Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/L1nx6g959I4u5e_n7rqsUK0vG74.roa
File:                     L1nx6g959I4u5e_n7rqsUK0vG74.roa (raw, json)
Hash identifier:          X8LU286M1DCtu5IfhCO2jJJ+1Cy+WsVLYYIMMfE/G4I=
Subject key identifier:   2F:59:F1:EA:0F:79:F4:8E:2E:E5:EF:E7:EE:BA:AC:50:AD:2F:1B:BE
Certificate issuer:       /CN=23c02af4f58f11320af3196946e1fce9d050c906
Certificate serial:       0194258F75FC42FCDB4E24C9ADF8AB4164AB
Authority key identifier: 23:C0:2A:F4:F5:8F:11:32:0A:F3:19:69:46:E1:FC:E9:D0:50:C9:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I8Aq9PWPETIK8xlpRuH86dBQyQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/L1nx6g959I4u5e_n7rqsUK0vG74.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199229
IP address blocks:        185.85.144.0/22 maxlen: 22
                          2a05:ae80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I8Aq9PWPETIK8xlpRuH86dBQyQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:75:fc:42:fc:db:4e:24:c9:ad:f8:ab:41:64:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23c02af4f58f11320af3196946e1fce9d050c906
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f59f1ea0f79f48e2ee5efe7eebaac50ad2f1bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0a:29:91:a3:47:6f:7c:33:c3:52:c8:c4:12:
                    85:a4:4d:f1:84:d0:24:87:0f:15:9a:ed:0a:ff:d0:
                    b7:30:1a:96:4c:95:b9:a8:02:f8:14:ab:06:ee:cc:
                    b2:0e:b0:e9:d6:e2:ba:bf:31:48:eb:4f:c7:a3:55:
                    62:8d:81:8e:74:61:5c:c8:e1:dd:81:f5:3e:6d:96:
                    7a:a3:c8:f7:3c:e1:b7:06:60:6d:f5:ab:84:fc:1f:
                    ed:76:0d:32:9d:71:7a:b7:e9:58:09:a5:fa:2d:c4:
                    13:59:eb:45:be:39:2f:88:84:03:ee:5d:e2:97:c5:
                    e7:7d:b7:45:b9:00:91:43:21:2f:64:b9:fb:df:0f:
                    aa:da:6c:17:0c:96:bf:48:a3:56:31:41:14:fc:21:
                    2e:ef:bc:c8:db:3e:d8:8d:8e:d5:51:67:b5:a3:75:
                    63:5b:fd:35:a7:00:99:79:ce:95:50:46:fb:81:c9:
                    b1:38:a8:b1:38:42:7a:7c:70:ba:c1:e9:e0:09:b4:
                    0c:bd:2c:43:3d:e7:2a:0d:04:3e:5f:7d:71:ad:3d:
                    a0:00:b3:03:ad:ac:c7:5f:72:08:a2:23:b3:16:fd:
                    b7:4c:d5:08:f9:85:06:59:00:84:8c:91:f4:c7:16:
                    22:99:05:82:76:87:14:36:79:28:0b:cd:2f:7a:d2:
                    9e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:59:F1:EA:0F:79:F4:8E:2E:E5:EF:E7:EE:BA:AC:50:AD:2F:1B:BE
            X509v3 Authority Key Identifier:
                keyid:23:C0:2A:F4:F5:8F:11:32:0A:F3:19:69:46:E1:FC:E9:D0:50:C9:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I8Aq9PWPETIK8xlpRuH86dBQyQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/L1nx6g959I4u5e_n7rqsUK0vG74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/81068c-aed7-4127-88e4-62cb8aca9618/1/I8Aq9PWPETIK8xlpRuH86dBQyQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.144.0/22
                IPv6:
                  2a05:ae80::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:eb:0b:3b:6e:04:36:58:45:01:f6:8c:71:60:10:ea:6c:17:
         bd:8d:a8:d0:66:39:b3:e8:75:96:34:7e:8c:17:ee:15:54:2f:
         ba:47:d3:24:b1:51:24:65:f1:2f:ef:1d:42:be:97:a9:66:89:
         b2:8f:a3:e3:55:3d:45:81:35:82:0b:2b:f6:86:2c:2d:bc:03:
         8b:25:3e:f3:95:d0:33:ac:85:b4:89:f4:6e:5c:67:76:d9:f4:
         bb:e3:77:4f:83:b5:2f:e6:92:6f:5f:79:90:ea:b8:21:0b:0f:
         fc:38:e8:a9:dc:4c:c4:bd:a8:06:58:7a:6f:18:e7:9c:0a:5c:
         50:3c:d5:c4:0f:db:d1:4f:65:af:1c:0a:1c:d7:4e:a3:87:f7:
         e2:02:4e:51:91:27:04:3a:f3:55:68:92:0b:3a:c3:f0:a1:75:
         7c:da:22:34:6a:23:41:2e:6c:71:3e:87:d0:cd:81:fe:1a:a5:
         1e:e1:4c:df:7e:d9:ee:13:f0:98:10:78:77:c9:29:dc:1d:a4:
         71:f6:f7:16:a0:30:4e:b5:5d:68:02:be:2c:b6:aa:16:c2:0b:
         31:61:53:a4:15:84:55:b5:eb:a1:0c:a5:a3:81:47:95:c7:9d:
         93:50:be:42:f0:1b:df:a5:6b:c9:d4:61:d8:82:e7:a8:69:77:
         c1:5b:83:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj3X8QvzbTiTJrfirQWSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYzAyYWY0ZjU4ZjExMzIwYWYzMTk2OTQ2ZTFmY2U5ZDA1
MGM5MDYwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjU5ZjFlYTBmNzlmNDhlMmVlNWVmZTdlZWJhYWM1MGFkMmYxYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gopkaNHb3wzw1LIxBKFpE3xhNAk
hw8Vmu0K/9C3MBqWTJW5qAL4FKsG7syyDrDp1uK6vzFI60/Ho1VijYGOdGFcyOHd
gfU+bZZ6o8j3POG3BmBt9auE/B/tdg0ynXF6t+lYCaX6LcQTWetFvjkviIQD7l3i
l8XnfbdFuQCRQyEvZLn73w+q2mwXDJa/SKNWMUEU/CEu77zI2z7YjY7VUWe1o3Vj
W/01pwCZec6VUEb7gcmxOKixOEJ6fHC6wengCbQMvSxDPecqDQQ+X31xrT2gALMD
razHX3IIoiOzFv23TNUI+YUGWQCEjJH0xxYimQWCdocUNnkoC80vetKeawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC9Z8eoPefSOLuXv5+66rFCtLxu+MB8GA1UdIwQY
MBaAFCPAKvT1jxEyCvMZaUbh/OnQUMkGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSThBcTlQV1BFVElLOHhscFJ1SDg2ZEJReVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84MTA2OGMtYWVkNy00MTI3LTg4ZTQt
NjJjYjhhY2E5NjE4LzEvTDFueDZnOTU5STR1NWVfbjdycXNVSzB2Rzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84MTA2OGMtYWVkNy00MTI3LTg4ZTQtNjJjYjhhY2E5NjE4
LzEvSThBcTlQV1BFVElLOHhscFJ1SDg2ZEJReVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVWQMA0E
AgACMAcDBQMqBa6AMA0GCSqGSIb3DQEBCwUAA4IBAQCQ6ws7bgQ2WEUB9oxxYBDq
bBe9jajQZjmz6HWWNH6MF+4VVC+6R9MksVEkZfEv7x1CvpepZomyj6PjVT1FgTWC
Cyv2hiwtvAOLJT7zldAzrIW0ifRuXGd22fS743dPg7Uv5pJvX3mQ6rghCw/8OOip
3EzEvagGWHpvGOecClxQPNXED9vRT2WvHAoc106jh/fiAk5RkScEOvNVaJILOsPw
oXV82iI0aiNBLmxxPofQzYH+GqUe4UzfftnuE/CYEHh3ySncHaRx9vcWoDBOtV1o
Ar4stqoWwgsxYVOkFYRVteuhDKWjgUeVx52TUL5C8BvfpWvJ1GHYgueoaXfBW4NI
-----END CERTIFICATE-----