Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ECT8clfNxElQsbNgWf5MSMBQJBw.roa
File:                     ECT8clfNxElQsbNgWf5MSMBQJBw.roa (raw, json)
Hash identifier:          OHKduQ+nBMz5yKr3Tz8KQLq2T4SUqaXm2BJrDDuQUCc=
Subject key identifier:   10:24:FC:72:57:CD:C4:49:50:B1:B3:60:59:FE:4C:48:C0:50:24:1C
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01950E02DAF22C959019008D5160017F5A96
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ECT8clfNxElQsbNgWf5MSMBQJBw.roa
Signing time:             Sun 16 Feb 2025 09:07:02 +0000
ROA not before:           Sun 16 Feb 2025 09:07:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214858
IP address blocks:        85.133.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:0e:02:da:f2:2c:95:90:19:00:8d:51:60:01:7f:5a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb 16 09:07:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1024fc7257cdc44950b1b36059fe4c48c050241c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7f:57:e6:d7:88:e0:d9:3a:2a:7d:f7:34:8a:
                    c9:65:46:e0:c2:98:fa:b3:e0:dd:a5:6f:2e:88:6d:
                    6f:26:66:7c:6a:d6:22:e4:45:df:6c:3b:f8:ec:a9:
                    af:41:b6:37:a2:a2:a1:a5:e2:a4:ea:f6:37:0a:fe:
                    fe:a6:9e:41:1f:55:3c:90:8e:53:da:e8:52:a4:43:
                    4d:d7:c0:29:93:56:9b:7b:6d:cc:d9:a8:cb:fe:08:
                    b3:3c:8e:7a:aa:0f:15:f2:e6:9e:8c:d0:6e:15:b1:
                    51:38:99:2f:1c:3c:67:57:4a:dd:c9:15:63:60:64:
                    57:f1:34:de:4f:db:cc:e0:c8:d5:4d:d9:5b:cb:d4:
                    82:ae:4a:3f:29:0b:45:61:24:b1:be:d0:32:7f:9c:
                    44:bb:81:a1:32:4e:c3:b5:19:89:f2:33:fe:c4:b5:
                    99:ff:b7:18:b7:3f:b0:43:36:a5:4b:52:3d:7f:de:
                    7d:d6:14:30:bd:bb:58:81:2a:8c:c0:b6:92:8a:d7:
                    63:99:1a:2d:10:ba:85:75:d4:c8:14:91:cb:73:93:
                    b5:fc:f8:9f:bf:6b:a1:13:da:ee:ce:8c:c1:52:80:
                    20:a6:10:81:bc:05:db:bf:a7:70:f3:c8:4f:f7:20:
                    7f:9b:d2:5f:f5:7f:c2:b5:84:a5:9c:b7:e1:4d:fb:
                    5a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:24:FC:72:57:CD:C4:49:50:B1:B3:60:59:FE:4C:48:C0:50:24:1C
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ECT8clfNxElQsbNgWf5MSMBQJBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:1f:5c:da:1b:3c:a4:b4:7c:69:ba:46:0c:4d:a2:b2:13:3e:
         4f:23:2b:da:ef:e3:72:33:49:92:0f:23:38:e7:b2:92:d1:cb:
         e1:9f:32:22:d5:02:19:90:eb:ea:02:d1:04:58:d8:ae:6c:a4:
         7f:53:9c:ce:61:9d:2f:6c:b0:85:28:f5:5a:89:52:0f:16:0f:
         d3:5d:8a:66:af:83:75:45:80:df:87:b4:39:2b:04:92:98:77:
         c9:3a:b0:11:cd:a4:6b:fd:5c:ed:98:17:5f:cf:f3:12:b0:e7:
         b2:79:73:3b:bc:df:f5:5d:79:20:00:e2:45:57:4d:5f:c8:10:
         62:a9:16:c1:30:7f:37:ff:2e:63:fa:f1:b1:a1:0b:6d:8a:14:
         5e:f5:88:dd:16:da:8a:6e:e8:9c:33:91:b5:6d:7c:d6:ad:68:
         88:f0:97:b8:2e:4e:45:aa:57:49:df:34:a1:bd:57:f2:45:f8:
         31:5b:23:56:f1:74:6f:ca:91:48:2f:f8:a6:cb:c1:79:71:96:
         bc:c2:7d:1a:4b:16:a6:e5:cf:e0:2b:dc:59:c5:1a:55:10:36:
         0b:cd:61:83:87:a7:71:b3:5d:3e:60:c0:ae:c9:a6:62:eb:d4:
         2d:95:95:3b:36:bd:b7:0d:0c:fc:7f:ca:67:79:0f:fc:0a:2e:
         4b:1b:19:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUOAtryLJWQGQCNUWABf1qWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwMjE2MDkwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDI0ZmM3MjU3Y2RjNDQ5NTBiMWIzNjA1OWZlNGM0OGMwNTAyNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr39X5teI4Nk6Kn33NIrJZUbgwpj6
s+DdpW8uiG1vJmZ8atYi5EXfbDv47KmvQbY3oqKhpeKk6vY3Cv7+pp5BH1U8kI5T
2uhSpENN18Apk1abe23M2ajL/gizPI56qg8V8uaejNBuFbFROJkvHDxnV0rdyRVj
YGRX8TTeT9vM4MjVTdlby9SCrko/KQtFYSSxvtAyf5xEu4GhMk7DtRmJ8jP+xLWZ
/7cYtz+wQzalS1I9f9591hQwvbtYgSqMwLaSitdjmRotELqFddTIFJHLc5O1/Pif
v2uhE9ruzozBUoAgphCBvAXbv6dw88hP9yB/m9Jf9X/CtYSlnLfhTftaAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAk/HJXzcRJULGzYFn+TEjAUCQcMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvRUNUOGNsZk54RWxRc2JOZ1dmNU1TTUJRSkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXEMA0G
CSqGSIb3DQEBCwUAA4IBAQBDH1zaGzyktHxpukYMTaKyEz5PIyva7+NyM0mSDyM4
57KS0cvhnzIi1QIZkOvqAtEEWNiubKR/U5zOYZ0vbLCFKPVaiVIPFg/TXYpmr4N1
RYDfh7Q5KwSSmHfJOrARzaRr/VztmBdfz/MSsOeyeXM7vN/1XXkgAOJFV01fyBBi
qRbBMH83/y5j+vGxoQttihRe9YjdFtqKbuicM5G1bXzWrWiI8Je4Lk5FqldJ3zSh
vVfyRfgxWyNW8XRvypFIL/imy8F5cZa8wn0aSxam5c/gK9xZxRpVEDYLzWGDh6dx
s10+YMCuyaZi69QtlZU7Nr23DQz8f8pneQ/8Ci5LGxnP
-----END CERTIFICATE-----