Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8FCifa0qx-19TIoFRqa2OUbqjek.roa
File:                     8FCifa0qx-19TIoFRqa2OUbqjek.roa (raw, json)
Hash identifier:          egf/fsFgjZqCkiTdjnG9zjQUvN5oZKUmnSCjEKXIkw4=
Subject key identifier:   F0:50:A2:7D:AD:2A:C7:ED:7D:4C:8A:05:46:A6:B6:39:46:EA:8D:E9
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0192E16D7C30A04478B82E903C03683DD5E5
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8FCifa0qx-19TIoFRqa2OUbqjek.roa
Signing time:             Thu 31 Oct 2024 07:15:01 +0000
ROA not before:           Thu 31 Oct 2024 07:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213944
IP address blocks:        85.133.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e1:6d:7c:30:a0:44:78:b8:2e:90:3c:03:68:3d:d5:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Oct 31 07:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f050a27dad2ac7ed7d4c8a0546a6b63946ea8de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:05:1c:b6:80:cb:e8:34:bf:7f:13:21:62:83:
                    44:1e:0a:47:ca:10:b6:b8:72:7a:a4:e4:58:bb:74:
                    6a:f5:6f:a5:0d:04:34:e9:61:26:8c:94:6d:72:58:
                    3a:5e:54:7b:e9:04:b6:7a:46:06:10:5b:b7:ec:a3:
                    91:99:3d:4b:7d:48:b8:28:e8:16:d1:1f:ae:d5:61:
                    d8:83:bd:7b:f1:64:7f:cc:19:2a:af:3a:89:8c:ed:
                    0a:cf:27:cf:9f:59:d1:68:be:55:48:0d:25:13:78:
                    ca:5a:fb:f5:0e:61:2a:b8:a8:d7:67:dc:18:7d:8c:
                    36:99:4b:e1:70:8e:53:11:c4:8e:0a:6a:c7:3b:0c:
                    e3:13:16:ad:ad:ff:91:3c:3f:42:2e:cc:ad:ae:6c:
                    61:6c:6f:69:0d:c7:fd:82:43:e7:a4:2d:92:4d:e0:
                    95:3c:f6:0e:c1:a6:de:21:0d:56:ab:23:a6:39:cb:
                    59:3e:f2:7a:13:9a:5d:80:73:62:e3:29:2e:ca:10:
                    9b:ec:ed:d9:c5:a5:5a:95:88:2e:e6:2d:db:89:b5:
                    7c:59:0e:cd:0d:85:25:ee:23:0a:1d:df:dc:ab:ec:
                    ee:19:2d:b8:8d:42:36:01:8e:93:3f:ce:40:d4:ec:
                    99:35:9c:d3:5a:ab:f2:1f:6d:93:7b:fb:9e:59:ee:
                    f8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:50:A2:7D:AD:2A:C7:ED:7D:4C:8A:05:46:A6:B6:39:46:EA:8D:E9
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8FCifa0qx-19TIoFRqa2OUbqjek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ff:fc:eb:e3:d2:d7:90:78:3a:5e:9f:2d:70:48:8c:b4:ab:
         7f:cf:73:bd:9b:01:c9:e8:53:ae:3b:7f:cd:05:ea:1e:d9:88:
         21:6c:6a:de:96:dd:e1:5b:cd:20:1d:24:de:11:35:70:ef:bf:
         d7:c6:ee:39:89:3b:35:6b:fc:b0:59:be:1d:cf:53:42:43:e4:
         c6:e4:33:69:21:ea:c5:a0:d8:0d:c6:40:4b:ee:9c:b6:48:a6:
         a7:05:de:b8:0b:d0:24:b9:5f:31:73:fd:eb:3d:90:6c:45:c3:
         77:76:36:54:9f:71:b7:ca:3f:51:b3:8c:13:a4:4a:73:84:25:
         ec:91:3d:e0:f5:11:f6:63:08:5a:15:16:c4:60:7f:c5:96:51:
         71:91:8f:49:77:49:5a:30:79:dc:f6:22:7d:f4:92:b7:b3:61:
         a1:43:87:99:47:fc:04:be:e9:25:f6:12:79:f8:bf:f6:0a:f9:
         d4:d1:d9:a4:5e:77:74:cf:05:9a:db:de:0d:99:e7:96:fa:61:
         9b:6d:12:56:9a:e0:f7:96:a0:7e:a2:02:b4:62:77:52:90:f9:
         7c:0a:8b:cc:f2:92:c9:7f:0f:a2:a9:b2:7a:e9:d6:bf:fb:66:
         64:f5:1f:cd:52:8b:cf:43:8c:5f:c3:58:8e:f8:8c:32:79:b6:
         bb:5f:8e:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLhbXwwoER4uC6QPANoPdXlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQxMDMxMDcxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDUwYTI3ZGFkMmFjN2VkN2Q0YzhhMDU0NmE2YjYzOTQ2ZWE4ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AUctoDL6DS/fxMhYoNEHgpHyhC2
uHJ6pORYu3Rq9W+lDQQ06WEmjJRtclg6XlR76QS2ekYGEFu37KORmT1LfUi4KOgW
0R+u1WHYg7178WR/zBkqrzqJjO0KzyfPn1nRaL5VSA0lE3jKWvv1DmEquKjXZ9wY
fYw2mUvhcI5TEcSOCmrHOwzjExatrf+RPD9CLsytrmxhbG9pDcf9gkPnpC2STeCV
PPYOwabeIQ1WqyOmOctZPvJ6E5pdgHNi4ykuyhCb7O3ZxaValYgu5i3bibV8WQ7N
DYUl7iMKHd/cq+zuGS24jUI2AY6TP85A1OyZNZzTWqvyH22Te/ueWe74/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBQon2tKsftfUyKBUamtjlG6o3pMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvOEZDaWZhMHF4LTE5VElvRlJxYTJPVWJxamVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXeMA0G
CSqGSIb3DQEBCwUAA4IBAQAC//zr49LXkHg6Xp8tcEiMtKt/z3O9mwHJ6FOuO3/N
Beoe2YghbGrelt3hW80gHSTeETVw77/Xxu45iTs1a/ywWb4dz1NCQ+TG5DNpIerF
oNgNxkBL7py2SKanBd64C9AkuV8xc/3rPZBsRcN3djZUn3G3yj9Rs4wTpEpzhCXs
kT3g9RH2YwhaFRbEYH/FllFxkY9Jd0laMHnc9iJ99JK3s2GhQ4eZR/wEvukl9hJ5
+L/2CvnU0dmkXnd0zwWa294NmeeW+mGbbRJWmuD3lqB+ogK0YndSkPl8CovM8pLJ
fw+iqbJ66da/+2Zk9R/NUovPQ4xfw1iO+Iwyeba7X462
-----END CERTIFICATE-----