Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/E9ukHrpLhE5ebzzKVL3f_y2vweo.roa
File:                     E9ukHrpLhE5ebzzKVL3f_y2vweo.roa (raw, json)
Hash identifier:          uHIsPegw7Wl3cM3bXFKI52OURZm5qT38kJwCAZV58xM=
Subject key identifier:   13:DB:A4:1E:BA:4B:84:4E:5E:6F:3C:CA:54:BD:DF:FF:2D:AF:C1:EA
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0191454C77409E6581FD5A6CC3CD69321B75
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/E9ukHrpLhE5ebzzKVL3f_y2vweo.roa
Signing time:             Mon 12 Aug 2024 06:35:24 +0000
ROA not before:           Mon 12 Aug 2024 06:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200436
IP address blocks:        85.133.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:4c:77:40:9e:65:81:fd:5a:6c:c3:cd:69:32:1b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Aug 12 06:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13dba41eba4b844e5e6f3cca54bddfff2dafc1ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:44:33:21:94:fb:6f:56:46:be:1a:f7:f0:f7:
                    53:ab:f6:43:81:41:21:bd:54:28:06:83:e6:39:f4:
                    ef:e4:76:b0:d9:62:a2:9d:e4:68:61:55:0e:7d:a8:
                    4a:4e:9e:b9:aa:62:ce:ad:3a:82:d9:e5:38:81:bd:
                    2d:80:34:99:a0:b5:35:58:02:58:2e:9a:4b:0d:f0:
                    a8:6c:84:bb:c2:8b:ef:fc:0d:ab:83:3c:ac:4e:8c:
                    da:36:1a:85:dc:d5:7c:12:97:2d:b7:29:d2:c9:74:
                    f4:67:e6:53:c9:bd:c4:44:f3:ab:4b:9b:a0:4e:df:
                    67:5d:68:be:ad:a7:66:54:aa:bd:96:3c:8c:b8:9c:
                    80:39:35:a4:2c:9d:f3:77:69:04:c2:62:93:44:7a:
                    56:27:9f:fd:da:39:44:95:a8:93:66:e6:d9:2e:70:
                    cb:9a:ce:ea:22:59:9f:a6:38:6a:e0:ab:33:98:4a:
                    6b:71:30:44:75:04:b0:33:39:a6:fe:8e:2a:96:51:
                    17:36:25:84:c3:36:63:90:34:e6:b1:29:51:43:57:
                    5a:3b:6e:a8:b6:5e:9d:e0:ab:03:b4:73:e5:4f:9a:
                    cb:61:f7:e2:ed:4c:ba:38:35:19:c5:c4:e0:eb:84:
                    3e:fd:8d:8d:1b:50:f8:bb:14:69:64:f0:c6:59:78:
                    ce:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:DB:A4:1E:BA:4B:84:4E:5E:6F:3C:CA:54:BD:DF:FF:2D:AF:C1:EA
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/E9ukHrpLhE5ebzzKVL3f_y2vweo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c7:68:af:65:99:bb:76:e7:1f:dd:65:46:8e:de:95:43:6b:
         64:77:9a:57:57:53:bb:bd:44:27:87:e9:41:de:d5:b9:2c:61:
         0a:2b:06:3b:f0:54:57:59:b0:09:ee:03:d0:49:6b:dc:74:d0:
         e3:5f:c7:49:fd:85:04:06:43:1b:54:2e:e8:1d:65:d8:98:3e:
         f7:ef:da:15:5f:a2:9f:37:d2:2c:78:e1:9b:9d:90:b1:75:76:
         88:68:92:b9:b4:cb:65:c9:86:2c:46:9e:8f:1a:17:26:1f:a8:
         e7:b5:70:45:0c:47:4c:c7:d0:8d:09:39:cc:fe:20:91:b0:e3:
         dd:77:5c:80:79:d5:5c:40:87:b3:81:3e:56:10:e3:88:af:42:
         2f:50:5c:7f:2f:b0:92:63:8b:59:5f:d2:e2:da:9d:e3:91:95:
         f5:8e:a3:40:e9:bf:a4:e4:37:2e:00:e2:93:16:01:37:20:18:
         8f:17:19:15:f4:33:10:04:88:d6:9a:a9:16:85:a7:de:e3:18:
         3c:8b:f4:0b:2a:39:b6:d0:3e:06:60:ac:e6:cf:7a:88:22:44:
         cc:be:2f:d4:d8:71:bc:41:4f:8f:1d:90:2a:6d:9b:8f:3c:42:
         69:78:77:4b:00:01:60:19:a5:c0:50:ad:88:d7:17:95:ea:93:
         41:c6:ea:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFFTHdAnmWB/Vpsw81pMht1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwODEyMDYzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2RiYTQxZWJhNGI4NDRlNWU2ZjNjY2E1NGJkZGZmZjJkYWZjMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0QzIZT7b1ZGvhr38PdTq/ZDgUEh
vVQoBoPmOfTv5Haw2WKineRoYVUOfahKTp65qmLOrTqC2eU4gb0tgDSZoLU1WAJY
LppLDfCobIS7wovv/A2rgzysTozaNhqF3NV8EpcttynSyXT0Z+ZTyb3ERPOrS5ug
Tt9nXWi+radmVKq9ljyMuJyAOTWkLJ3zd2kEwmKTRHpWJ5/92jlElaiTZubZLnDL
ms7qIlmfpjhq4KszmEprcTBEdQSwMzmm/o4qllEXNiWEwzZjkDTmsSlRQ1daO26o
tl6d4KsDtHPlT5rLYffi7Uy6ODUZxcTg64Q+/Y2NG1D4uxRpZPDGWXjOkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPbpB66S4ROXm88ylS93/8tr8HqMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvRTl1a0hycExoRTVlYnp6S1ZMM2ZfeTJ2d2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXNMA0G
CSqGSIb3DQEBCwUAA4IBAQBJx2ivZZm7ducf3WVGjt6VQ2tkd5pXV1O7vUQnh+lB
3tW5LGEKKwY78FRXWbAJ7gPQSWvcdNDjX8dJ/YUEBkMbVC7oHWXYmD7379oVX6Kf
N9IseOGbnZCxdXaIaJK5tMtlyYYsRp6PGhcmH6jntXBFDEdMx9CNCTnM/iCRsOPd
d1yAedVcQIezgT5WEOOIr0IvUFx/L7CSY4tZX9Li2p3jkZX1jqNA6b+k5DcuAOKT
FgE3IBiPFxkV9DMQBIjWmqkWhafe4xg8i/QLKjm20D4GYKzmz3qIIkTMvi/U2HG8
QU+PHZAqbZuPPEJpeHdLAAFgGaXAUK2I1xeV6pNBxuo8
-----END CERTIFICATE-----