Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/df3a15-2e49-4d8e-855a-1c2758651efa/1/foDU7Clw2KLrV9JWfG1I9w_ZHZA.roa
File:                     foDU7Clw2KLrV9JWfG1I9w_ZHZA.roa (raw, json)
Hash identifier:          orFqcHmUANejTrXnfsYZ5Pg0X1LwuOFCzjCW+txtEas=
Subject key identifier:   7E:80:D4:EC:29:70:D8:A2:EB:57:D2:56:7C:6D:48:F7:0F:D9:1D:90
Certificate issuer:       /CN=971c78b305fb49cbd4005d4427c1f62c6a455a68
Certificate serial:       018CC8DE520A1F2364EDB4CFB7F1BA47C1B9
Authority key identifier: 97:1C:78:B3:05:FB:49:CB:D4:00:5D:44:27:C1:F6:2C:6A:45:5A:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxx4swX7ScvUAF1EJ8H2LGpFWmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/df3a15-2e49-4d8e-855a-1c2758651efa/1/foDU7Clw2KLrV9JWfG1I9w_ZHZA.roa
Signing time:             Tue 02 Jan 2024 06:31:02 +0000
ROA not before:           Tue 02 Jan 2024 06:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51405
IP address blocks:        85.208.4.0/22 maxlen: 24
                          2a09:8840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/df3a15-2e49-4d8e-855a-1c2758651efa/1/lxx4swX7ScvUAF1EJ8H2LGpFWmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/df3a15-2e49-4d8e-855a-1c2758651efa/1/lxx4swX7ScvUAF1EJ8H2LGpFWmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxx4swX7ScvUAF1EJ8H2LGpFWmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:52:0a:1f:23:64:ed:b4:cf:b7:f1:ba:47:c1:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971c78b305fb49cbd4005d4427c1f62c6a455a68
        Validity
            Not Before: Jan  2 06:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e80d4ec2970d8a2eb57d2567c6d48f70fd91d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:58:0d:39:78:04:5a:71:a8:8f:ae:49:50:db:
                    a5:8c:be:18:c5:0d:11:6e:d4:ed:1c:4c:1a:fb:75:
                    3a:00:e9:ee:0f:9c:89:9f:67:b5:91:3a:8c:da:05:
                    99:36:f8:73:a1:7f:9c:14:86:65:07:26:2f:11:51:
                    48:99:d4:cf:b5:d6:0b:2b:e7:28:3b:58:bf:b4:c1:
                    58:2b:5b:e7:63:db:8e:fc:ad:a8:da:f5:c7:20:e8:
                    b9:43:34:f3:cd:7e:0d:d9:ed:21:70:c1:9e:18:d5:
                    68:a8:76:a6:ec:56:c7:12:27:d5:53:6e:46:39:00:
                    5d:c0:99:8b:4f:e6:fa:3b:a7:c4:95:34:23:e7:b1:
                    0c:75:e8:69:00:8f:67:59:d8:69:41:26:be:55:35:
                    d2:72:f5:4e:b6:2d:68:7f:91:8f:14:36:39:cd:d1:
                    9b:8d:be:3a:90:8d:0a:51:e4:b7:44:db:8f:3e:7d:
                    2f:e5:51:71:fc:5f:2e:bc:c3:e3:a7:18:db:41:a4:
                    bf:bd:a6:3c:c3:80:c2:1e:fa:13:80:f5:be:34:b1:
                    fd:76:bd:c6:0a:a6:93:04:42:95:9a:51:45:c5:0a:
                    a3:7e:cc:ad:54:18:5c:85:3b:0b:ef:f5:c6:00:6b:
                    1a:33:9d:f3:6a:36:50:8c:16:09:11:60:d8:03:c4:
                    74:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:80:D4:EC:29:70:D8:A2:EB:57:D2:56:7C:6D:48:F7:0F:D9:1D:90
            X509v3 Authority Key Identifier:
                keyid:97:1C:78:B3:05:FB:49:CB:D4:00:5D:44:27:C1:F6:2C:6A:45:5A:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxx4swX7ScvUAF1EJ8H2LGpFWmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/df3a15-2e49-4d8e-855a-1c2758651efa/1/foDU7Clw2KLrV9JWfG1I9w_ZHZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/df3a15-2e49-4d8e-855a-1c2758651efa/1/lxx4swX7ScvUAF1EJ8H2LGpFWmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.4.0/22
                IPv6:
                  2a09:8840::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:2e:85:26:f6:d5:db:8b:1c:a0:c8:ba:b9:d9:7d:a7:d0:51:
         b0:a0:dd:50:91:53:33:0c:d6:5d:3e:7d:94:4f:bd:4f:e4:e9:
         88:eb:ea:4f:1b:8d:56:1c:00:07:a2:16:c6:9b:82:fc:04:7a:
         e2:d3:ad:e5:5a:59:90:15:78:21:f1:ea:2b:52:c4:57:06:c4:
         6b:cd:58:6e:0a:81:df:b6:5d:aa:0d:59:34:e6:96:3d:75:6e:
         06:40:5d:16:05:68:18:fa:58:29:87:73:92:3a:a0:e4:ed:f5:
         96:c0:aa:3f:f9:a6:36:b6:ea:65:4c:ad:d5:e8:47:23:bf:1c:
         3c:32:ad:58:b9:53:69:50:17:0a:cd:3f:7d:40:9f:18:28:48:
         22:6c:dd:93:77:c3:f3:21:44:37:a4:1a:4f:1a:b9:b1:ca:69:
         d4:1c:8a:6e:be:5e:ae:99:a6:92:22:c5:db:fd:ea:1b:02:ee:
         91:09:e3:3f:fc:34:47:85:89:03:cf:3d:1e:1f:68:b6:4f:51:
         7d:bb:cd:33:97:8d:63:9a:f1:a8:7b:cc:32:42:c1:3e:d6:8a:
         1d:8f:70:74:32:f9:ee:81:85:bc:29:83:30:b2:80:fc:d7:ca:
         56:0c:08:ba:29:35:33:65:d0:4a:8c:f7:ea:a7:f7:8d:6d:b7:
         8d:ad:20:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3lIKHyNk7bTPt/G6R8G5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWM3OGIzMDVmYjQ5Y2JkNDAwNWQ0NDI3YzFmNjJjNmE0
NTVhNjgwHhcNMjQwMTAyMDYzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTgwZDRlYzI5NzBkOGEyZWI1N2QyNTY3YzZkNDhmNzBmZDkxZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1gNOXgEWnGoj65JUNuljL4YxQ0R
btTtHEwa+3U6AOnuD5yJn2e1kTqM2gWZNvhzoX+cFIZlByYvEVFImdTPtdYLK+co
O1i/tMFYK1vnY9uO/K2o2vXHIOi5QzTzzX4N2e0hcMGeGNVoqHam7FbHEifVU25G
OQBdwJmLT+b6O6fElTQj57EMdehpAI9nWdhpQSa+VTXScvVOti1of5GPFDY5zdGb
jb46kI0KUeS3RNuPPn0v5VFx/F8uvMPjpxjbQaS/vaY8w4DCHvoTgPW+NLH9dr3G
CqaTBEKVmlFFxQqjfsytVBhchTsL7/XGAGsaM53zajZQjBYJEWDYA8R0QwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH6A1OwpcNii61fSVnxtSPcP2R2QMB8GA1UdIwQY
MBaAFJcceLMF+0nL1ABdRCfB9ixqRVpoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHh4NHN3WDdTY3ZVQUYxRUo4SDJMR3BGV21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9kZjNhMTUtMmU0OS00ZDhlLTg1NWEt
MWMyNzU4NjUxZWZhLzEvZm9EVTdDbHcyS0xyVjlKV2ZHMUk5d19aSFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9kZjNhMTUtMmU0OS00ZDhlLTg1NWEtMWMyNzU4NjUxZWZh
LzEvbHh4NHN3WDdTY3ZVQUYxRUo4SDJMR3BGV21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdAEMA0E
AgACMAcDBQMqCYhAMA0GCSqGSIb3DQEBCwUAA4IBAQBDLoUm9tXbixygyLq52X2n
0FGwoN1QkVMzDNZdPn2UT71P5OmI6+pPG41WHAAHohbGm4L8BHri063lWlmQFXgh
8eorUsRXBsRrzVhuCoHftl2qDVk05pY9dW4GQF0WBWgY+lgph3OSOqDk7fWWwKo/
+aY2tuplTK3V6Ecjvxw8Mq1YuVNpUBcKzT99QJ8YKEgibN2Td8PzIUQ3pBpPGrmx
ymnUHIpuvl6umaaSIsXb/eobAu6RCeM//DRHhYkDzz0eH2i2T1F9u80zl41jmvGo
e8wyQsE+1oodj3B0MvnugYW8KYMwsoD818pWDAi6KTUzZdBKjPfqp/eNbbeNrSD0
-----END CERTIFICATE-----