Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/JxK2q13_cqx-NWh4pwxzv1oZwUU.roa
File:                     JxK2q13_cqx-NWh4pwxzv1oZwUU.roa (raw, json)
Hash identifier:          vSuXYLcns28c0nq94myzhzaBiRbuD/IUZvXqu1uibWo=
Subject key identifier:   27:12:B6:AB:5D:FF:72:AC:7E:35:68:78:A7:0C:73:BF:5A:19:C1:45
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01925E194BC3F3513198B03E42BD4E3B866C
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/JxK2q13_cqx-NWh4pwxzv1oZwUU.roa
Signing time:             Sat 05 Oct 2024 19:12:49 +0000
ROA not before:           Sat 05 Oct 2024 19:12:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        85.208.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:19:4b:c3:f3:51:31:98:b0:3e:42:bd:4e:3b:86:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Oct  5 19:12:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2712b6ab5dff72ac7e356878a70c73bf5a19c145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:96:14:19:83:74:60:ee:ef:a5:30:e3:46:0e:
                    e6:9e:c8:b9:8e:55:59:5f:b5:ee:58:30:1e:7c:cf:
                    24:26:d3:bd:28:17:34:d3:c6:1c:ca:3b:86:48:82:
                    6c:a6:fa:44:40:88:cd:5c:05:71:b5:66:a7:1b:62:
                    f5:8c:88:36:72:fa:ef:e0:96:c7:b6:8b:61:fd:d9:
                    bd:bf:a6:5c:85:14:66:ce:6c:0d:0e:17:6e:3e:2f:
                    75:45:39:0b:3f:23:77:32:0d:29:89:0b:bb:88:3e:
                    ae:5d:69:64:ad:42:fb:09:e0:0c:12:c5:20:fc:b9:
                    ed:be:4b:f7:59:7f:44:3f:3a:d2:e8:5b:4d:3e:09:
                    ba:1e:9a:1c:c2:43:dd:2b:d0:a8:5b:a6:87:4e:b0:
                    ac:cb:53:e4:ce:b6:9b:e2:18:9d:9d:66:e7:45:1b:
                    d0:4a:2c:1c:77:09:e0:eb:f7:f3:1d:ea:ae:78:a7:
                    67:68:f3:62:82:4f:3f:88:64:e6:2f:e8:c6:92:01:
                    23:78:1d:fd:33:10:da:fe:81:e1:a7:ff:04:80:78:
                    cb:71:e2:69:3d:7b:30:a5:cb:ea:ea:fc:53:b2:06:
                    47:a8:d4:34:ed:f4:f7:81:4e:ec:be:07:75:e0:ec:
                    a9:41:03:c3:4f:f3:a9:ab:fe:c9:0a:f8:49:82:ea:
                    85:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:12:B6:AB:5D:FF:72:AC:7E:35:68:78:A7:0C:73:BF:5A:19:C1:45
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/JxK2q13_cqx-NWh4pwxzv1oZwUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:27:c2:86:e5:32:83:de:68:b4:e6:5c:1f:78:60:b1:98:28:
         5b:12:76:ff:40:0a:64:2d:c2:aa:4d:36:39:95:fb:d7:c4:98:
         16:ba:43:53:73:de:71:2d:54:c9:b4:51:94:fc:41:5f:2f:61:
         6d:dc:75:8d:ab:00:44:07:59:4b:c6:7d:39:a8:fb:dd:a7:23:
         04:e3:3d:c0:37:75:6f:10:cd:6a:1a:2b:ff:94:a6:ea:34:ef:
         f9:7a:9b:91:fd:31:83:f6:71:29:9e:6e:cb:00:f1:b0:48:44:
         02:1a:b8:81:2e:b6:06:ab:0d:71:f4:1e:1c:a0:49:c8:ff:ed:
         76:15:42:2e:97:fb:da:26:fe:9e:d2:53:a0:7d:1c:bf:5a:6d:
         82:7e:cc:29:dc:bc:d5:82:28:d2:e5:bc:f8:c3:cf:33:60:0f:
         bf:4e:59:33:39:27:19:f2:bc:2a:fc:e6:08:2d:aa:42:0d:37:
         5d:98:12:ba:8a:c9:bb:d2:e8:9d:fe:24:25:97:16:92:1a:9b:
         84:14:10:d9:09:5c:0d:23:40:57:d3:bb:7b:f5:0b:ef:3b:26:
         2c:5f:a8:48:2c:61:f1:fb:1b:90:d3:0c:5a:67:ca:45:b0:e3:
         22:9a:dc:46:46:fe:a0:0c:16:61:40:21:74:8e:fe:87:84:fc:
         a3:1b:24:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJeGUvD81ExmLA+Qr1OO4ZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQxMDA1MTkxMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzEyYjZhYjVkZmY3MmFjN2UzNTY4NzhhNzBjNzNiZjVhMTljMTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pYUGYN0YO7vpTDjRg7mnsi5jlVZ
X7XuWDAefM8kJtO9KBc008YcyjuGSIJspvpEQIjNXAVxtWanG2L1jIg2cvrv4JbH
toth/dm9v6ZchRRmzmwNDhduPi91RTkLPyN3Mg0piQu7iD6uXWlkrUL7CeAMEsUg
/Lntvkv3WX9EPzrS6FtNPgm6HpocwkPdK9CoW6aHTrCsy1Pkzrab4hidnWbnRRvQ
Siwcdwng6/fzHequeKdnaPNigk8/iGTmL+jGkgEjeB39MxDa/oHhp/8EgHjLceJp
PXswpcvq6vxTsgZHqNQ07fT3gU7svgd14OypQQPDT/Opq/7JCvhJguqF8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcStqtd/3KsfjVoeKcMc79aGcFFMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvSnhLMnExM19jcXgtTldoNHB3eHp2MW9ad1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBpMA0G
CSqGSIb3DQEBCwUAA4IBAQCEJ8KG5TKD3mi05lwfeGCxmChbEnb/QApkLcKqTTY5
lfvXxJgWukNTc95xLVTJtFGU/EFfL2Ft3HWNqwBEB1lLxn05qPvdpyME4z3AN3Vv
EM1qGiv/lKbqNO/5epuR/TGD9nEpnm7LAPGwSEQCGriBLrYGqw1x9B4coEnI/+12
FUIul/vaJv6e0lOgfRy/Wm2Cfswp3LzVgijS5bz4w88zYA+/TlkzOScZ8rwq/OYI
LapCDTddmBK6ism70uid/iQllxaSGpuEFBDZCVwNI0BX07t79QvvOyYsX6hILGHx
+xuQ0wxaZ8pFsOMimtxGRv6gDBZhQCF0jv6HhPyjGyQJ
-----END CERTIFICATE-----