Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/AfmM6BSF-yWbAME9Eh8OxafI1c8.roa
File:                     AfmM6BSF-yWbAME9Eh8OxafI1c8.roa (raw, json)
Hash identifier:          1rId5EWt8PUb0fBQwfssuVMZiqJNb5EHeNZBnEgcbRI=
Subject key identifier:   01:F9:8C:E8:14:85:FB:25:9B:00:C1:3D:12:1F:0E:C5:A7:C8:D5:CF
Certificate issuer:       /CN=ed5902bdfbd74c33ea76453d145e76f6aa857c41
Certificate serial:       018CC26CF4A6CA8E8AA389FDE080DF81109D
Authority key identifier: ED:59:02:BD:FB:D7:4C:33:EA:76:45:3D:14:5E:76:F6:AA:85:7C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7VkCvfvXTDPqdkU9FF529qqFfEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/AfmM6BSF-yWbAME9Eh8OxafI1c8.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47658
IP address blocks:        85.116.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/7VkCvfvXTDPqdkU9FF529qqFfEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/7VkCvfvXTDPqdkU9FF529qqFfEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7VkCvfvXTDPqdkU9FF529qqFfEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:a6:ca:8e:8a:a3:89:fd:e0:80:df:81:10:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed5902bdfbd74c33ea76453d145e76f6aa857c41
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f98ce81485fb259b00c13d121f0ec5a7c8d5cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e4:b6:16:24:6e:d4:61:54:0b:da:2a:c2:ba:
                    28:5a:97:a6:3c:7c:48:93:1c:f7:b2:87:6a:57:f4:
                    e1:44:9f:79:61:4b:44:d3:49:33:d4:ce:17:b9:4e:
                    1b:de:af:b1:fe:35:56:62:06:33:96:83:aa:53:ee:
                    5f:41:49:4d:0a:8e:a6:5e:0e:67:ba:15:19:40:34:
                    de:d5:45:9b:83:e0:1d:c6:34:5e:46:4a:0c:c7:ec:
                    13:cd:89:2b:9b:9d:26:5a:c7:ae:f2:d2:2b:42:2d:
                    39:5b:84:21:18:fe:c4:4a:51:3c:b9:10:7a:08:e8:
                    e0:5d:fb:7e:18:7e:7e:7a:5f:75:ba:60:db:bc:03:
                    90:9f:aa:3c:19:bf:7b:35:89:32:2b:66:5a:9e:6a:
                    fa:9a:63:ed:f3:94:de:03:5c:c8:1c:ec:5e:2d:c6:
                    57:63:6e:0f:8f:7c:17:0e:3b:da:51:17:2e:27:6c:
                    e4:37:1a:ed:0b:59:a3:93:55:c5:92:ac:83:32:c7:
                    59:74:12:a3:d2:43:6c:17:d0:18:d4:ff:39:9e:0b:
                    6f:cb:e1:6e:90:fc:4d:5b:c9:5b:ec:08:9e:19:fe:
                    a3:18:32:13:d9:85:78:2c:2b:77:d9:c0:a0:db:f5:
                    e8:4d:06:bc:39:a3:22:61:09:99:ac:24:3a:79:a0:
                    4f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F9:8C:E8:14:85:FB:25:9B:00:C1:3D:12:1F:0E:C5:A7:C8:D5:CF
            X509v3 Authority Key Identifier:
                keyid:ED:59:02:BD:FB:D7:4C:33:EA:76:45:3D:14:5E:76:F6:AA:85:7C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7VkCvfvXTDPqdkU9FF529qqFfEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/AfmM6BSF-yWbAME9Eh8OxafI1c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4301c9-c0ee-4040-a742-50336f5d340e/1/7VkCvfvXTDPqdkU9FF529qqFfEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b7:af:36:25:96:87:9f:bd:19:0d:eb:17:d9:c7:a4:50:1d:
         20:a5:49:bd:0e:8b:eb:23:e1:3e:4a:7c:04:ee:f3:ec:ca:13:
         cc:2c:f4:64:55:3a:1a:23:ab:b7:4f:e4:7e:50:a5:1e:a6:fd:
         f7:e4:56:4d:08:8d:a8:11:56:98:c6:f9:03:b8:70:dc:6e:b1:
         3e:c9:a4:83:46:46:17:96:63:33:4c:7c:a8:2b:6d:77:c8:da:
         a9:5b:bf:d4:54:2d:bc:41:1a:b9:56:c6:a5:2b:29:70:2d:f4:
         6a:28:7f:b6:39:70:b2:30:e6:72:26:40:6c:38:5b:64:c0:3c:
         48:8a:18:8c:99:a2:9a:32:b7:65:e5:42:30:ad:09:9f:d7:9e:
         58:9d:f2:6d:75:3d:62:46:84:18:0e:00:71:30:87:64:b2:26:
         7c:ec:ec:fe:f7:04:55:7e:34:cb:cc:a9:b9:80:dd:b2:12:73:
         9c:25:39:03:f8:42:86:2e:60:26:53:46:d8:34:8b:35:1f:c3:
         10:04:56:4e:b8:6e:36:48:86:a5:4b:29:2d:82:e2:4b:63:09:
         5e:47:70:18:55:c4:d8:5d:46:45:43:bb:52:46:36:dc:f6:77:
         10:bc:96:e4:78:e9:ea:3a:7f:a6:28:b8:aa:1c:30:78:ad:0e:
         81:b4:01:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPSmyo6Ko4n94IDfgRCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNTkwMmJkZmJkNzRjMzNlYTc2NDUzZDE0NWU3NmY2YWE4
NTdjNDEwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWY5OGNlODE0ODVmYjI1OWIwMGMxM2QxMjFmMGVjNWE3YzhkNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeS2FiRu1GFUC9oqwrooWpemPHxI
kxz3sodqV/ThRJ95YUtE00kz1M4XuU4b3q+x/jVWYgYzloOqU+5fQUlNCo6mXg5n
uhUZQDTe1UWbg+AdxjReRkoMx+wTzYkrm50mWseu8tIrQi05W4QhGP7ESlE8uRB6
COjgXft+GH5+el91umDbvAOQn6o8Gb97NYkyK2Zanmr6mmPt85TeA1zIHOxeLcZX
Y24Pj3wXDjvaURcuJ2zkNxrtC1mjk1XFkqyDMsdZdBKj0kNsF9AY1P85ngtvy+Fu
kPxNW8lb7AieGf6jGDIT2YV4LCt32cCg2/XoTQa8OaMiYQmZrCQ6eaBPbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAH5jOgUhfslmwDBPRIfDsWnyNXPMB8GA1UdIwQY
MBaAFO1ZAr3710wz6nZFPRRedvaqhXxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1ZrQ3ZmdlhURFBxZGtVOUZGNTI5cXFGZkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi80MzAxYzktYzBlZS00MDQwLWE3NDIt
NTAzMzZmNWQzNDBlLzEvQWZtTTZCU0YteVdiQU1FOUVoOE94YWZJMWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi80MzAxYzktYzBlZS00MDQwLWE3NDItNTAzMzZmNWQzNDBl
LzEvN1ZrQ3ZmdlhURFBxZGtVOUZGNTI5cXFGZkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXQoMA0G
CSqGSIb3DQEBCwUAA4IBAQB8t682JZaHn70ZDesX2cekUB0gpUm9DovrI+E+SnwE
7vPsyhPMLPRkVToaI6u3T+R+UKUepv335FZNCI2oEVaYxvkDuHDcbrE+yaSDRkYX
lmMzTHyoK213yNqpW7/UVC28QRq5VsalKylwLfRqKH+2OXCyMOZyJkBsOFtkwDxI
ihiMmaKaMrdl5UIwrQmf155YnfJtdT1iRoQYDgBxMIdksiZ87Oz+9wRVfjTLzKm5
gN2yEnOcJTkD+EKGLmAmU0bYNIs1H8MQBFZOuG42SIalSyktguJLYwleR3AYVcTY
XUZFQ7tSRjbc9ncQvJbkeOnqOn+mKLiqHDB4rQ6BtAGR
-----END CERTIFICATE-----