBxGVcXBw3FkOV6jNaBzpHHOCP
hxlxCE2OQbK4g7vVJbbyAfeOypHids8LxQ/R2cgd30I84hSMDweDPEi5gDqBtPVA
gudhUPOFsAxKMfgGAieeqFz4TyHQNL/TnguZ9cy2jAAqlcGECV9zaW1UiELj2tWT
eOO3DmGP1M2c6Agb9tIfG6neggBqdX72DlDBwJuGQbxrj8jKmVtfZrSQmB2Tiw1e
IV2pXF/QwC3XYFlNA5k2PTg23h2TlSGSm49y5KzPotyYxWqGxAn9QKqANyz7FpTE
jeiqIP+ouFUb8WhHexlhmJdeXwpTkTC1zMWxhjRhdSLX
-----END CERTIFICATE-----