Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/b4xGcgRXbZTm92PK-63-hJMR7i4.roa
File:                     b4xGcgRXbZTm92PK-63-hJMR7i4.roa (raw, json)
Hash identifier:          NbuD2qXzwa42L7iqCKP9Yf7x1Mko0nN5lZkpDNpT+YA=
Subject key identifier:   6F:8C:46:72:04:57:6D:94:E6:F7:63:CA:FB:AD:FE:84:93:11:EE:2E
Certificate issuer:       /CN=fb236b213d56493f3b077e6b41f42e4f3df8cdce
Certificate serial:       01941FFA147FF58159C0EBD6E421591950E0
Authority key identifier: FB:23:6B:21:3D:56:49:3F:3B:07:7E:6B:41:F4:2E:4F:3D:F8:CD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-yNrIT1WST87B35rQfQuTz34zc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/b4xGcgRXbZTm92PK-63-hJMR7i4.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2116
IP address blocks:        85.194.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/1-yNrIT1WST87B35rQfQuTz34zc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/1-yNrIT1WST87B35rQfQuTz34zc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-yNrIT1WST87B35rQfQuTz34zc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:14:7f:f5:81:59:c0:eb:d6:e4:21:59:19:50:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb236b213d56493f3b077e6b41f42e4f3df8cdce
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f8c467204576d94e6f763cafbadfe849311ee2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:de:4d:b9:4c:b0:57:c6:72:41:9c:78:af:d8:
                    6f:a3:09:a6:ba:2e:07:ef:35:bf:79:76:78:d8:a4:
                    0a:f4:8d:74:9f:fb:a2:e0:74:1c:f6:5b:67:0e:ec:
                    26:eb:3b:1e:cd:d5:eb:1e:75:6c:ed:07:3c:60:8c:
                    b2:11:e8:f1:18:97:b0:7e:8f:44:4a:ac:57:6f:79:
                    9b:01:a5:3b:c7:1c:ca:5f:a8:ca:db:f9:a8:43:08:
                    68:04:f0:5e:4f:28:57:54:43:ff:2d:9d:a9:79:93:
                    63:d9:63:19:ba:89:9a:43:83:5e:06:ea:56:e8:27:
                    40:4b:c7:96:ea:b8:9c:6c:5a:0e:46:7e:10:77:39:
                    9e:b9:2e:a6:1f:72:93:e8:c6:7f:b1:59:47:39:b4:
                    e3:02:1b:41:5a:89:77:2d:1c:19:5b:cc:bb:57:aa:
                    72:70:63:09:85:ab:b4:83:83:ed:16:34:71:f1:82:
                    0f:e7:bf:13:ac:da:4e:19:ca:01:6c:a9:89:4e:2b:
                    3e:34:99:98:c7:08:54:32:7a:6c:0d:48:4d:26:29:
                    3c:30:46:88:0d:a8:60:6f:5b:1d:e1:47:0b:8c:c9:
                    6b:79:8d:ec:8c:8b:2f:e1:5d:5d:31:ee:4b:d7:e3:
                    d7:d9:20:c6:4d:51:97:55:b1:33:90:9f:2c:5f:98:
                    52:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:8C:46:72:04:57:6D:94:E6:F7:63:CA:FB:AD:FE:84:93:11:EE:2E
            X509v3 Authority Key Identifier:
                keyid:FB:23:6B:21:3D:56:49:3F:3B:07:7E:6B:41:F4:2E:4F:3D:F8:CD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-yNrIT1WST87B35rQfQuTz34zc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/b4xGcgRXbZTm92PK-63-hJMR7i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/1-yNrIT1WST87B35rQfQuTz34zc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:f9:6a:32:3b:d0:13:75:6e:dd:a5:7c:f8:ac:4c:32:44:14:
         82:2a:ac:7a:f0:ed:68:a5:23:a1:64:ef:35:a4:b5:27:31:f5:
         b1:d9:a3:4a:f0:ea:46:77:eb:39:52:cd:7a:10:52:62:a6:e8:
         02:64:9c:5d:00:fa:3b:4a:3e:3e:32:a2:65:aa:fd:3e:ff:50:
         f0:1e:5d:35:7f:c4:f6:f4:61:fc:96:25:02:09:b8:22:08:57:
         ea:2d:bf:30:13:51:bd:b0:72:c8:f8:44:55:cd:bb:b9:6a:66:
         d1:80:6f:ab:82:16:73:7d:f8:17:5a:64:04:fe:ff:2f:18:6d:
         12:2f:1b:e9:5b:79:da:b9:bc:34:43:7e:c6:54:ae:37:a1:bd:
         71:02:15:17:39:e9:20:89:00:6b:67:f5:08:fc:d5:40:92:30:
         42:e0:c4:29:6b:67:c8:3b:11:f5:61:ff:5d:93:d4:0a:81:7a:
         17:36:b0:f3:0b:34:8e:6d:bc:22:8a:5f:ca:89:21:e6:80:74:
         f3:77:90:62:fb:2c:90:cf:ed:c3:0e:8d:03:f2:58:d4:67:e3:
         5a:bf:2f:04:fb:56:f7:d9:fd:aa:39:fa:a4:b2:4b:45:6e:01:
         c4:71:01:6f:ea:db:7c:6b:98:20:6c:80:7d:2a:53:e3:a6:65:
         86:e1:1c:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQf+hR/9YFZwOvW5CFZGVDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMjM2YjIxM2Q1NjQ5M2YzYjA3N2U2YjQxZjQyZTRmM2Rm
OGNkY2UwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjhjNDY3MjA0NTc2ZDk0ZTZmNzYzY2FmYmFkZmU4NDkzMTFlZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjt5NuUywV8ZyQZx4r9hvowmmui4H
7zW/eXZ42KQK9I10n/ui4HQc9ltnDuwm6zsezdXrHnVs7Qc8YIyyEejxGJewfo9E
SqxXb3mbAaU7xxzKX6jK2/moQwhoBPBeTyhXVEP/LZ2peZNj2WMZuomaQ4NeBupW
6CdAS8eW6ricbFoORn4QdzmeuS6mH3KT6MZ/sVlHObTjAhtBWol3LRwZW8y7V6py
cGMJhau0g4PtFjRx8YIP578TrNpOGcoBbKmJTis+NJmYxwhUMnpsDUhNJik8MEaI
Dahgb1sd4UcLjMlreY3sjIsv4V1dMe5L1+PX2SDGTVGXVbEzkJ8sX5hSFwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG+MRnIEV22U5vdjyvut/oSTEe4uMB8GA1UdIwQY
MBaAFPsjayE9Vkk/Owd+a0H0Lk89+M3OMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS15TnJJVDFXU1Q4N0IzNXJRZlF1VHozNHpjNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUvMjBmNGFjLTgwZDktNDBlMi1hOWU2
LTFjODhlZWJlYjI5My8xL2I0eEdjZ1JYYlpUbTkyUEstNjMtaEpNUjdpNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODUvMjBmNGFjLTgwZDktNDBlMi1hOWU2LTFjODhlZWJlYjI5
My8xLzEteU5ySVQxV1NUODdCMzVyUWZRdVR6MzR6YzQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFVwv4w
DQYJKoZIhvcNAQELBQADggEBAFD5ajI70BN1bt2lfPisTDJEFIIqrHrw7WilI6Fk
7zWktScx9bHZo0rw6kZ36zlSzXoQUmKm6AJknF0A+jtKPj4yomWq/T7/UPAeXTV/
xPb0YfyWJQIJuCIIV+otvzATUb2wcsj4RFXNu7lqZtGAb6uCFnN9+BdaZAT+/y8Y
bRIvG+lbedq5vDRDfsZUrjehvXECFRc56SCJAGtn9Qj81UCSMELgxClrZ8g7EfVh
/12T1AqBehc2sPMLNI5tvCKKX8qJIeaAdPN3kGL7LJDP7cMOjQPyWNRn41q/LwT7
VvfZ/ao5+qSyS0VuAcRxAW/q23xrmCBsgH0qU+OmZYbhHNY=
-----END CERTIFICATE-----