Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/wezsghqasWvf2aOtQ0DVc7IBql8.roa
File:                     wezsghqasWvf2aOtQ0DVc7IBql8.roa (raw, json)
Hash identifier:          DZDG/yKb3EUUqRXfUmaq6njnMtLLvx7TkX0UrvtdDfc=
Subject key identifier:   C1:EC:EC:82:1A:9A:B1:6B:DF:D9:A3:AD:43:40:D5:73:B2:01:AA:5F
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0194236983D2B0CDD95DB10F27A24F664ED2
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/wezsghqasWvf2aOtQ0DVc7IBql8.roa
Signing time:             Wed 01 Jan 2025 19:48:25 +0000
ROA not before:           Wed 01 Jan 2025 19:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5483
IP address blocks:        85.204.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:83:d2:b0:cd:d9:5d:b1:0f:27:a2:4f:66:4e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1ecec821a9ab16bdfd9a3ad4340d573b201aa5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:11:e2:37:d7:6f:6c:13:3e:39:1a:10:cd:64:
                    87:a1:b0:f6:89:91:97:27:ec:0e:47:c6:21:1a:14:
                    e4:6c:65:73:d9:eb:16:ed:86:c7:70:08:35:74:42:
                    c4:75:3d:73:28:9a:dd:aa:e6:1f:e7:6d:f9:65:a5:
                    e4:77:72:eb:0d:98:29:c0:81:99:10:92:c3:24:dd:
                    9c:5f:04:96:f8:6f:20:26:61:37:11:4c:9e:91:bb:
                    66:b3:55:b3:0d:28:54:22:f9:1b:5c:ab:f6:4b:e1:
                    81:64:93:b1:e3:a4:06:49:28:ee:50:9b:15:c8:65:
                    69:cf:c5:ff:ce:db:98:a8:8e:d7:8a:bd:c8:46:cc:
                    81:d2:6f:a3:64:22:9b:9f:03:ef:c3:ab:46:df:6c:
                    d3:cd:f2:f5:de:81:e3:02:ba:d6:a2:10:41:bb:fd:
                    5f:62:a5:67:47:01:d4:38:4b:cb:8c:b8:ef:8b:40:
                    bb:fb:4d:0b:2d:2e:11:2c:a5:d7:b6:d0:96:ba:f1:
                    da:2c:31:8d:0c:2b:8f:6c:68:48:1f:e9:fd:72:42:
                    20:3e:63:5a:bb:42:01:be:ab:1e:72:f0:5f:4a:7f:
                    a2:32:d4:c2:47:e2:62:4b:fa:46:d6:e8:e7:11:62:
                    5f:01:c9:c7:4d:47:9d:35:88:ca:d1:fd:d0:68:51:
                    c1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:EC:EC:82:1A:9A:B1:6B:DF:D9:A3:AD:43:40:D5:73:B2:01:AA:5F
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/wezsghqasWvf2aOtQ0DVc7IBql8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:33:ac:b8:c1:55:04:e5:8e:e6:97:f8:5e:dd:0a:1e:59:94:
         40:ae:40:f9:0b:ff:85:1d:df:ff:e1:28:33:1d:e5:b6:b9:ab:
         c4:18:0b:e7:16:11:33:77:08:1b:c3:2d:29:89:0c:0c:31:5f:
         b7:3b:47:df:23:5e:78:04:c3:e6:6a:51:6c:63:04:b9:52:8e:
         d6:85:f5:e7:d7:bf:1e:47:8d:14:d2:96:0f:f8:78:4b:3e:a5:
         e0:1c:c5:65:1b:e0:0a:01:e3:09:1f:ef:3a:fd:d3:36:53:24:
         5b:31:53:a0:45:60:e0:e7:8b:98:1f:76:7e:01:b1:ca:00:4d:
         38:3f:02:89:47:94:c5:40:17:b2:3e:02:cf:90:35:bb:fe:63:
         42:e3:fe:33:e5:64:6d:5b:4b:6b:63:8c:c3:83:a7:60:ec:1d:
         b7:51:ae:41:cd:55:75:7f:11:36:05:84:fa:5f:1f:34:22:e1:
         f5:c9:7f:7e:9f:dc:35:5a:a8:ba:c8:c7:00:a5:d1:12:1c:92:
         9c:c0:83:a4:c8:33:a5:83:d3:81:d7:ff:c7:fa:31:b2:b2:66:
         02:a8:be:01:bb:ea:fc:4b:e5:91:d8:27:2e:ff:e4:94:42:fd:
         48:6d:1a:3b:c9:e5:c1:3f:f6:f9:03:6e:f8:8b:1f:fc:5a:4e:
         e8:3e:02:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaYPSsM3ZXbEPJ6JPZk7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWVjZWM4MjFhOWFiMTZiZGZkOWEzYWQ0MzQwZDU3M2IyMDFhYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBHiN9dvbBM+ORoQzWSHobD2iZGX
J+wOR8YhGhTkbGVz2esW7YbHcAg1dELEdT1zKJrdquYf5235ZaXkd3LrDZgpwIGZ
EJLDJN2cXwSW+G8gJmE3EUyekbtms1WzDShUIvkbXKv2S+GBZJOx46QGSSjuUJsV
yGVpz8X/ztuYqI7Xir3IRsyB0m+jZCKbnwPvw6tG32zTzfL13oHjArrWohBBu/1f
YqVnRwHUOEvLjLjvi0C7+00LLS4RLKXXttCWuvHaLDGNDCuPbGhIH+n9ckIgPmNa
u0IBvqsecvBfSn+iMtTCR+JiS/pG1ujnEWJfAcnHTUedNYjK0f3QaFHBzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMHs7IIamrFr39mjrUNA1XOyAapfMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3dlenNnaHFhc1d2ZjJhT3RRMERWYzdJQnFsOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABVzGMw
DQYJKoZIhvcNAQELBQADggEBAJszrLjBVQTljuaX+F7dCh5ZlECuQPkL/4Ud3//h
KDMd5ba5q8QYC+cWETN3CBvDLSmJDAwxX7c7R98jXngEw+ZqUWxjBLlSjtaF9efX
vx5HjRTSlg/4eEs+peAcxWUb4AoB4wkf7zr90zZTJFsxU6BFYODni5gfdn4BscoA
TTg/AolHlMVAF7I+As+QNbv+Y0Lj/jPlZG1bS2tjjMODp2DsHbdRrkHNVXV/ETYF
hPpfHzQi4fXJf36f3DVaqLrIxwCl0RIckpzAg6TIM6WD04HX/8f6MbKyZgKovgG7
6vxL5ZHYJy7/5JRC/UhtGjvJ5cE/9vkDbviLH/xaTug+AjU=
-----END CERTIFICATE-----