Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/Kj_wFJUCEkU7Bp1zbjVhy_PtQsA.roa
File:                     Kj_wFJUCEkU7Bp1zbjVhy_PtQsA.roa (raw, json)
Hash identifier:          8CX+XCC0Zzi3FyzaMMtEJ7YWP+Pm9naPexHxcVzraJU=
Subject key identifier:   2A:3F:F0:14:95:02:12:45:3B:06:9D:73:6E:35:61:CB:F3:ED:42:C0
Certificate issuer:       /CN=01d50b9807150da396322b9d4dcfc0d2fb2b6520
Certificate serial:       018CC5DC57CCA1FC758A43F3A344A32A0571
Authority key identifier: 01:D5:0B:98:07:15:0D:A3:96:32:2B:9D:4D:CF:C0:D2:FB:2B:65:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/Kj_wFJUCEkU7Bp1zbjVhy_PtQsA.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1241
IP address blocks:        85.209.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:57:cc:a1:fc:75:8a:43:f3:a3:44:a3:2a:05:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d50b9807150da396322b9d4dcfc0d2fb2b6520
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a3ff014950212453b069d736e3561cbf3ed42c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ab:da:82:0d:9e:13:56:a4:ab:e5:d6:0e:88:
                    5d:1e:a5:82:ed:a3:8d:e9:c4:3d:ca:2b:d5:71:e5:
                    f8:08:4c:2a:99:74:e4:5f:4a:ee:72:72:f1:4b:88:
                    7a:16:2b:ef:1c:a2:db:5b:14:b7:b1:db:d2:12:fd:
                    bd:5b:85:ab:3b:94:17:db:dc:8d:a8:b8:81:67:39:
                    0c:91:6a:b1:ea:68:35:63:14:c0:32:d0:b7:33:be:
                    51:c1:b5:c0:5e:1b:60:7e:b8:9a:5c:11:af:f2:30:
                    98:f0:ce:32:3f:d2:77:68:1e:cc:1e:e3:08:ea:e3:
                    2f:f8:5c:30:c5:eb:89:53:17:37:f6:49:07:ba:4a:
                    a9:55:46:94:67:ef:b8:b0:29:25:18:48:34:b8:3a:
                    83:81:a0:38:b4:9c:e4:ae:49:f1:df:b0:cf:b5:1d:
                    f9:05:9a:af:0c:34:77:aa:a2:5b:d1:46:8f:44:24:
                    4b:72:22:0c:02:7e:f8:ec:7d:f4:b8:fc:64:e1:11:
                    7b:47:a1:d8:d8:fe:5c:95:c2:10:fa:1b:6a:ad:31:
                    c9:95:43:a2:f2:ea:44:51:0f:9f:d2:fe:22:ea:d4:
                    48:e7:c2:52:39:a4:ad:49:d5:29:83:23:12:73:32:
                    42:64:11:c4:43:50:f2:25:93:4b:08:3e:e1:ea:13:
                    0d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3F:F0:14:95:02:12:45:3B:06:9D:73:6E:35:61:CB:F3:ED:42:C0
            X509v3 Authority Key Identifier:
                keyid:01:D5:0B:98:07:15:0D:A3:96:32:2B:9D:4D:CF:C0:D2:FB:2B:65:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/Kj_wFJUCEkU7Bp1zbjVhy_PtQsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d2:04:33:24:ab:71:3b:d8:b6:69:d1:29:0c:f5:2a:38:f7:66:
         c4:19:81:9c:b6:0d:ba:18:a8:5e:dd:e7:85:d8:eb:00:3a:90:
         49:6d:eb:a0:40:09:19:a6:d0:21:6f:a3:74:ed:9f:48:32:51:
         bf:52:b1:5c:7c:49:e5:b9:9b:a4:09:36:b0:75:6a:20:ec:1c:
         02:45:cb:2c:be:04:e0:d6:85:95:11:b2:d0:89:e1:c1:51:d9:
         ed:96:79:b6:0c:86:5c:dc:0c:25:8a:0b:1c:c9:fc:53:7c:e4:
         06:4c:fc:b3:f5:5e:d6:df:27:cb:98:b3:dd:cc:04:14:45:ca:
         4d:26:7e:21:58:de:b1:23:10:0e:49:48:62:43:58:8b:a9:d8:
         a4:22:e2:b1:0e:fc:34:9e:eb:ce:23:f2:dc:e3:28:14:d2:f6:
         bc:db:e9:9f:c7:31:3b:81:c2:b3:16:f8:b6:de:a8:1e:0d:f0:
         a0:b2:c1:1f:84:4a:ab:a5:f8:39:2c:98:2d:fc:76:51:75:ca:
         b9:6e:66:61:f2:96:05:22:70:a3:40:b0:49:0c:c7:cd:11:21:
         2f:7d:d6:93:b0:78:cd:03:02:cf:57:16:59:85:2b:fb:03:3e:
         13:09:8a:a4:cb:28:46:20:69:49:62:38:37:bb:4e:d6:0a:11:
         2b:6a:11:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FfMofx1ikPzo0SjKgVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDUwYjk4MDcxNTBkYTM5NjMyMmI5ZDRkY2ZjMGQyZmIy
YjY1MjAwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTNmZjAxNDk1MDIxMjQ1M2IwNjlkNzM2ZTM1NjFjYmYzZWQ0MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkavagg2eE1akq+XWDohdHqWC7aON
6cQ9yivVceX4CEwqmXTkX0rucnLxS4h6FivvHKLbWxS3sdvSEv29W4WrO5QX29yN
qLiBZzkMkWqx6mg1YxTAMtC3M75RwbXAXhtgfriaXBGv8jCY8M4yP9J3aB7MHuMI
6uMv+FwwxeuJUxc39kkHukqpVUaUZ++4sCklGEg0uDqDgaA4tJzkrknx37DPtR35
BZqvDDR3qqJb0UaPRCRLciIMAn747H30uPxk4RF7R6HY2P5clcIQ+htqrTHJlUOi
8upEUQ+f0v4i6tRI58JSOaStSdUpgyMSczJCZBHEQ1DyJZNLCD7h6hMNCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCo/8BSVAhJFOwadc241Ycvz7ULAMB8GA1UdIwQY
MBaAFAHVC5gHFQ2jljIrnU3PwNL7K2UgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRVTG1BY1ZEYU9XTWl1ZFRjX0EwdnNyWlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lYTcxYTAtNjk0MS00Mjc2LTk1ODkt
ODEyNGJkOTQ5YjBlLzEvS2pfd0ZKVUNFa1U3QnAxemJqVmh5X1B0UXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lYTcxYTAtNjk0MS00Mjc2LTk1ODktODEyNGJkOTQ5YjBl
LzEvQWRVTG1BY1ZEYU9XTWl1ZFRjX0EwdnNyWlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdHsMA0G
CSqGSIb3DQEBCwUAA4IBAQDSBDMkq3E72LZp0SkM9So492bEGYGctg26GKhe3eeF
2OsAOpBJbeugQAkZptAhb6N07Z9IMlG/UrFcfEnluZukCTawdWog7BwCRcssvgTg
1oWVEbLQieHBUdntlnm2DIZc3AwligscyfxTfOQGTPyz9V7W3yfLmLPdzAQURcpN
Jn4hWN6xIxAOSUhiQ1iLqdikIuKxDvw0nuvOI/Lc4ygU0va82+mfxzE7gcKzFvi2
3qgeDfCgssEfhEqrpfg5LJgt/HZRdcq5bmZh8pYFInCjQLBJDMfNESEvfdaTsHjN
AwLPVxZZhSv7Az4TCYqkyyhGIGlJYjg3u07WChErahEB
-----END CERTIFICATE-----