Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/1e1cgbN_Yaq9w5khFXqXWp5wB-4.roa
File:                     1e1cgbN_Yaq9w5khFXqXWp5wB-4.roa (raw, json)
Hash identifier:          zmQ3HER/wocZd/4CaU6ugdYYeJQWdIjr3eNuvlDrc/k=
Subject key identifier:   D5:ED:5C:81:B3:7F:61:AA:BD:C3:99:21:15:7A:97:5A:9E:70:07:EE
Certificate issuer:       /CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
Certificate serial:       0194228D64B408C1207238253AED13185249
Authority key identifier: 67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/1e1cgbN_Yaq9w5khFXqXWp5wB-4.roa
Signing time:             Wed 01 Jan 2025 15:47:59 +0000
ROA not before:           Wed 01 Jan 2025 15:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208035
IP address blocks:        85.202.196.0/22 maxlen: 24
                          85.202.196.0/24 maxlen: 24
                          85.202.197.0/24 maxlen: 24
                          85.202.198.0/24 maxlen: 24
                          85.202.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:64:b4:08:c1:20:72:38:25:3a:ed:13:18:52:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
        Validity
            Not Before: Jan  1 15:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5ed5c81b37f61aabdc39921157a975a9e7007ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:93:61:62:20:71:bb:1b:87:6b:e0:15:97:67:
                    f2:37:e2:ac:dd:78:4c:6f:8e:73:c8:64:b0:6f:f5:
                    9a:70:4a:9f:83:06:5e:8c:e6:73:b7:55:80:24:f4:
                    66:ee:87:4e:ee:93:8e:fd:90:0b:24:bf:22:fb:f6:
                    cd:51:e7:b8:f5:ed:25:e5:c2:1f:10:e7:e4:13:28:
                    74:68:b6:2d:6a:ee:a4:00:83:c2:7a:ee:73:6e:66:
                    4a:6d:7f:2d:30:6d:7a:21:d0:3c:b0:5f:95:d4:17:
                    a5:91:41:e7:5f:6e:f8:3f:08:cc:6b:18:8a:32:86:
                    f2:06:33:ca:fa:4e:85:be:a8:8d:b0:84:7d:be:21:
                    23:17:aa:89:f0:cc:6f:ed:24:85:64:eb:97:2b:96:
                    ef:31:16:79:69:3e:1a:d2:89:06:0a:fc:3e:22:c5:
                    0c:49:92:ed:f0:29:76:da:6c:ce:a0:a1:cc:bb:4a:
                    12:b8:09:12:88:73:6e:ee:30:dd:98:19:06:df:c6:
                    8f:c5:dc:67:c5:ad:34:2f:76:e9:b7:5a:47:45:0c:
                    87:8b:eb:78:08:1a:0c:0f:8b:77:67:23:69:15:1b:
                    81:a6:91:ab:e9:01:3b:77:51:a2:28:90:c5:ae:67:
                    d4:d5:94:7e:57:62:01:ef:20:00:47:59:19:b5:fa:
                    d4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:ED:5C:81:B3:7F:61:AA:BD:C3:99:21:15:7A:97:5A:9E:70:07:EE
            X509v3 Authority Key Identifier:
                keyid:67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/1e1cgbN_Yaq9w5khFXqXWp5wB-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cf:5d:99:c5:62:21:20:b6:f6:1a:fa:9f:ee:2d:88:03:b7:9a:
         b4:7e:d1:8e:8f:43:6d:59:43:61:86:a3:36:61:08:1a:a9:6f:
         db:e4:56:ac:93:c3:a8:9b:9e:2f:61:8f:ea:da:09:b7:30:73:
         60:27:8d:3f:5e:02:bc:9d:86:fa:1d:ef:0c:6f:71:b3:5a:18:
         9b:b6:69:c4:fb:9f:a8:13:9a:a3:4e:ef:8a:46:7b:a6:13:59:
         97:ca:70:e0:2e:9c:c8:02:0a:fc:7f:64:45:89:d3:b4:23:b3:
         a9:64:86:f7:01:5d:dc:9b:0c:3c:7c:6f:4e:0d:de:8f:c2:b6:
         09:56:23:03:ea:c3:f9:c2:de:ec:e3:dc:68:83:43:8e:da:6e:
         b9:56:91:ca:39:06:7a:cc:23:82:e8:3a:76:19:fe:a0:24:9f:
         18:17:e9:c4:c3:97:d9:8f:bc:0a:79:27:ab:91:1f:5d:23:da:
         b6:19:e3:4b:d9:1e:1e:8f:9b:93:b4:ff:5c:60:e3:46:72:49:
         43:d5:bf:3d:f6:55:79:84:09:05:bf:fe:1b:01:16:a4:cc:36:
         39:8e:dc:b1:ee:14:c1:5a:92:7e:db:d7:75:e1:86:25:a3:d7:
         71:cb:23:8d:16:f2:7d:f1:55:91:01:b9:67:1a:d9:8b:c0:14:
         60:f8:7b:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWS0CMEgcjglOu0TGFJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NGE2MWE4YTljOTdjMDNjZGViZTA1ZjgyNTU4ZTUxZGJm
OTA4MjEwHhcNMjUwMTAxMTU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWVkNWM4MWIzN2Y2MWFhYmRjMzk5MjExNTdhOTc1YTllNzAwN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJNhYiBxuxuHa+AVl2fyN+Ks3XhM
b45zyGSwb/WacEqfgwZejOZzt1WAJPRm7odO7pOO/ZALJL8i+/bNUee49e0l5cIf
EOfkEyh0aLYtau6kAIPCeu5zbmZKbX8tMG16IdA8sF+V1BelkUHnX274PwjMaxiK
MobyBjPK+k6FvqiNsIR9viEjF6qJ8Mxv7SSFZOuXK5bvMRZ5aT4a0okGCvw+IsUM
SZLt8Cl22mzOoKHMu0oSuAkSiHNu7jDdmBkG38aPxdxnxa00L3bpt1pHRQyHi+t4
CBoMD4t3ZyNpFRuBppGr6QE7d1GiKJDFrmfU1ZR+V2IB7yAAR1kZtfrUhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXtXIGzf2GqvcOZIRV6l1qecAfuMB8GA1UdIwQY
MBaAFGdKYaipyXwDzevgX4JVjlHb+QghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmIt
NGM4NmNiZTAzNjEwLzEvMWUxY2diTl9ZYXE5dzVraEZYcVhXcDV3Qi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmItNGM4NmNiZTAzNjEw
LzEvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcrEMA0G
CSqGSIb3DQEBCwUAA4IBAQDPXZnFYiEgtvYa+p/uLYgDt5q0ftGOj0NtWUNhhqM2
YQgaqW/b5Fask8Oom54vYY/q2gm3MHNgJ40/XgK8nYb6He8Mb3GzWhibtmnE+5+o
E5qjTu+KRnumE1mXynDgLpzIAgr8f2RFidO0I7OpZIb3AV3cmww8fG9ODd6PwrYJ
ViMD6sP5wt7s49xog0OO2m65VpHKOQZ6zCOC6Dp2Gf6gJJ8YF+nEw5fZj7wKeSer
kR9dI9q2GeNL2R4ej5uTtP9cYONGcklD1b899lV5hAkFv/4bARakzDY5jtyx7hTB
WpJ+29d14YYlo9dxyyONFvJ98VWRAblnGtmLwBRg+HvP
-----END CERTIFICATE-----