Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/xhhJQqhM5sB1fU9J0vxm3RoZWw0.roa
File:                     xhhJQqhM5sB1fU9J0vxm3RoZWw0.roa (raw, json)
Hash identifier:          +YOuzWIZ++rhf1ENTPtE45w85KCzRIvAgoMtfwrZcLw=
Subject key identifier:   C6:18:49:42:A8:4C:E6:C0:75:7D:4F:49:D2:FC:66:DD:1A:19:5B:0D
Certificate issuer:       /CN=95d9fc815e90ca87927907c5eab3fe79ca215eaa
Certificate serial:       019423D6ADDE275477BE84F35FB52C714ECC
Authority key identifier: 95:D9:FC:81:5E:90:CA:87:92:79:07:C5:EA:B3:FE:79:CA:21:5E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/xhhJQqhM5sB1fU9J0vxm3RoZWw0.roa
Signing time:             Wed 01 Jan 2025 21:47:39 +0000
ROA not before:           Wed 01 Jan 2025 21:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201185
IP address blocks:        185.85.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ad:de:27:54:77:be:84:f3:5f:b5:2c:71:4e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d9fc815e90ca87927907c5eab3fe79ca215eaa
        Validity
            Not Before: Jan  1 21:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6184942a84ce6c0757d4f49d2fc66dd1a195b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6b:9d:b2:46:c3:2c:8c:cf:86:e2:f8:74:b6:
                    7b:be:f2:24:64:6f:4c:5d:6e:5b:fb:78:f0:2d:16:
                    c6:dc:38:a6:c5:28:35:4d:88:29:2e:75:4e:88:5e:
                    59:d6:da:25:97:b9:e8:cc:f0:9b:ef:f7:77:6e:ab:
                    51:a1:77:19:38:06:e5:22:b9:4c:71:a7:08:f3:4a:
                    5d:53:78:79:3e:3d:aa:bb:b8:4c:01:2a:9f:b3:96:
                    2c:88:dd:c0:ed:52:50:b2:64:0b:96:1b:68:c4:01:
                    1f:20:9f:5b:90:31:09:be:20:5d:cb:d9:2b:4d:35:
                    ea:ba:7f:2f:13:ed:1c:35:4d:cf:66:25:8d:84:e0:
                    ef:d5:f2:7a:c5:87:0d:97:dc:5d:4d:bb:15:09:4e:
                    82:68:8d:ee:7f:77:6d:e3:f8:75:13:35:d9:9c:2c:
                    0a:a5:a1:0d:fa:b1:71:3f:94:58:61:8e:ed:d5:86:
                    d4:dc:95:39:cf:fa:12:ba:05:f2:dd:87:47:97:07:
                    da:ba:5f:38:b1:c0:38:0b:60:66:8d:d9:21:48:22:
                    4f:de:a9:0b:74:12:80:5d:ff:3d:a1:71:df:79:08:
                    9f:4d:af:4f:a2:dc:9e:75:82:b7:71:25:c0:b8:01:
                    1f:2a:69:41:cf:ed:73:84:9f:97:42:2f:97:7c:43:
                    df:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:18:49:42:A8:4C:E6:C0:75:7D:4F:49:D2:FC:66:DD:1A:19:5B:0D
            X509v3 Authority Key Identifier:
                keyid:95:D9:FC:81:5E:90:CA:87:92:79:07:C5:EA:B3:FE:79:CA:21:5E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/xhhJQqhM5sB1fU9J0vxm3RoZWw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:1e:15:68:e2:11:7c:b3:ee:22:3c:b9:a5:b8:fc:db:b5:c3:
         52:d4:14:f2:84:99:d5:f3:37:fe:a7:04:0b:f6:ac:3f:ad:35:
         02:ad:c1:7e:79:dc:c8:cf:05:cf:74:c1:d0:3e:9d:67:08:d0:
         96:b7:69:68:f3:65:04:64:9a:7e:27:b6:26:65:0e:41:2e:3e:
         dc:7a:1c:2b:71:3a:02:ee:66:e9:25:69:e6:90:cc:23:12:ac:
         14:07:8a:8b:7a:b1:4c:02:87:66:4a:5f:e7:2b:36:b6:68:aa:
         fb:06:2b:e5:f0:a2:0b:e5:3a:f9:e8:17:51:c1:59:92:c7:84:
         23:25:60:1c:8a:a7:05:f3:84:03:9e:81:f5:3b:66:d8:c1:dd:
         3b:46:24:a0:0d:bf:e1:38:bd:e2:48:c1:e3:ab:db:85:76:dd:
         fd:ae:92:20:03:5b:ed:75:f4:95:cc:2d:0e:dd:24:a5:fc:fd:
         0c:62:de:8f:51:42:db:1b:de:8e:64:b7:d9:07:3a:8b:ff:1b:
         c1:5b:74:5f:27:3e:28:b1:57:33:3d:02:7e:9c:7f:b3:23:bb:
         8e:77:91:c9:a3:4b:75:f7:c2:1f:ff:57:8f:2e:82:62:1e:c1:
         90:2d:36:f0:5f:83:bf:23:d5:e2:5d:27:4a:34:9c:be:74:6b:
         0d:69:da:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1q3eJ1R3voTzX7UscU7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDlmYzgxNWU5MGNhODc5Mjc5MDdjNWVhYjNmZTc5Y2Ey
MTVlYWEwHhcNMjUwMTAxMjE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE4NDk0MmE4NGNlNmMwNzU3ZDRmNDlkMmZjNjZkZDFhMTk1YjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2udskbDLIzPhuL4dLZ7vvIkZG9M
XW5b+3jwLRbG3DimxSg1TYgpLnVOiF5Z1toll7nozPCb7/d3bqtRoXcZOAblIrlM
cacI80pdU3h5Pj2qu7hMASqfs5YsiN3A7VJQsmQLlhtoxAEfIJ9bkDEJviBdy9kr
TTXqun8vE+0cNU3PZiWNhODv1fJ6xYcNl9xdTbsVCU6CaI3uf3dt4/h1EzXZnCwK
paEN+rFxP5RYYY7t1YbU3JU5z/oSugXy3YdHlwfaul84scA4C2BmjdkhSCJP3qkL
dBKAXf89oXHfeQifTa9PotyedYK3cSXAuAEfKmlBz+1zhJ+XQi+XfEPffQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYYSUKoTObAdX1PSdL8Zt0aGVsNMB8GA1UdIwQY
MBaAFJXZ/IFekMqHknkHxeqz/nnKIV6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRuOGdWNlF5b2VTZVFmRjZyUC1lY29oWHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85Y2FhNTAtYTUxMC00MTdhLWI1ODkt
OGNlNDE3OTIzMmM4LzEveGhoSlFxaE01c0IxZlU5SjB2eG0zUm9aV3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85Y2FhNTAtYTUxMC00MTdhLWI1ODktOGNlNDE3OTIzMmM4
LzEvbGRuOGdWNlF5b2VTZVFmRjZyUC1lY29oWHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVVAMA0G
CSqGSIb3DQEBCwUAA4IBAQAyHhVo4hF8s+4iPLmluPzbtcNS1BTyhJnV8zf+pwQL
9qw/rTUCrcF+edzIzwXPdMHQPp1nCNCWt2lo82UEZJp+J7YmZQ5BLj7cehwrcToC
7mbpJWnmkMwjEqwUB4qLerFMAodmSl/nKza2aKr7Bivl8KIL5Tr56BdRwVmSx4Qj
JWAciqcF84QDnoH1O2bYwd07RiSgDb/hOL3iSMHjq9uFdt39rpIgA1vtdfSVzC0O
3SSl/P0MYt6PUULbG96OZLfZBzqL/xvBW3RfJz4osVczPQJ+nH+zI7uOd5HJo0t1
98If/1ePLoJiHsGQLTbwX4O/I9XiXSdKNJy+dGsNadrH
-----END CERTIFICATE-----