Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/KlvYHsngjdBiNbNVPy4H8QWFifE.roa
File:                     KlvYHsngjdBiNbNVPy4H8QWFifE.roa (raw, json)
Hash identifier:          NCrIxE3QgsSdVX1v2POlV8XraYab0biwWYZLXvSJw+o=
Subject key identifier:   2A:5B:D8:1E:C9:E0:8D:D0:62:35:B3:55:3F:2E:07:F1:05:85:89:F1
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0192F7335ED68766BC248D99793673E45180
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/KlvYHsngjdBiNbNVPy4H8QWFifE.roa
Signing time:             Mon 04 Nov 2024 12:43:11 +0000
ROA not before:           Mon 04 Nov 2024 12:43:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35372
IP address blocks:        85.133.218.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f7:33:5e:d6:87:66:bc:24:8d:99:79:36:73:e4:51:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Nov  4 12:43:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a5bd81ec9e08dd06235b3553f2e07f1058589f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a1:14:75:07:f2:d3:b8:51:a7:f2:79:ef:fa:
                    2d:97:52:26:6e:73:d8:ce:05:7b:6b:62:f4:0f:60:
                    5a:c6:ae:54:79:ca:47:5d:0e:01:f5:8a:ed:ea:64:
                    f4:88:09:d6:1c:79:70:13:86:11:1f:28:57:a1:6c:
                    7d:90:b8:1b:d8:55:2a:f1:e7:ed:12:51:ff:34:83:
                    ed:85:aa:bd:b3:2b:17:5e:0d:fb:b3:1a:96:a2:44:
                    fa:b0:e8:34:03:78:64:5a:eb:d8:32:da:69:18:ee:
                    4c:2a:1d:1a:77:d4:30:be:1e:fd:0e:1a:28:46:fd:
                    d6:b4:79:e6:db:2d:9f:19:1c:7b:3e:d0:bf:d0:3e:
                    c6:fc:fa:9a:f8:be:f0:60:73:8c:72:03:f2:b6:bc:
                    53:1b:0e:b6:d0:9f:af:76:59:0a:f2:8d:9e:2b:f7:
                    e6:42:1f:8b:46:5a:73:50:1c:70:df:39:0c:ae:4c:
                    e0:2a:45:ee:6c:eb:96:d8:a2:2d:b3:60:b0:72:2e:
                    92:4d:c9:8e:cc:4f:3d:7a:69:7c:78:f7:86:84:19:
                    fc:2a:fd:b2:91:86:41:ad:a9:1b:62:91:04:81:a2:
                    1a:7f:18:8f:10:08:c4:e5:31:83:1b:45:17:42:18:
                    db:70:52:d0:1b:da:6a:99:5a:f1:a9:3b:89:94:e3:
                    dc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5B:D8:1E:C9:E0:8D:D0:62:35:B3:55:3F:2E:07:F1:05:85:89:F1
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/KlvYHsngjdBiNbNVPy4H8QWFifE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:70:16:03:c1:31:81:bf:d4:38:9a:b0:ad:df:b5:d5:99:c6:
         34:f8:a2:61:8f:d6:e2:45:23:87:6d:44:27:51:04:1d:d0:20:
         1c:de:20:5f:d8:18:73:83:5f:51:0c:a4:45:cc:5d:31:97:88:
         f0:d5:6e:ff:31:aa:9d:c7:d9:f3:ea:ac:cf:5e:ae:a9:13:42:
         76:59:c8:09:de:05:2a:ad:ae:b2:2d:4e:ff:76:c4:66:05:91:
         89:86:98:c4:27:d8:33:7b:ce:6a:c4:58:d8:f7:5d:ef:90:57:
         f7:5c:aa:f0:87:26:15:21:bd:71:02:82:bc:a9:a8:42:27:cd:
         f0:20:f8:6d:86:4f:5c:b5:fd:2b:14:52:67:c0:0b:fe:b9:a8:
         01:ed:41:34:0a:94:eb:32:93:89:5b:c2:c8:b8:ed:74:33:51:
         08:8e:e9:4f:3e:96:17:b3:59:7d:79:d5:f3:39:98:a8:bd:26:
         8a:c4:14:66:1a:8f:49:42:a3:07:ec:5c:0a:6b:d0:80:44:8d:
         68:95:bc:69:46:05:dc:c0:f6:c8:48:58:6b:f2:28:6f:a6:5b:
         8b:ad:59:e1:ca:be:ae:e8:6e:67:67:34:4f:9e:71:a4:e2:63:
         8f:bb:c2:d6:1b:d5:16:8c:6e:9a:7b:7b:c8:6f:03:2d:56:02:
         28:eb:29:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL3M17Wh2a8JI2ZeTZz5FGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQxMTA0MTI0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTViZDgxZWM5ZTA4ZGQwNjIzNWIzNTUzZjJlMDdmMTA1ODU4OWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qEUdQfy07hRp/J57/otl1ImbnPY
zgV7a2L0D2Baxq5UecpHXQ4B9Yrt6mT0iAnWHHlwE4YRHyhXoWx9kLgb2FUq8eft
ElH/NIPthaq9sysXXg37sxqWokT6sOg0A3hkWuvYMtppGO5MKh0ad9Qwvh79Dhoo
Rv3WtHnm2y2fGRx7PtC/0D7G/Pqa+L7wYHOMcgPytrxTGw620J+vdlkK8o2eK/fm
Qh+LRlpzUBxw3zkMrkzgKkXubOuW2KIts2Cwci6STcmOzE89eml8ePeGhBn8Kv2y
kYZBrakbYpEEgaIafxiPEAjE5TGDG0UXQhjbcFLQG9pqmVrxqTuJlOPc0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpb2B7J4I3QYjWzVT8uB/EFhYnxMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvS2x2WUhzbmdqZEJpTmJOVlB5NEg4UVdGaWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVYXaMA0G
CSqGSIb3DQEBCwUAA4IBAQAecBYDwTGBv9Q4mrCt37XVmcY0+KJhj9biRSOHbUQn
UQQd0CAc3iBf2Bhzg19RDKRFzF0xl4jw1W7/Maqdx9nz6qzPXq6pE0J2WcgJ3gUq
ra6yLU7/dsRmBZGJhpjEJ9gze85qxFjY913vkFf3XKrwhyYVIb1xAoK8qahCJ83w
IPhthk9ctf0rFFJnwAv+uagB7UE0CpTrMpOJW8LIuO10M1EIjulPPpYXs1l9edXz
OZiovSaKxBRmGo9JQqMH7FwKa9CARI1olbxpRgXcwPbISFhr8ihvpluLrVnhyr6u
6G5nZzRPnnGk4mOPu8LWG9UWjG6ae3vIbwMtVgIo6ylN
-----END CERTIFICATE-----