Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/JKyBTSK5-GuDEcGR4c8Le5ywkD4.roa
File:                     JKyBTSK5-GuDEcGR4c8Le5ywkD4.roa (raw, json)
Hash identifier:          5du1h1S5yfMIimPn8inErBCuqW1j9KIChDmTG7MDkvw=
Subject key identifier:   24:AC:81:4D:22:B9:F8:6B:83:11:C1:91:E1:CF:0B:7B:9C:B0:90:3E
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0191DF20696621167D87C00B9DBEC83E3FCC
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/JKyBTSK5-GuDEcGR4c8Le5ywkD4.roa
Signing time:             Wed 11 Sep 2024 03:28:48 +0000
ROA not before:           Wed 11 Sep 2024 03:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214526
IP address blocks:        85.133.195.0/24 maxlen: 24
                          85.133.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:df:20:69:66:21:16:7d:87:c0:0b:9d:be:c8:3e:3f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Sep 11 03:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24ac814d22b9f86b8311c191e1cf0b7b9cb0903e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a2:57:8c:7a:2b:6b:4a:8c:fc:04:9e:05:c7:
                    4d:ea:4b:e2:c6:3e:0a:3b:12:b0:f1:e5:92:30:dd:
                    49:f2:e6:0e:b6:81:f1:6e:e1:53:b6:70:76:da:9c:
                    6e:8d:54:1b:26:74:27:75:6b:30:9e:0e:da:6a:45:
                    ca:49:1d:88:ff:fa:3c:08:44:10:9e:ff:ba:26:83:
                    1f:e0:fb:06:54:d7:71:2a:b9:7c:e2:4e:a0:a5:e5:
                    f6:14:df:6c:2d:93:02:63:ca:f6:db:5a:8f:71:2d:
                    ac:13:d8:1c:90:9e:be:cc:e8:42:1c:ed:4f:e2:38:
                    df:ce:ba:47:9e:33:e6:f3:c3:6d:1d:7f:7b:e6:6c:
                    64:9e:f0:dc:e2:b5:75:f2:5f:22:0c:d8:d5:77:da:
                    a5:fc:4f:fd:d7:b7:a6:7b:29:11:cf:e8:e3:42:6d:
                    30:65:83:df:a6:72:c9:2f:99:86:e6:fe:ab:c8:23:
                    09:91:92:a4:c2:79:97:4e:fb:51:34:0b:be:df:2b:
                    91:31:9a:0d:83:dc:35:48:15:fd:6b:de:e6:aa:72:
                    50:24:f1:7a:1c:4c:b3:16:26:ae:8f:34:4a:01:00:
                    c2:d9:06:b4:cc:17:46:73:8f:7d:e0:6f:84:4d:da:
                    2f:36:0a:83:c9:92:1f:79:3f:1f:18:04:fd:1e:f2:
                    7f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:AC:81:4D:22:B9:F8:6B:83:11:C1:91:E1:CF:0B:7B:9C:B0:90:3E
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/JKyBTSK5-GuDEcGR4c8Le5ywkD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.195.0/24
                  85.133.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:bf:55:2e:cb:8c:b1:1e:16:a6:8e:15:c1:2f:c7:71:03:6d:
         27:0e:af:32:c5:2d:7e:a5:58:05:eb:6a:7c:e6:a9:e8:36:59:
         d8:82:1d:5d:67:20:45:53:1f:89:af:9a:1a:ae:de:c3:98:58:
         ee:85:ec:d8:61:eb:06:57:41:f8:d0:0f:6c:5f:12:18:fc:5c:
         44:2f:81:e9:91:8d:2c:59:16:7b:b6:c6:8a:c4:38:86:ee:e9:
         47:ac:d0:67:ae:ba:de:4f:b1:51:6d:d4:0e:4d:bf:ae:34:2e:
         c9:1d:16:97:02:4c:19:f4:9d:d5:c9:04:20:5f:03:21:94:c9:
         37:3e:23:c5:5c:7e:40:2b:e3:fd:e2:cf:6c:ec:28:a5:4b:a7:
         7e:18:23:c9:fb:44:e6:62:c9:6f:71:e8:65:b1:38:5c:48:23:
         eb:e2:5f:5d:71:40:e4:af:ad:96:01:7d:ff:a0:15:43:71:7e:
         29:56:bc:45:96:6b:be:f6:02:03:d8:c6:3b:91:58:56:78:7c:
         66:08:25:eb:01:54:80:25:d8:81:31:9f:64:5f:0a:69:57:8c:
         f7:e4:62:31:25:96:4f:55:74:09:cf:41:ab:16:e6:99:08:2b:
         1b:eb:2e:aa:93:78:cf:cd:54:d7:f5:bd:61:e3:0c:b2:52:d5:
         dd:f1:20:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHfIGlmIRZ9h8ALnb7IPj/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwOTExMDMyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGFjODE0ZDIyYjlmODZiODMxMWMxOTFlMWNmMGI3YjljYjA5MDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqJXjHora0qM/ASeBcdN6kvixj4K
OxKw8eWSMN1J8uYOtoHxbuFTtnB22pxujVQbJnQndWswng7aakXKSR2I//o8CEQQ
nv+6JoMf4PsGVNdxKrl84k6gpeX2FN9sLZMCY8r221qPcS2sE9gckJ6+zOhCHO1P
4jjfzrpHnjPm88NtHX975mxknvDc4rV18l8iDNjVd9ql/E/917emeykRz+jjQm0w
ZYPfpnLJL5mG5v6ryCMJkZKkwnmXTvtRNAu+3yuRMZoNg9w1SBX9a97mqnJQJPF6
HEyzFiaujzRKAQDC2Qa0zBdGc4994G+ETdovNgqDyZIfeT8fGAT9HvJ/6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCSsgU0iufhrgxHBkeHPC3ucsJA+MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvSkt5QlRTSzUtR3VERWNHUjRjOExlNXl3a0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXDAwQA
VYXgMA0GCSqGSIb3DQEBCwUAA4IBAQAIv1Uuy4yxHhamjhXBL8dxA20nDq8yxS1+
pVgF62p85qnoNlnYgh1dZyBFUx+Jr5oart7DmFjuhezYYesGV0H40A9sXxIY/FxE
L4HpkY0sWRZ7tsaKxDiG7ulHrNBnrrreT7FRbdQOTb+uNC7JHRaXAkwZ9J3VyQQg
XwMhlMk3PiPFXH5AK+P94s9s7CilS6d+GCPJ+0TmYslvcehlsThcSCPr4l9dcUDk
r62WAX3/oBVDcX4pVrxFlmu+9gID2MY7kVhWeHxmCCXrAVSAJdiBMZ9kXwppV4z3
5GIxJZZPVXQJz0GrFuaZCCsb6y6qk3jPzVTX9b1h4wyyUtXd8SBm
-----END CERTIFICATE-----