Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/QI0gCII91h_Mrkwv8OkKqZAJ9m0.roa
File:                     QI0gCII91h_Mrkwv8OkKqZAJ9m0.roa (raw, json)
Hash identifier:          HjNXrzSYJHz2sRIkVmGYYRVwgiKaBHzbocqn8X6j8CM=
Subject key identifier:   40:8D:20:08:82:3D:D6:1F:CC:AE:4C:2F:F0:E9:0A:A9:90:09:F6:6D
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019311AEB16A0E460F717095A383870BD391
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/QI0gCII91h_Mrkwv8OkKqZAJ9m0.roa
Signing time:             Sat 09 Nov 2024 16:08:01 +0000
ROA not before:           Sat 09 Nov 2024 16:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215938
IP address blocks:        85.133.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:11:ae:b1:6a:0e:46:0f:71:70:95:a3:83:87:0b:d3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Nov  9 16:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=408d2008823dd61fccae4c2ff0e90aa99009f66d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:41:29:f9:45:29:b7:d9:74:2d:1a:1f:ea:05:
                    29:6c:66:9c:a6:90:c6:9b:2b:ef:93:8a:be:65:56:
                    b6:cd:93:9c:bc:b7:43:4f:88:12:6c:3c:5a:1a:59:
                    c6:16:70:eb:60:9d:6d:8c:6f:c2:02:b7:af:d6:be:
                    e1:9f:85:d7:0c:af:57:2b:3f:48:73:33:fa:39:6e:
                    98:f6:b9:ae:84:b5:06:5b:62:30:f0:37:01:58:f8:
                    d5:69:a5:03:c6:85:a1:03:c8:bd:bd:20:5e:ba:b7:
                    d0:fb:c2:23:1f:fa:1f:2a:83:cb:27:ee:4b:ce:ba:
                    45:84:d4:f3:9b:56:f3:56:29:9b:8f:d9:10:b0:1b:
                    63:20:02:34:17:c3:f6:ba:48:07:54:00:14:8d:22:
                    b3:12:01:61:00:57:ce:63:4a:a1:d4:8f:a1:7a:6a:
                    ca:a6:e8:05:9e:96:0f:13:ab:ab:dd:16:df:02:59:
                    30:83:a8:64:2d:ff:d0:99:7e:79:f2:80:3b:27:55:
                    dd:0d:8a:0c:e3:4c:82:7d:9e:ee:e4:2d:bc:62:16:
                    57:bb:95:05:a9:13:fe:e6:93:58:c5:20:0f:fd:8d:
                    b0:0b:19:e2:1e:49:f6:47:07:ce:47:70:60:7e:1a:
                    77:21:6c:5b:cd:98:b5:32:55:81:2b:bd:97:d8:6a:
                    85:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8D:20:08:82:3D:D6:1F:CC:AE:4C:2F:F0:E9:0A:A9:90:09:F6:6D
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/QI0gCII91h_Mrkwv8OkKqZAJ9m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b5:88:f7:3e:d5:c0:39:29:17:5d:cd:24:b1:21:91:9c:ba:
         52:32:08:25:d6:08:6e:65:0e:98:20:26:57:d4:bd:91:55:27:
         32:73:89:6f:82:83:48:7e:c2:7b:e1:e4:4b:ef:9b:45:cd:3c:
         38:59:0b:e4:8f:56:d9:f7:cd:17:83:70:dd:c6:4c:28:ef:27:
         50:61:e3:11:a0:ab:a8:5b:25:cd:66:9e:35:c6:07:60:3e:9d:
         d8:73:e2:92:94:f7:03:9e:fe:b2:79:c2:9e:1f:f5:40:99:2b:
         4f:12:8c:24:46:31:50:71:0d:88:13:ee:e5:bb:9e:af:18:31:
         b3:39:c7:47:a1:4f:ef:24:82:53:dd:7f:a1:d0:02:3e:e1:b1:
         d1:a6:f0:f6:46:96:d5:41:ff:bb:1a:c7:27:fb:6c:de:0d:60:
         ec:70:25:aa:39:68:78:ac:70:85:c2:14:2c:35:0e:a3:30:a5:
         e8:fb:cb:b6:93:99:a2:e4:6d:99:2a:4b:57:41:d7:40:29:e6:
         81:c4:92:d7:bc:c8:bc:e3:31:7a:52:03:42:22:c7:41:ed:ad:
         fb:c6:7f:b8:f0:cc:17:59:b1:a0:93:b7:dd:64:93:63:a6:72:
         07:1f:1d:9e:81:ac:db:72:b9:79:bc:a3:e6:80:59:45:60:c8:
         e2:1f:d4:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMRrrFqDkYPcXCVo4OHC9ORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQxMTA5MTYwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhkMjAwODgyM2RkNjFmY2NhZTRjMmZmMGU5MGFhOTkwMDlmNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UEp+UUpt9l0LRof6gUpbGacppDG
myvvk4q+ZVa2zZOcvLdDT4gSbDxaGlnGFnDrYJ1tjG/CArev1r7hn4XXDK9XKz9I
czP6OW6Y9rmuhLUGW2Iw8DcBWPjVaaUDxoWhA8i9vSBeurfQ+8IjH/ofKoPLJ+5L
zrpFhNTzm1bzVimbj9kQsBtjIAI0F8P2ukgHVAAUjSKzEgFhAFfOY0qh1I+hemrK
pugFnpYPE6ur3RbfAlkwg6hkLf/QmX558oA7J1XdDYoM40yCfZ7u5C28YhZXu5UF
qRP+5pNYxSAP/Y2wCxniHkn2RwfOR3Bgfhp3IWxbzZi1MlWBK72X2GqFywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECNIAiCPdYfzK5ML/DpCqmQCfZtMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvUUkwZ0NJSTkxaF9Ncmt3djhPa0txWkFKOW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXZMA0G
CSqGSIb3DQEBCwUAA4IBAQBstYj3PtXAOSkXXc0ksSGRnLpSMggl1ghuZQ6YICZX
1L2RVScyc4lvgoNIfsJ74eRL75tFzTw4WQvkj1bZ980Xg3Ddxkwo7ydQYeMRoKuo
WyXNZp41xgdgPp3Yc+KSlPcDnv6yecKeH/VAmStPEowkRjFQcQ2IE+7lu56vGDGz
OcdHoU/vJIJT3X+h0AI+4bHRpvD2RpbVQf+7Gscn+2zeDWDscCWqOWh4rHCFwhQs
NQ6jMKXo+8u2k5mi5G2ZKktXQddAKeaBxJLXvMi84zF6UgNCIsdB7a37xn+48MwX
WbGgk7fdZJNjpnIHHx2egazbcrl5vKPmgFlFYMjiH9RT
-----END CERTIFICATE-----