Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c787a2-d28c-436d-85e9-5ceb34564f09/1/n_V0LNvT45t5qdxdXKMFZMoyXdw.roa
File:                     n_V0LNvT45t5qdxdXKMFZMoyXdw.roa (raw, json)
Hash identifier:          vK3fajOPfl9dakp+m+sRBrF5usJrm06pk6r2MI6I2Hc=
Subject key identifier:   9F:F5:74:2C:DB:D3:E3:9B:79:A9:DC:5D:5C:A3:05:64:CA:32:5D:DC
Certificate issuer:       /CN=d41b081c0df9940a2b020a4ebe8a9749cbfead55
Certificate serial:       019348A679A4F204B0CAC2255CDD8F34D736
Authority key identifier: D4:1B:08:1C:0D:F9:94:0A:2B:02:0A:4E:BE:8A:97:49:CB:FE:AD:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BsIHA35lAorAgpOvoqXScv-rVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c787a2-d28c-436d-85e9-5ceb34564f09/1/n_V0LNvT45t5qdxdXKMFZMoyXdw.roa
Signing time:             Wed 20 Nov 2024 08:18:09 +0000
ROA not before:           Wed 20 Nov 2024 08:18:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216450
IP address blocks:        85.239.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/c787a2-d28c-436d-85e9-5ceb34564f09/1/1BsIHA35lAorAgpOvoqXScv-rVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/c787a2-d28c-436d-85e9-5ceb34564f09/1/1BsIHA35lAorAgpOvoqXScv-rVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BsIHA35lAorAgpOvoqXScv-rVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:48:a6:79:a4:f2:04:b0:ca:c2:25:5c:dd:8f:34:d7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d41b081c0df9940a2b020a4ebe8a9749cbfead55
        Validity
            Not Before: Nov 20 08:18:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ff5742cdbd3e39b79a9dc5d5ca30564ca325ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:20:e5:33:b8:ea:ac:b2:e0:3d:24:45:25:29:
                    eb:ca:62:c7:21:0b:6c:ac:ff:ce:00:75:dc:94:4f:
                    98:43:91:f1:87:79:4d:b8:5f:f7:91:9e:f6:55:23:
                    35:e8:d7:ed:77:8f:90:fd:c9:e1:82:a2:f9:4b:1d:
                    8d:3c:4a:05:8b:28:cc:7f:86:21:1a:b6:99:23:3f:
                    eb:d9:41:1f:55:0e:5c:f1:23:5a:df:7e:31:e4:40:
                    d9:05:e9:4b:6c:bc:eb:be:35:2c:44:7b:36:83:5f:
                    3f:c3:0a:3a:9b:e9:6c:f1:99:65:a7:9d:0c:5e:b0:
                    a5:cb:27:3a:5e:21:c9:ea:27:5d:3c:c3:8f:55:3b:
                    11:c9:31:7a:7b:a6:79:ef:fc:dd:cc:73:aa:ad:ce:
                    f5:5e:a6:fa:51:96:b1:4f:70:3b:84:d8:9b:b2:f0:
                    f0:60:3f:1e:8c:1a:24:d7:23:79:99:91:f3:9d:6f:
                    40:1f:db:a8:6a:f0:a2:ff:66:00:a8:23:80:1f:4b:
                    29:85:0f:df:16:24:10:94:33:42:dc:bb:00:48:da:
                    32:28:7c:50:8d:ca:c7:57:84:4a:1f:c4:54:8c:2d:
                    db:25:fa:44:f0:5a:4e:54:96:5b:aa:6c:22:26:96:
                    40:24:ec:40:6b:d8:51:48:98:01:c8:ce:c6:67:d9:
                    12:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F5:74:2C:DB:D3:E3:9B:79:A9:DC:5D:5C:A3:05:64:CA:32:5D:DC
            X509v3 Authority Key Identifier:
                keyid:D4:1B:08:1C:0D:F9:94:0A:2B:02:0A:4E:BE:8A:97:49:CB:FE:AD:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BsIHA35lAorAgpOvoqXScv-rVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c787a2-d28c-436d-85e9-5ceb34564f09/1/n_V0LNvT45t5qdxdXKMFZMoyXdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c787a2-d28c-436d-85e9-5ceb34564f09/1/1BsIHA35lAorAgpOvoqXScv-rVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:a8:a3:a5:ea:47:73:01:7b:db:e1:e9:80:51:88:90:b0:cc:
         03:2f:7e:16:24:d5:99:a5:78:21:f6:b4:bf:35:ad:56:83:75:
         34:a0:a8:aa:fd:2b:d8:2b:8e:99:0b:0e:f9:17:c7:34:da:82:
         d5:84:ab:e2:b5:df:76:9f:7a:15:e7:dc:f7:2d:1f:b7:35:41:
         e7:22:c1:23:59:0e:1e:40:b8:63:fb:9f:ce:93:e7:ec:8a:3b:
         0f:af:4c:e4:ef:17:85:e1:de:c6:bf:72:77:88:78:07:80:b6:
         54:5c:c8:4c:46:4c:d6:c6:98:be:2d:91:a6:ad:1b:e6:9a:c8:
         b1:53:48:b7:5b:53:58:a5:75:8e:ad:46:57:97:c5:6f:8a:22:
         b8:5c:df:8a:a7:a8:fb:57:ad:26:52:78:53:8f:65:2e:12:a4:
         6c:f9:d9:6b:0c:56:27:a3:8a:f8:fa:13:6f:f7:e7:a4:14:02:
         76:54:38:41:74:3d:8f:c2:09:4c:84:89:30:fb:93:65:41:63:
         c3:f6:57:d0:b8:5c:25:7d:e9:ed:c6:2e:32:ac:2b:e6:a0:e2:
         8b:56:12:94:92:cc:4b:cf:ad:c3:72:cc:fb:0c:af:2c:8d:57:
         e8:62:dc:7d:32:af:7a:8a:3f:cf:83:b1:81:30:19:ad:91:d3:
         97:10:c2:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNIpnmk8gSwysIlXN2PNNc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MWIwODFjMGRmOTk0MGEyYjAyMGE0ZWJlOGE5NzQ5Y2Jm
ZWFkNTUwHhcNMjQxMTIwMDgxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmY1NzQyY2RiZDNlMzliNzlhOWRjNWQ1Y2EzMDU2NGNhMzI1ZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CDlM7jqrLLgPSRFJSnrymLHIQts
rP/OAHXclE+YQ5Hxh3lNuF/3kZ72VSM16Nftd4+Q/cnhgqL5Sx2NPEoFiyjMf4Yh
GraZIz/r2UEfVQ5c8SNa334x5EDZBelLbLzrvjUsRHs2g18/wwo6m+ls8Zllp50M
XrClyyc6XiHJ6iddPMOPVTsRyTF6e6Z57/zdzHOqrc71Xqb6UZaxT3A7hNibsvDw
YD8ejBok1yN5mZHznW9AH9uoavCi/2YAqCOAH0sphQ/fFiQQlDNC3LsASNoyKHxQ
jcrHV4RKH8RUjC3bJfpE8FpOVJZbqmwiJpZAJOxAa9hRSJgByM7GZ9kSBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/1dCzb0+ObeancXVyjBWTKMl3cMB8GA1UdIwQY
MBaAFNQbCBwN+ZQKKwIKTr6Kl0nL/q1VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJzSUhBMzVsQW9yQWdwT3ZvcVhTY3YtclZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jNzg3YTItZDI4Yy00MzZkLTg1ZTkt
NWNlYjM0NTY0ZjA5LzEvbl9WMExOdlQ0NXQ1cWR4ZFhLTUZaTW95WGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jNzg3YTItZDI4Yy00MzZkLTg1ZTktNWNlYjM0NTY0ZjA5
LzEvMUJzSUhBMzVsQW9yQWdwT3ZvcVhTY3YtclZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe9cMA0G
CSqGSIb3DQEBCwUAA4IBAQBDqKOl6kdzAXvb4emAUYiQsMwDL34WJNWZpXgh9rS/
Na1Wg3U0oKiq/SvYK46ZCw75F8c02oLVhKvitd92n3oV59z3LR+3NUHnIsEjWQ4e
QLhj+5/Ok+fsijsPr0zk7xeF4d7Gv3J3iHgHgLZUXMhMRkzWxpi+LZGmrRvmmsix
U0i3W1NYpXWOrUZXl8VviiK4XN+Kp6j7V60mUnhTj2UuEqRs+dlrDFYno4r4+hNv
9+ekFAJ2VDhBdD2PwglMhIkw+5NlQWPD9lfQuFwlfentxi4yrCvmoOKLVhKUksxL
z63Dcsz7DK8sjVfoYtx9Mq96ij/Pg7GBMBmtkdOXEMJO
-----END CERTIFICATE-----