Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cdaaea-6118-490e-84f5-967f2e506548/1/mEHPfDbqX4-VVROOELQqvWMqVl8.roa
File:                     mEHPfDbqX4-VVROOELQqvWMqVl8.roa (raw, json)
Hash identifier:          Gd0gjJGXdjtHisCT7nNdOQk09yLpbDqSLlG6hfXZeH8=
Subject key identifier:   98:41:CF:7C:36:EA:5F:8F:95:55:13:8E:10:B4:2A:BD:63:2A:56:5F
Certificate issuer:       /CN=bbf43e173f782f01c33b33693985bd3c08d4d054
Certificate serial:       018CC94D778AF6DB30990D11DF8727F87D52
Authority key identifier: BB:F4:3E:17:3F:78:2F:01:C3:3B:33:69:39:85:BD:3C:08:D4:D0:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_Q-Fz94LwHDOzNpOYW9PAjU0FQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cdaaea-6118-490e-84f5-967f2e506548/1/mEHPfDbqX4-VVROOELQqvWMqVl8.roa
Signing time:             Tue 02 Jan 2024 08:32:26 +0000
ROA not before:           Tue 02 Jan 2024 08:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42205
IP address blocks:        185.33.82.0/23 maxlen: 23
                          80.85.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cdaaea-6118-490e-84f5-967f2e506548/1/u_Q-Fz94LwHDOzNpOYW9PAjU0FQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cdaaea-6118-490e-84f5-967f2e506548/1/u_Q-Fz94LwHDOzNpOYW9PAjU0FQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_Q-Fz94LwHDOzNpOYW9PAjU0FQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:77:8a:f6:db:30:99:0d:11:df:87:27:f8:7d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf43e173f782f01c33b33693985bd3c08d4d054
        Validity
            Not Before: Jan  2 08:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9841cf7c36ea5f8f9555138e10b42abd632a565f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3a:7d:1a:ab:23:d3:f9:1a:2c:c4:f0:3a:35:
                    3c:bc:5e:f3:40:8f:1d:55:be:bc:9a:ef:82:82:fd:
                    0b:46:d7:6f:30:c0:e9:b3:22:f2:c3:90:60:7b:4a:
                    4e:19:a2:71:3d:78:ec:46:e9:c5:aa:a8:36:ed:70:
                    67:7a:6c:79:81:59:98:95:da:26:4a:3d:47:84:c4:
                    65:3e:90:54:17:5d:fc:20:4c:8f:17:55:01:34:7d:
                    5a:e0:95:c9:85:79:f6:d4:1e:85:97:e9:7d:ac:a5:
                    54:ba:d0:2a:3d:ba:ab:94:e4:22:60:f7:f5:6f:b8:
                    c9:3a:13:a0:77:2d:6d:d1:29:30:8d:af:dc:47:1d:
                    90:67:e6:d6:24:63:5b:6f:cf:28:8a:af:e8:59:38:
                    24:eb:29:d0:01:71:01:e0:d0:e9:1b:c6:c3:0b:ea:
                    ec:47:93:07:fc:bb:37:13:31:bf:43:21:4c:3b:2e:
                    a8:0c:00:f1:57:1c:ae:c5:1d:a1:14:47:32:2e:d1:
                    aa:8d:ee:e3:41:df:21:60:11:05:eb:04:40:b9:6b:
                    02:65:b9:8f:3f:64:52:6e:21:f7:e9:e7:77:e8:83:
                    46:48:57:f3:99:7c:32:91:ec:cf:89:92:09:44:c4:
                    43:41:22:18:c8:3b:85:29:ba:e5:38:d8:32:f0:0a:
                    14:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:41:CF:7C:36:EA:5F:8F:95:55:13:8E:10:B4:2A:BD:63:2A:56:5F
            X509v3 Authority Key Identifier:
                keyid:BB:F4:3E:17:3F:78:2F:01:C3:3B:33:69:39:85:BD:3C:08:D4:D0:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_Q-Fz94LwHDOzNpOYW9PAjU0FQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cdaaea-6118-490e-84f5-967f2e506548/1/mEHPfDbqX4-VVROOELQqvWMqVl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cdaaea-6118-490e-84f5-967f2e506548/1/u_Q-Fz94LwHDOzNpOYW9PAjU0FQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.56.0/21
                  185.33.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:38:c7:11:da:50:54:92:21:7b:fd:6d:2b:f2:f5:88:45:a9:
         80:fc:88:d9:35:2e:64:33:65:49:61:d7:1b:45:3f:43:af:f5:
         15:52:1f:69:93:5e:12:f0:e0:b1:12:24:db:f9:3f:2a:8c:fe:
         0d:42:f6:e8:82:bc:19:05:df:82:1f:33:21:a7:43:17:ec:32:
         7c:6f:26:b6:de:75:2a:44:fa:61:3b:7f:98:50:c5:90:4d:0e:
         2d:90:29:26:86:bc:d8:56:fb:3f:fc:a8:22:7c:fa:82:c9:b0:
         25:e2:16:3e:04:a4:38:a9:aa:6b:b5:c7:f2:f2:7a:d3:07:c0:
         14:f1:ee:df:1e:13:c4:09:41:a7:2a:ac:42:c0:5a:5e:5f:49:
         fe:d2:09:5d:5e:97:61:0a:2a:28:4b:61:d0:a8:26:29:37:30:
         23:5e:24:49:c7:88:91:25:c5:73:be:e3:aa:f0:71:3e:4d:0c:
         2e:b0:5b:f0:8e:8f:03:91:48:f3:05:31:24:ff:5c:6f:cf:96:
         bf:b6:29:5f:90:43:54:ee:a4:96:df:5c:3e:69:b2:98:3f:25:
         06:2f:7e:33:df:fe:29:6f:5a:29:b4:e4:6f:6a:6a:b2:b6:9d:
         92:cd:ae:af:56:48:bc:6d:88:af:84:ab:a0:2b:0b:b2:2d:32:
         0a:5b:20:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTXeK9tswmQ0R34cn+H1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjQzZTE3M2Y3ODJmMDFjMzNiMzM2OTM5ODViZDNjMDhk
NGQwNTQwHhcNMjQwMTAyMDgzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQxY2Y3YzM2ZWE1ZjhmOTU1NTEzOGUxMGI0MmFiZDYzMmE1NjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTp9Gqsj0/kaLMTwOjU8vF7zQI8d
Vb68mu+Cgv0LRtdvMMDpsyLyw5Bge0pOGaJxPXjsRunFqqg27XBnemx5gVmYldom
Sj1HhMRlPpBUF138IEyPF1UBNH1a4JXJhXn21B6Fl+l9rKVUutAqPbqrlOQiYPf1
b7jJOhOgdy1t0Skwja/cRx2QZ+bWJGNbb88oiq/oWTgk6ynQAXEB4NDpG8bDC+rs
R5MH/Ls3EzG/QyFMOy6oDADxVxyuxR2hFEcyLtGqje7jQd8hYBEF6wRAuWsCZbmP
P2RSbiH36ed36INGSFfzmXwykezPiZIJRMRDQSIYyDuFKbrlONgy8AoUIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhBz3w26l+PlVUTjhC0Kr1jKlZfMB8GA1UdIwQY
MBaAFLv0Phc/eC8BwzszaTmFvTwI1NBUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9RLUZ6OTRMd0hET3pOcE9ZVzlQQWpVMEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZGFhZWEtNjExOC00OTBlLTg0ZjUt
OTY3ZjJlNTA2NTQ4LzEvbUVIUGZEYnFYNC1WVlJPT0VMUXF2V01xVmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZGFhZWEtNjExOC00OTBlLTg0ZjUtOTY3ZjJlNTA2NTQ4
LzEvdV9RLUZ6OTRMd0hET3pOcE9ZVzlQQWpVMEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUFU4AwQB
uSFSMA0GCSqGSIb3DQEBCwUAA4IBAQBZOMcR2lBUkiF7/W0r8vWIRamA/IjZNS5k
M2VJYdcbRT9Dr/UVUh9pk14S8OCxEiTb+T8qjP4NQvbogrwZBd+CHzMhp0MX7DJ8
bya23nUqRPphO3+YUMWQTQ4tkCkmhrzYVvs//KgifPqCybAl4hY+BKQ4qaprtcfy
8nrTB8AU8e7fHhPECUGnKqxCwFpeX0n+0gldXpdhCiooS2HQqCYpNzAjXiRJx4iR
JcVzvuOq8HE+TQwusFvwjo8DkUjzBTEk/1xvz5a/tilfkENU7qSW31w+abKYPyUG
L34z3/4pb1optORvamqytp2Sza6vVki8bYivhKugKwuyLTIKWyC0
-----END CERTIFICATE-----