Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/Psmde4RnJJmlCa4VsIIQsh8EQfI.roa
File:                     Psmde4RnJJmlCa4VsIIQsh8EQfI.roa (raw, json)
Hash identifier:          uzL/uByAhbLj1ehxxEUNlohYdYpH/o/ucBxBvyF49Xc=
Subject key identifier:   3E:C9:9D:7B:84:67:24:99:A5:09:AE:15:B0:82:10:B2:1F:04:41:F2
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB1FBA9443601FCAD3840E652E237
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/Psmde4RnJJmlCa4VsIIQsh8EQfI.roa
Signing time:             Tue 02 Jan 2024 12:35:10 +0000
ROA not before:           Tue 02 Jan 2024 12:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24980
IP address blocks:        85.248.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b1:fb:a9:44:36:01:fc:ad:38:40:e6:52:e2:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ec99d7b84672499a509ae15b08210b21f0441f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:e9:d7:0c:93:37:aa:5b:5c:cc:4d:be:32:
                    09:a2:87:96:be:e2:71:8c:f8:4f:96:d6:df:56:bd:
                    60:ed:a6:fe:36:41:08:8e:ff:dd:e1:0d:50:84:79:
                    ff:ce:6c:07:a2:2e:03:b3:d6:97:b7:67:43:54:cf:
                    3b:0d:ed:f8:1d:dc:17:b2:67:b5:97:6d:ae:2f:af:
                    58:f0:e9:8f:32:bd:ea:85:61:89:db:4b:41:24:79:
                    0d:4a:84:fd:1a:a1:48:6a:d1:f8:9f:ee:bb:b2:09:
                    37:67:32:1c:dc:7a:35:1d:74:9e:6d:68:af:68:0e:
                    90:1f:3b:89:f3:6c:51:21:ab:1e:c0:16:05:c7:f3:
                    ba:18:49:26:7d:b0:57:1c:09:71:96:f7:b5:2f:b6:
                    38:2c:56:9c:ef:6b:75:2f:db:1f:82:87:d6:23:10:
                    80:c8:89:be:06:6d:c3:51:06:16:e0:dd:af:cb:be:
                    53:89:7b:c0:e2:a8:f6:47:3b:46:79:f9:27:da:50:
                    bc:37:e0:db:53:6c:07:5a:d4:7f:fa:52:42:d1:cb:
                    73:97:9d:2f:fd:68:8f:25:8c:b7:ba:92:08:8f:d0:
                    28:bb:b3:14:ac:01:9c:ee:e1:7b:68:59:5d:5b:93:
                    52:6f:20:b2:e2:6f:7c:23:ec:cf:83:73:6e:27:c1:
                    60:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C9:9D:7B:84:67:24:99:A5:09:AE:15:B0:82:10:B2:1F:04:41:F2
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/Psmde4RnJJmlCa4VsIIQsh8EQfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.248.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:a2:fe:f4:fc:fd:58:bf:42:b5:64:0d:ba:fd:cb:b8:b2:c6:
         1f:e1:2d:c3:9d:48:b1:1c:ad:ad:0d:54:29:ef:0b:46:4a:cc:
         38:16:af:c1:a0:0f:3b:3d:b5:2f:47:7b:4c:d4:df:ba:95:26:
         97:be:01:89:5b:cd:b2:e6:05:59:e5:ee:e3:b0:63:34:af:14:
         5b:8e:c1:c9:13:a3:fa:fd:a5:2b:f8:ab:53:55:30:58:41:21:
         ad:a2:b1:b0:83:f9:47:0b:d1:aa:e9:8c:d3:ee:6e:31:8b:4b:
         dd:56:bd:cf:18:0b:f6:50:90:df:32:db:31:b5:36:1f:a1:28:
         01:0c:75:f3:f2:16:f6:56:8a:ef:7e:06:01:c5:0b:44:ff:15:
         dc:6e:95:f5:ad:78:c3:05:17:73:b4:2a:1d:22:b4:b2:3a:d4:
         d5:5c:67:57:2e:54:9a:d0:10:9b:75:75:f0:87:48:63:10:3c:
         a4:40:ae:bb:5b:2d:aa:83:7a:81:b9:ec:18:16:6a:ff:6c:34:
         22:30:d4:7d:bf:9e:78:0d:ee:60:9f:1e:f4:4d:a4:86:75:7e:
         dd:76:0f:e8:49:66:f6:c1:77:a9:6b:44:0f:97:dc:db:54:a1:
         50:da:80:a0:d6:1a:3f:40:94:f3:61:6b:b4:29:eb:13:9c:71:
         61:7a:c8:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7H7qUQ2AfytOEDmUuI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM5OWQ3Yjg0NjcyNDk5YTUwOWFlMTViMDgyMTBiMjFmMDQ0MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqPp1wyTN6pbXMxNvjIJooeWvuJx
jPhPltbfVr1g7ab+NkEIjv/d4Q1QhHn/zmwHoi4Ds9aXt2dDVM87De34HdwXsme1
l22uL69Y8OmPMr3qhWGJ20tBJHkNSoT9GqFIatH4n+67sgk3ZzIc3Ho1HXSebWiv
aA6QHzuJ82xRIasewBYFx/O6GEkmfbBXHAlxlve1L7Y4LFac72t1L9sfgofWIxCA
yIm+Bm3DUQYW4N2vy75TiXvA4qj2RztGefkn2lC8N+DbU2wHWtR/+lJC0ctzl50v
/WiPJYy3upIIj9Aou7MUrAGc7uF7aFldW5NSbyCy4m98I+zPg3NuJ8FgWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7JnXuEZySZpQmuFbCCELIfBEHyMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvUHNtZGU0Um5KSm1sQ2E0VnNJSVFzaDhFUWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVfj5MA0G
CSqGSIb3DQEBCwUAA4IBAQALov70/P1Yv0K1ZA26/cu4ssYf4S3DnUixHK2tDVQp
7wtGSsw4Fq/BoA87PbUvR3tM1N+6lSaXvgGJW82y5gVZ5e7jsGM0rxRbjsHJE6P6
/aUr+KtTVTBYQSGtorGwg/lHC9Gq6YzT7m4xi0vdVr3PGAv2UJDfMtsxtTYfoSgB
DHXz8hb2VorvfgYBxQtE/xXcbpX1rXjDBRdztCodIrSyOtTVXGdXLlSa0BCbdXXw
h0hjEDykQK67Wy2qg3qBuewYFmr/bDQiMNR9v554De5gnx70TaSGdX7ddg/oSWb2
wXepa0QPl9zbVKFQ2oCg1ho/QJTzYWu0KesTnHFheshU
-----END CERTIFICATE-----