Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/q4W4R39oVDcSRR5MWA-eZrOybEw.roa
File:                     q4W4R39oVDcSRR5MWA-eZrOybEw.roa (raw, json)
Hash identifier:          jEOG0tI2nOd3Y6E02scIxq/iOfKnAzDuSPjPlqsYKB0=
Subject key identifier:   AB:85:B8:47:7F:68:54:37:12:45:1E:4C:58:0F:9E:66:B3:B2:6C:4C
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       018CC348E48C0C5310FA1FA6963F6070F02A
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/q4W4R39oVDcSRR5MWA-eZrOybEw.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        89.185.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e4:8c:0c:53:10:fa:1f:a6:96:3f:60:70:f0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab85b8477f68543712451e4c580f9e66b3b26c4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0b:5d:71:95:af:77:e6:41:7f:69:5a:0e:7f:
                    01:c9:b1:3c:30:7b:f4:b1:03:10:80:33:b5:fc:50:
                    a0:d8:fe:ec:c1:28:ac:a0:a1:f0:21:5b:fc:88:40:
                    c1:a1:3a:6c:f0:8d:87:85:3e:5d:c7:53:ca:8e:a3:
                    e8:ee:ea:48:49:d7:bc:32:b7:1a:3d:70:a8:27:af:
                    7a:c2:7c:fb:1b:17:1b:17:28:1d:7d:61:77:c1:6e:
                    fa:40:43:23:18:e1:cb:be:17:8d:3b:b6:6f:f2:ed:
                    69:bf:a2:ed:3b:e1:33:27:57:7f:4f:a8:34:3b:c8:
                    89:ee:92:84:15:c8:b1:a0:90:dc:6c:bf:41:be:af:
                    73:85:87:2c:0a:59:60:81:b3:27:ea:64:c5:b6:5a:
                    f4:f0:e9:fa:04:ca:65:3d:48:db:af:19:50:87:b3:
                    8b:15:43:6f:0e:17:64:82:db:d0:9a:e6:87:e1:77:
                    ff:5a:47:83:3b:06:ed:b3:13:79:e3:03:61:d1:aa:
                    d9:c2:0a:b2:31:bd:a8:63:fa:89:bb:27:81:40:b1:
                    e6:a9:59:b5:d7:d6:48:3b:fa:0e:c2:c1:ce:63:cb:
                    22:84:c0:6c:7b:4f:fd:a8:92:d5:3c:65:09:0a:bf:
                    75:14:71:5b:df:eb:c0:ce:21:90:1a:47:0a:c0:f5:
                    33:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:85:B8:47:7F:68:54:37:12:45:1E:4C:58:0F:9E:66:B3:B2:6C:4C
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/q4W4R39oVDcSRR5MWA-eZrOybEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:08:2b:70:42:26:ad:52:4c:2e:83:18:5c:83:d4:c8:41:fd:
         99:66:c7:bf:49:dc:0e:bd:ec:27:4c:4b:fc:52:80:3c:fa:ba:
         0e:45:f1:06:c0:4e:23:61:4b:e5:13:6f:0d:ca:63:74:5b:46:
         93:9c:da:34:95:e2:c7:93:b4:a8:97:5f:f0:39:e7:d9:47:0a:
         ab:fb:43:32:f4:dc:a4:03:fc:9e:7a:84:69:5c:8c:92:00:6b:
         22:88:48:1a:61:7a:08:50:82:2e:0c:b4:c8:41:e0:13:22:f9:
         cc:93:14:19:4e:4f:f6:e7:99:bb:a9:5c:20:05:4a:68:ca:3b:
         8d:ec:e6:8c:e7:ca:c8:24:b8:ea:97:15:74:62:c7:04:13:f1:
         3f:8e:58:6d:eb:ea:4e:fc:23:11:db:cb:40:c1:12:a3:fe:1f:
         a7:66:9d:42:b8:af:72:87:7e:ec:ab:a6:81:75:ca:90:f6:e1:
         72:00:bb:c3:c3:d9:2f:43:b3:88:b3:bf:4c:17:2b:93:78:80:
         e4:83:16:47:31:4d:c1:94:5b:46:88:71:32:2a:55:95:93:4a:
         12:e7:d5:d3:2d:34:7b:f6:31:c5:0f:57:47:b9:a2:e2:de:f4:
         b5:32:95:04:f4:5b:f2:d4:e3:e3:f5:1b:8f:28:44:1f:8d:fd:
         d2:ac:7c:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOSMDFMQ+h+mlj9gcPAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjg1Yjg0NzdmNjg1NDM3MTI0NTFlNGM1ODBmOWU2NmIzYjI2YzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogtdcZWvd+ZBf2laDn8BybE8MHv0
sQMQgDO1/FCg2P7swSisoKHwIVv8iEDBoTps8I2HhT5dx1PKjqPo7upISde8Mrca
PXCoJ696wnz7GxcbFygdfWF3wW76QEMjGOHLvheNO7Zv8u1pv6LtO+EzJ1d/T6g0
O8iJ7pKEFcixoJDcbL9Bvq9zhYcsCllggbMn6mTFtlr08On6BMplPUjbrxlQh7OL
FUNvDhdkgtvQmuaH4Xf/WkeDOwbtsxN54wNh0arZwgqyMb2oY/qJuyeBQLHmqVm1
19ZIO/oOwsHOY8sihMBse0/9qJLVPGUJCr91FHFb3+vAziGQGkcKwPUzlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuFuEd/aFQ3EkUeTFgPnmazsmxMMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvcTRXNFIzOW9WRGNTUlI1TVdBLWVack95YkV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWblVMA0G
CSqGSIb3DQEBCwUAA4IBAQCICCtwQiatUkwugxhcg9TIQf2ZZse/SdwOvewnTEv8
UoA8+roORfEGwE4jYUvlE28NymN0W0aTnNo0leLHk7Sol1/wOefZRwqr+0My9Nyk
A/yeeoRpXIySAGsiiEgaYXoIUIIuDLTIQeATIvnMkxQZTk/255m7qVwgBUpoyjuN
7OaM58rIJLjqlxV0YscEE/E/jlht6+pO/CMR28tAwRKj/h+nZp1CuK9yh37sq6aB
dcqQ9uFyALvDw9kvQ7OIs79MFyuTeIDkgxZHMU3BlFtGiHEyKlWVk0oS59XTLTR7
9jHFD1dHuaLi3vS1MpUE9Fvy1OPj9RuPKEQfjf3SrHw7
-----END CERTIFICATE-----