Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/JkeoBb9tCl-9WXx8A-JOk6_N9W4.roa
File:                     JkeoBb9tCl-9WXx8A-JOk6_N9W4.roa (raw, json)
Hash identifier:          LybXb+3noBfPr2Ok4h4+UOuTUknaFsvz0Q6a5CbF/zg=
Subject key identifier:   26:47:A8:05:BF:6D:0A:5F:BD:59:7C:7C:03:E2:4E:93:AF:CD:F5:6E
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018D750AC466169B671DAD2341CE9E27CF2E
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/JkeoBb9tCl-9WXx8A-JOk6_N9W4.roa
Signing time:             Sun 04 Feb 2024 16:54:16 +0000
ROA not before:           Sun 04 Feb 2024 16:54:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209638
IP address blocks:        85.133.199.0/24 maxlen: 24
                          85.133.221.0/24 maxlen: 24
                          85.133.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:75:0a:c4:66:16:9b:67:1d:ad:23:41:ce:9e:27:cf:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb  4 16:54:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2647a805bf6d0a5fbd597c7c03e24e93afcdf56e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:45:f6:ce:d2:10:00:c3:e0:28:ec:55:f8:15:
                    64:1d:4f:b1:d9:23:27:c2:0d:03:29:21:d8:66:d8:
                    38:86:1a:5f:ea:35:2c:a1:9e:1f:ed:41:61:8d:19:
                    d5:3c:10:2d:c7:f7:b1:80:ea:3e:4a:3f:58:5e:39:
                    d6:3b:d9:da:16:83:84:2c:7e:19:b2:48:51:47:69:
                    84:93:06:94:b5:6e:34:f3:af:79:7a:63:c0:0d:12:
                    34:39:c5:7e:17:7b:eb:3e:79:fa:b5:d9:dc:18:fe:
                    e2:fc:f3:72:ee:6e:d9:3e:d3:b1:71:5e:59:34:e9:
                    27:7c:16:79:cc:a3:27:1b:4b:3a:3d:bc:88:9d:41:
                    bb:47:21:57:b5:0e:cf:3f:d7:88:6b:5e:e6:2a:f4:
                    35:03:88:77:cc:0c:ab:ec:55:bc:25:d6:04:29:53:
                    80:ee:d1:3a:59:d4:0f:6b:3c:74:2f:bc:60:1f:73:
                    d9:3a:cc:17:98:ef:a0:b2:42:79:40:18:31:69:dc:
                    7f:28:69:f0:1d:00:29:39:c5:95:6d:14:c9:8c:1c:
                    ce:2c:45:43:03:b6:58:ca:cd:64:d2:4f:35:75:e2:
                    59:2a:86:32:8d:cf:62:8d:27:0c:ce:24:2e:a1:cd:
                    37:33:df:7c:04:2d:a3:d1:bc:ef:df:d7:97:a8:87:
                    95:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:47:A8:05:BF:6D:0A:5F:BD:59:7C:7C:03:E2:4E:93:AF:CD:F5:6E
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/JkeoBb9tCl-9WXx8A-JOk6_N9W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.199.0/24
                  85.133.221.0-85.133.222.255

    Signature Algorithm: sha256WithRSAEncryption
         23:8d:ad:e2:e7:5f:f8:cd:fa:f4:91:e5:1a:34:76:d0:18:46:
         24:ac:a5:33:15:8d:f5:6e:bb:89:d9:91:99:92:ac:9f:62:1a:
         69:e9:cd:19:a6:d5:65:87:b6:b0:d1:49:31:20:9e:94:ae:43:
         fc:6a:d1:07:e6:0d:04:3a:93:b2:9b:1c:cb:4a:a9:50:c3:1f:
         d4:a1:a3:fd:d3:5c:2f:4c:4c:63:3f:9e:6d:e4:6c:8b:22:11:
         db:ce:b9:b1:ef:a3:b9:c6:0e:d5:b2:19:ed:f9:28:24:21:6e:
         1f:1b:ef:66:53:17:e3:31:48:39:bc:c2:1d:e7:95:10:ba:92:
         0b:a3:70:37:f7:2a:cf:52:c8:93:92:b7:c3:06:9e:c4:ea:fc:
         ec:44:3b:7e:a9:5a:5d:24:7a:c8:fd:f3:8f:e4:b2:e7:c3:92:
         52:e6:e8:f6:b3:32:1b:a1:4f:10:2a:17:d5:09:93:41:1e:49:
         25:28:b8:d3:2f:b0:93:fb:ea:8a:8e:19:59:00:fe:56:7b:f0:
         e2:ee:37:5e:6d:f9:34:23:bd:e7:d2:7e:5d:eb:13:cd:87:ca:
         77:ab:50:6d:f4:9d:af:9b:83:79:1d:41:74:53:25:7a:d2:e7:
         af:90:0e:0e:90:e2:6f:2d:66:3c:ce:c9:c9:9d:fb:35:ca:ab:
         ef:39:b7:49
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY11CsRmFptnHa0jQc6eJ88uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMjA0MTY1NDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQ3YTgwNWJmNmQwYTVmYmQ1OTdjN2MwM2UyNGU5M2FmY2RmNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukX2ztIQAMPgKOxV+BVkHU+x2SMn
wg0DKSHYZtg4hhpf6jUsoZ4f7UFhjRnVPBAtx/exgOo+Sj9YXjnWO9naFoOELH4Z
skhRR2mEkwaUtW408695emPADRI0OcV+F3vrPnn6tdncGP7i/PNy7m7ZPtOxcV5Z
NOknfBZ5zKMnG0s6PbyInUG7RyFXtQ7PP9eIa17mKvQ1A4h3zAyr7FW8JdYEKVOA
7tE6WdQPazx0L7xgH3PZOswXmO+gskJ5QBgxadx/KGnwHQApOcWVbRTJjBzOLEVD
A7ZYys1k0k81deJZKoYyjc9ijScMziQuoc03M998BC2j0bzv39eXqIeVgQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCZHqAW/bQpfvVl8fAPiTpOvzfVuMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvSmtlb0JiOXRDbC05V1h4OEEtSk9rNl9OOVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAVYXHMAwD
BABVhd0DBABVhd4wDQYJKoZIhvcNAQELBQADggEBACONreLnX/jN+vSR5Ro0dtAY
RiSspTMVjfVuu4nZkZmSrJ9iGmnpzRmm1WWHtrDRSTEgnpSuQ/xq0QfmDQQ6k7Kb
HMtKqVDDH9Sho/3TXC9MTGM/nm3kbIsiEdvOubHvo7nGDtWyGe35KCQhbh8b72ZT
F+MxSDm8wh3nlRC6kgujcDf3Ks9SyJOSt8MGnsTq/OxEO36pWl0kesj984/ksufD
klLm6PazMhuhTxAqF9UJk0EeSSUouNMvsJP76oqOGVkA/lZ78OLuN15t+TQjvefS
fl3rE82HynerUG30na+bg3kdQXRTJXrS56+QDg6Q4m8tZjzOycmd+zXKq+85t0k=
-----END CERTIFICATE-----