Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/08bb92-6f00-4e5c-924a-ef6cce145d82/1/fjQ1gSdB1yktmlzrNbrLSF6TuHg.roa
File:                     fjQ1gSdB1yktmlzrNbrLSF6TuHg.roa (raw, json)
Hash identifier:          S4krMJOnJajjz145CLTVUg2eYvzcAyJ8fJaCUZYrkvE=
Subject key identifier:   7E:34:35:81:27:41:D7:29:2D:9A:5C:EB:35:BA:CB:48:5E:93:B8:78
Certificate issuer:       /CN=bcc7e674665440f6e6b80e6ff155aad6a89cb3f2
Certificate serial:       018CC5DC2C04CE21A1AAC2EC0373AC79FA41
Authority key identifier: BC:C7:E6:74:66:54:40:F6:E6:B8:0E:6F:F1:55:AA:D6:A8:9C:B3:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMfmdGZUQPbmuA5v8VWq1qics_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/08bb92-6f00-4e5c-924a-ef6cce145d82/1/fjQ1gSdB1yktmlzrNbrLSF6TuHg.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47195
IP address blocks:        185.13.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/08bb92-6f00-4e5c-924a-ef6cce145d82/1/vMfmdGZUQPbmuA5v8VWq1qics_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/08bb92-6f00-4e5c-924a-ef6cce145d82/1/vMfmdGZUQPbmuA5v8VWq1qics_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vMfmdGZUQPbmuA5v8VWq1qics_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2c:04:ce:21:a1:aa:c2:ec:03:73:ac:79:fa:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc7e674665440f6e6b80e6ff155aad6a89cb3f2
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e3435812741d7292d9a5ceb35bacb485e93b878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:80:fa:c7:0d:b1:71:c3:57:96:41:04:75:02:
                    1f:3b:c8:1a:32:8a:a3:4d:e6:67:bb:7f:f4:b8:70:
                    b6:27:79:41:97:5c:f7:63:54:08:d7:d3:0f:61:3a:
                    13:43:93:30:a0:86:a3:5c:c6:a0:e3:82:2d:19:14:
                    a5:c6:d8:c8:6f:8c:0e:43:52:47:8d:65:ff:cf:78:
                    37:3b:3d:a3:d4:6c:10:3e:d4:05:2e:fa:2f:49:ab:
                    f2:5a:96:0a:18:7b:d6:dd:80:17:88:7f:b5:6c:aa:
                    29:6a:c2:05:91:3c:ff:92:b1:57:4b:bb:ff:f9:89:
                    1e:40:c5:22:cb:06:20:b0:97:df:12:91:8d:20:b7:
                    13:8e:25:6e:52:ad:d3:45:ed:79:59:08:1c:46:11:
                    d9:8d:e2:da:c6:43:08:89:b0:21:78:7b:e8:4b:04:
                    29:d8:a9:36:d0:9e:58:ba:62:f0:47:03:8f:bf:a7:
                    7e:1c:c5:03:f6:6f:9d:a9:e3:29:77:5f:0a:77:d3:
                    3b:02:e3:77:8b:07:5c:cb:fb:ab:48:e9:b1:d6:40:
                    68:1f:d9:e8:f3:9d:89:1d:bc:79:16:0f:8d:54:0a:
                    85:9e:db:f7:47:0e:e4:c9:85:d4:ee:dc:94:e9:bc:
                    e3:7e:99:ab:6c:02:4a:7b:61:6f:b8:04:ee:4a:34:
                    ea:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:34:35:81:27:41:D7:29:2D:9A:5C:EB:35:BA:CB:48:5E:93:B8:78
            X509v3 Authority Key Identifier:
                keyid:BC:C7:E6:74:66:54:40:F6:E6:B8:0E:6F:F1:55:AA:D6:A8:9C:B3:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMfmdGZUQPbmuA5v8VWq1qics_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/08bb92-6f00-4e5c-924a-ef6cce145d82/1/fjQ1gSdB1yktmlzrNbrLSF6TuHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/08bb92-6f00-4e5c-924a-ef6cce145d82/1/vMfmdGZUQPbmuA5v8VWq1qics_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:04:13:20:b7:84:2d:c5:fe:6a:c1:01:83:76:a8:19:72:8b:
         ae:d9:72:90:0a:19:69:b0:98:77:77:43:53:e1:08:c4:30:f9:
         b1:a4:0b:fa:39:b5:6a:09:0f:c4:3f:f8:da:15:82:5f:8b:38:
         b7:7d:10:29:03:1e:1d:7c:65:16:1f:48:73:7c:e1:0e:13:a3:
         01:7e:f9:23:0d:a1:30:a0:7a:21:7b:6b:74:6c:eb:b7:21:06:
         ac:63:a7:f7:a1:a4:8a:b9:5f:f0:f7:be:d1:6f:07:33:c2:1d:
         0d:f1:41:db:f1:30:2f:08:99:74:94:0a:54:8a:8e:86:69:84:
         68:b3:08:01:76:76:a2:8a:1d:ec:9f:3c:0b:a7:59:9f:75:94:
         3f:92:e3:83:25:7d:38:0e:b6:4c:1e:3f:4e:69:29:b1:8a:30:
         02:44:cd:74:6f:a5:f6:ec:9e:d9:f7:1b:ec:81:54:97:e8:d7:
         52:c3:6e:6e:0e:1d:9c:58:77:d2:f1:79:8c:28:e5:1b:46:b4:
         a3:7b:b5:ff:05:87:fd:f2:32:24:50:6b:b3:38:c0:25:bf:c1:
         82:ef:1d:45:1f:e0:47:4f:5c:20:73:b3:83:35:a9:cd:34:49:
         94:d5:9e:c6:09:af:f3:f4:fe:7d:9a:31:3f:9b:4c:e4:a5:b5:
         00:3c:b5:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CwEziGhqsLsA3OsefpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYzdlNjc0NjY1NDQwZjZlNmI4MGU2ZmYxNTVhYWQ2YTg5
Y2IzZjIwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTM0MzU4MTI3NDFkNzI5MmQ5YTVjZWIzNWJhY2I0ODVlOTNiODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YD6xw2xccNXlkEEdQIfO8gaMoqj
TeZnu3/0uHC2J3lBl1z3Y1QI19MPYToTQ5MwoIajXMag44ItGRSlxtjIb4wOQ1JH
jWX/z3g3Oz2j1GwQPtQFLvovSavyWpYKGHvW3YAXiH+1bKopasIFkTz/krFXS7v/
+YkeQMUiywYgsJffEpGNILcTjiVuUq3TRe15WQgcRhHZjeLaxkMIibAheHvoSwQp
2Kk20J5YumLwRwOPv6d+HMUD9m+dqeMpd18Kd9M7AuN3iwdcy/urSOmx1kBoH9no
852JHbx5Fg+NVAqFntv3Rw7kyYXU7tyU6bzjfpmrbAJKe2FvuATuSjTqfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH40NYEnQdcpLZpc6zW6y0hek7h4MB8GA1UdIwQY
MBaAFLzH5nRmVED25rgOb/FVqtaonLPyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk1mbWRHWlVRUGJtdUE1djhWV3ExcWljc19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wOGJiOTItNmYwMC00ZTVjLTkyNGEt
ZWY2Y2NlMTQ1ZDgyLzEvZmpRMWdTZEIxeWt0bWx6ck5ickxTRjZUdUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wOGJiOTItNmYwMC00ZTVjLTkyNGEtZWY2Y2NlMTQ1ZDgy
LzEvdk1mbWRHWlVRUGJtdUE1djhWV3ExcWljc19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ1VMA0G
CSqGSIb3DQEBCwUAA4IBAQBpBBMgt4Qtxf5qwQGDdqgZcouu2XKQChlpsJh3d0NT
4QjEMPmxpAv6ObVqCQ/EP/jaFYJfizi3fRApAx4dfGUWH0hzfOEOE6MBfvkjDaEw
oHohe2t0bOu3IQasY6f3oaSKuV/w977Rbwczwh0N8UHb8TAvCJl0lApUio6GaYRo
swgBdnaiih3snzwLp1mfdZQ/kuODJX04DrZMHj9OaSmxijACRM10b6X27J7Z9xvs
gVSX6NdSw25uDh2cWHfS8XmMKOUbRrSje7X/BYf98jIkUGuzOMAlv8GC7x1FH+BH
T1wgc7ODNanNNEmU1Z7GCa/z9P59mjE/m0zkpbUAPLUU
-----END CERTIFICATE-----