Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/D01TNb4YzuAHOEVWiM6MC9gqFy4.roa
File:                     D01TNb4YzuAHOEVWiM6MC9gqFy4.roa (raw, json)
Hash identifier:          biie+YL5zG1oYpgToQfdmhEQf1L0LX3ZUWt1DV6uIsI=
Subject key identifier:   0F:4D:53:35:BE:18:CE:E0:07:38:45:56:88:CE:8C:0B:D8:2A:17:2E
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018EC28F43ECAC322DA2DC5240639D21C6AB
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/D01TNb4YzuAHOEVWiM6MC9gqFy4.roa
Signing time:             Tue 09 Apr 2024 11:12:32 +0000
ROA not before:           Tue 09 Apr 2024 11:12:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51431
IP address blocks:        85.133.146.0/24 maxlen: 24
                          185.41.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:8f:43:ec:ac:32:2d:a2:dc:52:40:63:9d:21:c6:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Apr  9 11:12:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f4d5335be18cee00738455688ce8c0bd82a172e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1b:12:87:66:71:e2:f8:0a:21:6a:a1:d4:19:
                    73:b4:74:f1:45:69:f7:17:c8:a9:55:48:bc:b5:af:
                    14:ed:ee:d8:7c:9f:a9:26:0c:c8:7b:e1:f2:93:a0:
                    58:ed:02:aa:c1:aa:85:85:5b:31:ea:66:53:4e:b2:
                    63:d4:a8:46:e0:0e:c7:de:88:89:a5:5b:5f:53:ac:
                    82:9a:d1:04:81:7e:dc:ef:1d:92:79:bf:d1:12:ed:
                    fb:35:64:64:23:1d:5d:de:d0:e0:2b:1e:fc:1d:d3:
                    dd:ae:db:88:29:a7:71:23:18:32:55:25:3a:f1:8e:
                    6b:8d:5f:4a:cf:9d:07:5f:6f:0d:04:ac:02:f5:74:
                    ab:5e:9f:25:13:7f:14:b2:7c:11:21:f0:2e:8c:1f:
                    45:6a:29:47:e9:91:60:83:dc:b4:83:ec:fc:b0:a1:
                    51:11:14:17:72:71:70:3d:f9:04:4d:a2:32:85:f0:
                    a8:f7:fd:8c:e5:1d:fa:40:a9:02:46:72:eb:63:2b:
                    4f:2e:99:45:b8:90:d8:e2:a6:cc:14:d0:d9:cd:5d:
                    11:11:41:4e:a7:0c:c1:0c:96:92:02:db:6c:12:39:
                    e2:9f:6c:f1:9c:87:2d:a6:1a:df:07:94:03:18:94:
                    49:d4:57:d9:70:f0:31:56:b0:1d:22:44:63:34:ff:
                    92:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:4D:53:35:BE:18:CE:E0:07:38:45:56:88:CE:8C:0B:D8:2A:17:2E
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/D01TNb4YzuAHOEVWiM6MC9gqFy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.146.0/24
                  185.41.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:11:e8:e8:45:1a:22:35:d1:a4:b8:4b:bf:44:6b:c7:f7:e2:
         20:8b:2b:b2:49:49:3c:99:1e:96:e0:51:2f:5b:5d:c5:cb:8c:
         56:8a:76:fa:2f:64:69:93:25:45:f2:be:1c:41:b1:1c:56:7c:
         64:67:ee:d3:89:ff:8c:e0:51:06:87:ec:20:80:7a:2a:89:77:
         48:ec:7f:b7:2d:70:a2:da:dd:92:36:8b:28:29:f1:27:bb:82:
         80:32:00:7b:72:64:8e:e9:ee:5c:1a:3d:62:85:23:fb:af:b4:
         5a:3d:14:c2:cc:fa:c0:0c:3c:7b:55:48:0e:7a:fb:64:bd:db:
         77:0f:16:81:39:ad:2b:25:f5:42:35:29:f6:05:50:b4:ef:b2:
         9b:35:8d:b0:41:fe:aa:88:6e:2a:45:35:c2:60:22:51:be:f5:
         12:ee:e6:c1:83:87:91:07:87:04:86:50:b1:db:9d:0a:92:62:
         1d:44:b1:7b:b0:fe:d8:be:80:1f:76:aa:f5:25:d0:ca:ac:d2:
         9c:65:2a:4e:d2:07:47:92:db:d4:95:6a:7a:e0:72:4b:e7:c9:
         ce:db:24:74:a6:f8:34:46:bf:47:7e:a9:91:bd:c7:3b:9f:07:
         06:fe:a6:d4:df:51:60:bd:34:d2:ab:6d:b1:aa:ff:4b:d5:be:
         b9:60:a7:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7Cj0PsrDItotxSQGOdIcarMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwNDA5MTExMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjRkNTMzNWJlMThjZWUwMDczODQ1NTY4OGNlOGMwYmQ4MmExNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxsSh2Zx4vgKIWqh1BlztHTxRWn3
F8ipVUi8ta8U7e7YfJ+pJgzIe+Hyk6BY7QKqwaqFhVsx6mZTTrJj1KhG4A7H3oiJ
pVtfU6yCmtEEgX7c7x2Seb/REu37NWRkIx1d3tDgKx78HdPdrtuIKadxIxgyVSU6
8Y5rjV9Kz50HX28NBKwC9XSrXp8lE38UsnwRIfAujB9FailH6ZFgg9y0g+z8sKFR
ERQXcnFwPfkETaIyhfCo9/2M5R36QKkCRnLrYytPLplFuJDY4qbMFNDZzV0REUFO
pwzBDJaSAttsEjnin2zxnIctphrfB5QDGJRJ1FfZcPAxVrAdIkRjNP+SowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA9NUzW+GM7gBzhFVojOjAvYKhcuMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvRDAxVE5iNFl6dUFIT0VWV2lNNk1DOWdxRnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYWSAwQA
uSkAMA0GCSqGSIb3DQEBCwUAA4IBAQBEEejoRRoiNdGkuEu/RGvH9+IgiyuySUk8
mR6W4FEvW13Fy4xWinb6L2RpkyVF8r4cQbEcVnxkZ+7Tif+M4FEGh+wggHoqiXdI
7H+3LXCi2t2SNosoKfEnu4KAMgB7cmSO6e5cGj1ihSP7r7RaPRTCzPrADDx7VUgO
evtkvdt3DxaBOa0rJfVCNSn2BVC077KbNY2wQf6qiG4qRTXCYCJRvvUS7ubBg4eR
B4cEhlCx250KkmIdRLF7sP7YvoAfdqr1JdDKrNKcZSpO0gdHktvUlWp64HJL58nO
2yR0pvg0Rr9HfqmRvcc7nwcG/qbU31FgvTTSq22xqv9L1b65YKek
-----END CERTIFICATE-----