Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8oZQljHboB5tDkCsb1jHOPu4DkE.roa
File:                     8oZQljHboB5tDkCsb1jHOPu4DkE.roa (raw, json)
Hash identifier:          TIPtYD04Bx78lV0oERL/2Jh8TGHunPtntuUyg9NOiZk=
Subject key identifier:   F2:86:50:96:31:DB:A0:1E:6D:0E:40:AC:6F:58:C7:38:FB:B8:0E:41
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019238D66B1019D5F68E1D91E04EAA28E078
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8oZQljHboB5tDkCsb1jHOPu4DkE.roa
Signing time:             Sat 28 Sep 2024 13:33:49 +0000
ROA not before:           Sat 28 Sep 2024 13:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209638
IP address blocks:        85.133.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:38:d6:6b:10:19:d5:f6:8e:1d:91:e0:4e:aa:28:e0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Sep 28 13:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f286509631dba01e6d0e40ac6f58c738fbb80e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:af:df:d0:25:a2:ee:98:2a:b6:25:6f:59:e9:
                    c6:4b:fd:d5:c3:9f:0f:a9:92:09:b3:31:95:33:a4:
                    19:42:f3:b9:28:1a:4e:f9:4b:00:f1:1b:46:da:1d:
                    0e:cb:0f:99:1f:d1:6f:d2:5b:96:2a:ca:c9:01:24:
                    0b:22:41:c2:3c:db:ea:48:c2:d8:3f:b6:a3:4e:37:
                    ff:e2:60:11:28:f2:fd:84:d5:b0:6e:74:b9:01:2a:
                    7b:07:3e:aa:fe:49:74:d5:dd:5a:6d:95:a6:bf:dd:
                    14:9f:d9:f9:7a:de:cd:00:04:2a:63:d0:dc:a4:52:
                    bc:c7:6f:c4:56:c5:2e:ae:01:55:e6:b2:29:ba:62:
                    f4:92:67:29:81:0f:ab:4c:dd:04:ae:c9:df:3c:90:
                    d4:f8:20:10:c1:01:e0:2c:a5:bc:39:72:1f:36:c8:
                    92:5d:e4:00:ee:b0:a3:7b:e6:ef:d4:16:ac:f8:b2:
                    43:c8:5d:46:f6:50:9c:d6:ed:62:93:ea:e7:52:2d:
                    48:b7:69:a1:ad:61:4d:5a:e8:8d:54:62:00:77:75:
                    2e:6e:d2:85:56:c1:9a:45:88:82:f7:c7:19:0c:cf:
                    33:e9:01:53:67:fe:69:dd:16:67:0c:54:8d:d2:15:
                    0d:3d:c3:e5:7a:47:85:6a:03:cf:ae:fb:61:66:c1:
                    93:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:86:50:96:31:DB:A0:1E:6D:0E:40:AC:6F:58:C7:38:FB:B8:0E:41
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/8oZQljHboB5tDkCsb1jHOPu4DkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:65:45:75:48:2e:ba:86:55:4b:79:55:f2:8f:47:d9:96:df:
         2b:10:a6:77:33:cf:82:03:24:02:34:ba:13:34:c3:0a:af:42:
         ff:77:55:2b:c4:56:2b:70:cf:8d:c7:3b:d0:88:cb:fa:b2:46:
         cb:54:35:3d:87:ff:25:a6:c5:75:fd:cf:ab:c9:27:76:6b:6c:
         82:fb:5c:24:c0:87:66:8f:8e:fb:75:d0:e9:12:d1:18:c5:f5:
         f3:b5:75:c2:00:6c:55:fa:2b:fc:7f:97:eb:00:25:0c:c3:d5:
         71:c6:98:b2:aa:bf:d2:32:07:6a:cc:43:43:e1:ef:5c:43:f4:
         87:72:0b:6c:02:76:06:17:d7:e9:03:83:5d:f9:29:9d:eb:dc:
         de:a0:4f:18:0d:fe:f9:98:35:93:3d:7e:60:0f:09:2d:96:88:
         74:cd:16:74:38:bb:4f:75:70:ce:f9:84:a0:17:6f:40:f9:0f:
         68:49:41:a6:2a:3f:55:16:b4:09:bf:92:09:73:41:89:0c:d4:
         6e:7f:c6:e6:ca:f5:af:c6:09:72:80:a5:19:7b:13:ba:79:63:
         a7:95:ac:fc:c0:c1:7e:7c:c6:27:09:3a:c3:4f:53:73:8d:8a:
         6e:ac:36:f7:8b:3e:69:58:46:4b:0d:c2:91:a9:7b:cd:6a:71:
         a1:78:c0:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI41msQGdX2jh2R4E6qKOB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwOTI4MTMzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjg2NTA5NjMxZGJhMDFlNmQwZTQwYWM2ZjU4YzczOGZiYjgwZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6/f0CWi7pgqtiVvWenGS/3Vw58P
qZIJszGVM6QZQvO5KBpO+UsA8RtG2h0Oyw+ZH9Fv0luWKsrJASQLIkHCPNvqSMLY
P7ajTjf/4mARKPL9hNWwbnS5ASp7Bz6q/kl01d1abZWmv90Un9n5et7NAAQqY9Dc
pFK8x2/EVsUurgFV5rIpumL0kmcpgQ+rTN0ErsnfPJDU+CAQwQHgLKW8OXIfNsiS
XeQA7rCje+bv1Bas+LJDyF1G9lCc1u1ik+rnUi1It2mhrWFNWuiNVGIAd3UubtKF
VsGaRYiC98cZDM8z6QFTZ/5p3RZnDFSN0hUNPcPlekeFagPPrvthZsGT5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKGUJYx26AebQ5ArG9Yxzj7uA5BMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvOG9aUWxqSGJvQjV0RGtDc2IxakhPUHU0RGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXHMA0G
CSqGSIb3DQEBCwUAA4IBAQAMZUV1SC66hlVLeVXyj0fZlt8rEKZ3M8+CAyQCNLoT
NMMKr0L/d1UrxFYrcM+NxzvQiMv6skbLVDU9h/8lpsV1/c+rySd2a2yC+1wkwIdm
j477ddDpEtEYxfXztXXCAGxV+iv8f5frACUMw9Vxxpiyqr/SMgdqzEND4e9cQ/SH
cgtsAnYGF9fpA4Nd+Smd69zeoE8YDf75mDWTPX5gDwktloh0zRZ0OLtPdXDO+YSg
F29A+Q9oSUGmKj9VFrQJv5IJc0GJDNRuf8bmyvWvxglygKUZexO6eWOnlaz8wMF+
fMYnCTrDT1NzjYpurDb3iz5pWEZLDcKRqXvNanGheMCK
-----END CERTIFICATE-----