Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/85q_6q9moNKBoQwQluN7MeG0uIs.roa
File:                     85q_6q9moNKBoQwQluN7MeG0uIs.roa (raw, json)
Hash identifier:          z8wvSS8sEMz0XUJ7f1T1Shqke2Dv9kanZ9axqRjtpuQ=
Subject key identifier:   F3:9A:BF:EA:AF:66:A0:D2:81:A1:0C:10:96:E3:7B:31:E1:B4:B8:8B
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       01942825C4C2BBA5DA995687D2937E1E92A2
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/85q_6q9moNKBoQwQluN7MeG0uIs.roa
Signing time:             Thu 02 Jan 2025 17:52:31 +0000
ROA not before:           Thu 02 Jan 2025 17:52:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44380
IP address blocks:        195.93.206.0/23 maxlen: 23
                          195.191.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:c4:c2:bb:a5:da:99:56:87:d2:93:7e:1e:92:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  2 17:52:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f39abfeaaf66a0d281a10c1096e37b31e1b4b88b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:33:a4:6a:62:da:75:df:f5:41:69:02:a4:f9:
                    17:7c:ea:e6:5e:58:bc:a1:1e:fb:00:1e:fd:d8:20:
                    67:91:a8:2d:99:b0:0f:11:01:71:6c:27:47:61:da:
                    09:5f:fe:69:ca:7c:10:55:8d:cc:c1:3c:f2:be:7d:
                    03:6c:e7:a5:2d:72:d1:36:ea:33:de:8a:1e:0f:87:
                    b9:3b:cf:13:74:9a:cd:be:ad:36:c0:58:82:a7:aa:
                    97:8b:23:55:3c:7f:9a:88:19:70:46:77:8a:51:34:
                    46:8c:90:a4:6d:2d:74:6b:f7:18:5e:cc:0c:5f:3d:
                    31:3e:e2:05:41:c6:8c:b2:2a:5a:ca:23:89:b8:a0:
                    4c:18:0c:f9:b9:e4:d3:fb:b6:6f:b8:55:2c:ee:2c:
                    1e:16:a6:28:97:a4:03:ab:fe:d8:81:d9:89:11:f0:
                    f0:50:68:ca:cc:9b:a4:cd:30:36:d3:8d:36:c6:e2:
                    67:42:67:06:85:c6:90:99:bc:13:c7:7d:c4:b5:f7:
                    7a:5d:fb:8c:03:7a:09:5a:ee:08:7e:23:36:ea:71:
                    45:cb:d3:08:f6:74:d1:96:25:81:0c:51:79:7d:cb:
                    78:c7:bc:d1:4c:b3:6e:63:7f:2c:3f:32:84:aa:1d:
                    e6:af:71:07:ba:db:9a:0b:a6:7b:77:9f:08:22:96:
                    76:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:9A:BF:EA:AF:66:A0:D2:81:A1:0C:10:96:E3:7B:31:E1:B4:B8:8B
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/85q_6q9moNKBoQwQluN7MeG0uIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.206.0/23
                  195.191.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:fb:20:3a:ed:78:4b:f9:44:4d:d0:c2:2e:4d:22:ca:f4:41:
         71:79:fc:2a:74:99:c1:3b:71:55:48:93:2d:20:23:01:65:53:
         7a:4e:f6:b3:c6:c0:2f:a4:6f:f1:88:ee:de:52:ad:de:f0:ad:
         3f:77:17:9d:65:41:09:c4:39:af:f2:ce:d1:9f:0a:e9:b6:83:
         1a:25:10:06:6f:f0:ee:46:06:d6:55:3c:23:63:ed:c4:cc:7c:
         21:c9:cd:f7:19:8a:8a:76:64:48:5a:24:5e:65:b6:92:28:04:
         ea:66:9c:ee:aa:64:57:be:29:cb:a4:a9:62:35:ba:0b:62:a0:
         96:f0:24:e8:7f:99:d0:8e:78:34:7a:06:ea:78:42:8d:b3:f6:
         d8:fa:05:26:9d:9d:68:c7:e8:a5:af:58:bf:3e:d2:d4:f0:92:
         3a:89:3a:45:0e:97:99:5d:f3:bb:86:bd:70:81:c7:d8:4a:64:
         b6:cb:fe:2c:70:00:b6:ae:fa:d8:a2:1e:bb:f7:7b:4c:1c:7b:
         a9:f8:86:b6:88:e3:de:6d:4e:64:43:d6:a5:73:61:ce:27:1e:
         7f:e1:98:74:b5:30:4b:32:77:8a:68:bc:e0:a4:ed:13:97:e9:
         13:0c:f6:25:bc:5a:4e:54:cd:32:5f:5d:cf:6a:90:34:e7:01:
         dc:b4:db:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJcTCu6XamVaH0pN+HpKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjUwMTAyMTc1MjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzlhYmZlYWFmNjZhMGQyODFhMTBjMTA5NmUzN2IzMWUxYjRiODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzOkamLadd/1QWkCpPkXfOrmXli8
oR77AB792CBnkagtmbAPEQFxbCdHYdoJX/5pynwQVY3MwTzyvn0DbOelLXLRNuoz
3ooeD4e5O88TdJrNvq02wFiCp6qXiyNVPH+aiBlwRneKUTRGjJCkbS10a/cYXswM
Xz0xPuIFQcaMsipayiOJuKBMGAz5ueTT+7ZvuFUs7iweFqYol6QDq/7YgdmJEfDw
UGjKzJukzTA20402xuJnQmcGhcaQmbwTx33Etfd6XfuMA3oJWu4IfiM26nFFy9MI
9nTRliWBDFF5fct4x7zRTLNuY38sPzKEqh3mr3EHutuaC6Z7d58IIpZ2AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPOav+qvZqDSgaEMEJbjezHhtLiLMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvODVxXzZxOW1vTktCb1F3UWx1TjdNZUcwdUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw13OAwQB
w7+SMA0GCSqGSIb3DQEBCwUAA4IBAQAd+yA67XhL+URN0MIuTSLK9EFxefwqdJnB
O3FVSJMtICMBZVN6TvazxsAvpG/xiO7eUq3e8K0/dxedZUEJxDmv8s7RnwrptoMa
JRAGb/DuRgbWVTwjY+3EzHwhyc33GYqKdmRIWiReZbaSKATqZpzuqmRXvinLpKli
NboLYqCW8CTof5nQjng0egbqeEKNs/bY+gUmnZ1ox+ilr1i/PtLU8JI6iTpFDpeZ
XfO7hr1wgcfYSmS2y/4scAC2rvrYoh6793tMHHup+Ia2iOPebU5kQ9alc2HOJx5/
4Zh0tTBLMneKaLzgpO0Tl+kTDPYlvFpOVM0yX13PapA05wHctNt5
-----END CERTIFICATE-----