Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/768241-7adf-4c25-97ce-338975829e8b/1/KE1fBJ1advdITfmOzvn7t3RcuIg.roa
File:                     KE1fBJ1advdITfmOzvn7t3RcuIg.roa (raw, json)
Hash identifier:          bjNR4AwoDCZxRU2BwiF6wUkjXUblSYqmnqo4++WIt3g=
Subject key identifier:   28:4D:5F:04:9D:5A:76:F7:48:4D:F9:8E:CE:F9:FB:B7:74:5C:B8:88
Certificate issuer:       /CN=93dc75e61e483f0d479221f3ca75fc722096a7ed
Certificate serial:       018EE793C9582B9E362A44A14016111DBE59
Authority key identifier: 93:DC:75:E6:1E:48:3F:0D:47:92:21:F3:CA:75:FC:72:20:96:A7:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9x15h5IPw1HkiHzynX8ciCWp-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/768241-7adf-4c25-97ce-338975829e8b/1/KE1fBJ1advdITfmOzvn7t3RcuIg.roa
Signing time:             Tue 16 Apr 2024 15:43:25 +0000
ROA not before:           Tue 16 Apr 2024 15:43:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207029
IP address blocks:        185.85.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/768241-7adf-4c25-97ce-338975829e8b/1/k9x15h5IPw1HkiHzynX8ciCWp-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/768241-7adf-4c25-97ce-338975829e8b/1/k9x15h5IPw1HkiHzynX8ciCWp-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9x15h5IPw1HkiHzynX8ciCWp-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:93:c9:58:2b:9e:36:2a:44:a1:40:16:11:1d:be:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93dc75e61e483f0d479221f3ca75fc722096a7ed
        Validity
            Not Before: Apr 16 15:43:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=284d5f049d5a76f7484df98ecef9fbb7745cb888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ab:e4:f8:b4:5c:ee:52:30:f9:da:bc:ec:57:
                    87:53:ca:d3:b6:9f:59:c9:93:6e:5b:29:e5:01:31:
                    8f:b0:a5:b0:37:3d:fc:d7:9c:12:47:d1:cd:f8:b9:
                    60:2d:cd:8a:f0:a7:14:90:5b:51:48:79:75:83:b9:
                    b9:1d:07:0f:31:1d:f2:de:52:a0:b6:12:ac:96:22:
                    ad:1c:69:c8:e0:6e:53:1b:31:92:6d:f3:af:b9:6b:
                    a8:b6:fb:42:fe:44:01:cc:78:8e:52:f4:ea:c9:99:
                    f7:f7:67:48:12:5d:dc:01:20:ac:0d:04:2f:c7:db:
                    fb:27:ab:79:69:88:55:f8:b1:ff:39:32:b6:bc:64:
                    8f:a6:5c:fd:f8:e8:91:ac:52:bd:c9:e3:7d:50:39:
                    3c:ca:ee:a8:b6:b4:95:6c:20:63:61:41:7a:18:c7:
                    8d:49:ea:1d:66:ba:61:16:e1:6c:70:e3:ed:da:6b:
                    b0:f9:76:4a:8c:7c:5c:d0:7b:a9:42:0f:cd:cb:97:
                    16:2b:84:89:09:e9:9a:dc:2a:76:24:54:1a:6f:31:
                    88:10:2e:55:cd:fd:86:a8:cf:a9:a6:f6:29:47:c4:
                    0a:26:8c:e1:2c:84:e3:f9:c6:73:23:ee:e7:0d:ac:
                    d2:f6:e6:62:44:06:7e:1d:50:92:5b:99:7c:1c:89:
                    93:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4D:5F:04:9D:5A:76:F7:48:4D:F9:8E:CE:F9:FB:B7:74:5C:B8:88
            X509v3 Authority Key Identifier:
                keyid:93:DC:75:E6:1E:48:3F:0D:47:92:21:F3:CA:75:FC:72:20:96:A7:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9x15h5IPw1HkiHzynX8ciCWp-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/768241-7adf-4c25-97ce-338975829e8b/1/KE1fBJ1advdITfmOzvn7t3RcuIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/768241-7adf-4c25-97ce-338975829e8b/1/k9x15h5IPw1HkiHzynX8ciCWp-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:69:29:a8:37:a5:8b:2c:72:32:13:92:73:89:8c:64:63:0a:
         13:6e:00:2c:08:68:19:f9:d8:78:5f:26:46:4e:1b:f2:98:89:
         c5:ae:bf:aa:74:ec:5b:f4:50:1a:94:52:42:c8:97:a0:ff:e1:
         00:64:4d:59:50:76:f5:dd:44:4a:cc:79:f9:22:40:3d:a1:86:
         35:ff:16:2a:49:cc:a0:b1:e9:93:1f:5f:c0:c3:a1:ea:18:c3:
         7d:4b:f8:8f:34:74:8d:be:fb:49:cd:9c:b5:e4:f5:40:54:0d:
         7a:01:ef:87:ff:e6:c2:85:7c:d5:a4:83:a6:c5:e0:2c:9f:c7:
         d1:32:00:55:a5:e1:ad:c9:4e:0b:bd:97:3a:4d:cd:7f:a4:f4:
         cf:64:a2:50:3f:ec:2d:81:72:a0:a9:c0:bd:8f:f2:ec:a7:f0:
         e3:90:40:51:7b:fd:1c:16:c5:21:f3:58:33:58:d5:2a:73:a9:
         d3:f8:59:de:fd:91:95:90:16:c4:74:75:e3:e9:92:c4:da:0e:
         8b:c1:0b:3b:ed:da:94:ad:40:e7:28:44:ab:bc:52:91:2f:c0:
         a3:de:8f:0d:3e:38:e0:a6:21:86:92:43:f6:e0:4f:6f:b4:4a:
         e3:78:f9:24:53:32:84:8f:0f:4a:5f:58:f5:68:fb:5f:ca:0c:
         c7:17:f6:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nk8lYK542KkShQBYRHb5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZGM3NWU2MWU0ODNmMGQ0NzkyMjFmM2NhNzVmYzcyMjA5
NmE3ZWQwHhcNMjQwNDE2MTU0MzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODRkNWYwNDlkNWE3NmY3NDg0ZGY5OGVjZWY5ZmJiNzc0NWNiODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56vk+LRc7lIw+dq87FeHU8rTtp9Z
yZNuWynlATGPsKWwNz3815wSR9HN+LlgLc2K8KcUkFtRSHl1g7m5HQcPMR3y3lKg
thKsliKtHGnI4G5TGzGSbfOvuWuotvtC/kQBzHiOUvTqyZn392dIEl3cASCsDQQv
x9v7J6t5aYhV+LH/OTK2vGSPplz9+OiRrFK9yeN9UDk8yu6otrSVbCBjYUF6GMeN
SeodZrphFuFscOPt2muw+XZKjHxc0HupQg/Ny5cWK4SJCema3Cp2JFQabzGIEC5V
zf2GqM+ppvYpR8QKJozhLITj+cZzI+7nDazS9uZiRAZ+HVCSW5l8HImTLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChNXwSdWnb3SE35js75+7d0XLiIMB8GA1UdIwQY
MBaAFJPcdeYeSD8NR5Ih88p1/HIglqftMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazl4MTVoNUlQdzFIa2lIenluWDhjaUNXcC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS83NjgyNDEtN2FkZi00YzI1LTk3Y2Ut
MzM4OTc1ODI5ZThiLzEvS0UxZkJKMWFkdmRJVGZtT3p2bjd0M1JjdUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS83NjgyNDEtN2FkZi00YzI1LTk3Y2UtMzM4OTc1ODI5ZThi
LzEvazl4MTVoNUlQdzFIa2lIenluWDhjaUNXcC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVUUMA0G
CSqGSIb3DQEBCwUAA4IBAQB5aSmoN6WLLHIyE5JziYxkYwoTbgAsCGgZ+dh4XyZG
ThvymInFrr+qdOxb9FAalFJCyJeg/+EAZE1ZUHb13URKzHn5IkA9oYY1/xYqScyg
semTH1/Aw6HqGMN9S/iPNHSNvvtJzZy15PVAVA16Ae+H/+bChXzVpIOmxeAsn8fR
MgBVpeGtyU4LvZc6Tc1/pPTPZKJQP+wtgXKgqcC9j/Lsp/DjkEBRe/0cFsUh81gz
WNUqc6nT+Fne/ZGVkBbEdHXj6ZLE2g6LwQs77dqUrUDnKESrvFKRL8Cj3o8NPjjg
piGGkkP24E9vtErjePkkUzKEjw9KX1j1aPtfygzHF/at
-----END CERTIFICATE-----