Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/v1iO82Ndv5XslXxmLlk1JCmNJgU.roa
File:                     v1iO82Ndv5XslXxmLlk1JCmNJgU.roa (raw, json)
Hash identifier:          3TnNtQdYZh1Pmwdlws3+Zw8hbwtZGtY6ogZCeIxz8Zc=
Subject key identifier:   BF:58:8E:F3:63:5D:BF:95:EC:95:7C:66:2E:59:35:24:29:8D:26:05
Certificate issuer:       /CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
Certificate serial:       018CC2DABA2A7EE97BD55057C6B2142C066F
Authority key identifier: 67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/v1iO82Ndv5XslXxmLlk1JCmNJgU.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208035
IP address blocks:        85.202.196.0/24 maxlen: 24
                          85.202.196.0/22 maxlen: 24
                          85.202.197.0/24 maxlen: 24
                          85.202.198.0/24 maxlen: 24
                          85.202.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ba:2a:7e:e9:7b:d5:50:57:c6:b2:14:2c:06:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf588ef3635dbf95ec957c662e593524298d2605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:7c:48:ad:7e:86:8b:b2:0b:e3:82:7f:cb:d3:
                    73:c8:84:f5:15:d4:61:d2:68:62:c6:70:64:4d:23:
                    8b:c0:32:2e:fb:c0:37:db:c7:f1:0f:22:39:1a:23:
                    00:27:fe:81:c6:fc:30:09:e6:9d:11:15:8d:76:3b:
                    cc:87:09:a4:ea:01:47:83:48:2c:64:43:15:5d:fa:
                    0f:9f:a1:5e:1e:c3:b6:5d:21:57:9b:80:3c:2c:f1:
                    c2:e3:1c:40:5e:f1:95:a7:be:77:2e:c7:69:42:3a:
                    5d:2c:6e:de:42:15:2d:18:4e:9e:14:8b:f1:87:ca:
                    0e:c4:b0:b2:00:c3:82:4e:c9:36:80:53:ee:be:e1:
                    c1:d7:18:41:a6:96:bc:92:d4:60:00:18:5b:79:36:
                    a0:c3:12:4f:4d:c3:f5:6f:22:d4:08:e4:43:6f:9c:
                    d0:a1:d2:ae:be:43:93:f2:a8:c3:96:9f:75:e7:3f:
                    e5:8d:a1:cc:be:53:71:50:10:b0:df:25:38:1b:97:
                    c0:46:ed:e7:2b:a1:1f:ea:57:49:80:ec:a9:95:d1:
                    7d:36:54:64:2c:23:96:86:93:bb:d5:a3:fd:d0:3e:
                    9a:84:73:39:c6:21:35:76:25:ee:85:eb:ab:d0:88:
                    9c:35:a8:bc:4b:f5:f5:1e:83:d1:4f:22:00:1c:9e:
                    eb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:58:8E:F3:63:5D:BF:95:EC:95:7C:66:2E:59:35:24:29:8D:26:05
            X509v3 Authority Key Identifier:
                keyid:67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/v1iO82Ndv5XslXxmLlk1JCmNJgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:49:8c:97:51:97:b9:40:8e:d2:80:fb:63:8a:b7:b8:8d:12:
         64:3f:21:55:c6:1e:42:90:e2:0e:e8:b6:7c:c2:90:36:63:83:
         ae:30:03:1c:e1:f7:2a:77:06:c9:71:4c:bb:ef:e6:35:1e:4f:
         16:77:2d:95:9e:05:6b:58:7b:6c:52:9a:64:b2:37:ff:8f:aa:
         ea:ea:e7:7c:6b:d9:07:a3:f9:ef:a2:54:b6:15:3a:d4:7a:99:
         ef:f7:af:92:98:18:a0:1e:d5:38:2d:57:95:20:ee:60:dc:2f:
         d2:f7:a4:56:ed:f6:e3:ec:22:b1:88:6c:82:a4:0b:32:a4:fd:
         7b:73:ad:0a:c1:fa:5d:c9:82:1e:66:d6:21:2f:ab:6b:30:99:
         30:7e:ce:bd:27:7e:29:46:5c:cd:3a:75:77:5c:65:0d:cf:0d:
         5a:38:6c:d4:35:8f:60:87:26:9c:95:6b:3e:5e:f0:6f:0f:71:
         6c:de:10:66:7e:56:45:81:b4:fe:d5:ec:36:b3:5e:a7:3f:48:
         d3:fc:b7:63:6b:ed:8b:0f:21:f4:ba:a6:6b:b1:20:d3:80:23:
         79:96:2c:ad:dc:10:d9:e9:fb:dd:78:be:7a:4b:4b:42:c0:32:
         11:2a:34:be:82:1d:35:d9:e2:b2:71:7b:13:c9:a0:bc:46:19:
         5a:66:64:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2roqful71VBXxrIULAZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NGE2MWE4YTljOTdjMDNjZGViZTA1ZjgyNTU4ZTUxZGJm
OTA4MjEwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU4OGVmMzYzNWRiZjk1ZWM5NTdjNjYyZTU5MzUyNDI5OGQyNjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXxIrX6Gi7IL44J/y9NzyIT1FdRh
0mhixnBkTSOLwDIu+8A328fxDyI5GiMAJ/6BxvwwCeadERWNdjvMhwmk6gFHg0gs
ZEMVXfoPn6FeHsO2XSFXm4A8LPHC4xxAXvGVp753LsdpQjpdLG7eQhUtGE6eFIvx
h8oOxLCyAMOCTsk2gFPuvuHB1xhBppa8ktRgABhbeTagwxJPTcP1byLUCORDb5zQ
odKuvkOT8qjDlp915z/ljaHMvlNxUBCw3yU4G5fARu3nK6Ef6ldJgOypldF9NlRk
LCOWhpO71aP90D6ahHM5xiE1diXuheur0IicNai8S/X1HoPRTyIAHJ7r9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9YjvNjXb+V7JV8Zi5ZNSQpjSYFMB8GA1UdIwQY
MBaAFGdKYaipyXwDzevgX4JVjlHb+QghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmIt
NGM4NmNiZTAzNjEwLzEvdjFpTzgyTmR2NVhzbFh4bUxsazFKQ21OSmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmItNGM4NmNiZTAzNjEw
LzEvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcrEMA0G
CSqGSIb3DQEBCwUAA4IBAQAJSYyXUZe5QI7SgPtjire4jRJkPyFVxh5CkOIO6LZ8
wpA2Y4OuMAMc4fcqdwbJcUy77+Y1Hk8Wdy2VngVrWHtsUppksjf/j6rq6ud8a9kH
o/nvolS2FTrUepnv96+SmBigHtU4LVeVIO5g3C/S96RW7fbj7CKxiGyCpAsypP17
c60KwfpdyYIeZtYhL6trMJkwfs69J34pRlzNOnV3XGUNzw1aOGzUNY9ghyaclWs+
XvBvD3Fs3hBmflZFgbT+1ew2s16nP0jT/Ldja+2LDyH0uqZrsSDTgCN5liyt3BDZ
6fvdeL56S0tCwDIRKjS+gh012eKycXsTyaC8RhlaZmTh
-----END CERTIFICATE-----