Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/VVkYUE6o-R4M4ntXpbWaz-LwHzI.roa
File:                     VVkYUE6o-R4M4ntXpbWaz-LwHzI.roa (raw, json)
Hash identifier:          ILg5dLRSZVftgC1TsuYvUxQK7EwpdDoaom6V1toxO3E=
Subject key identifier:   55:59:18:50:4E:A8:F9:1E:0C:E2:7B:57:A5:B5:9A:CF:E2:F0:1F:32
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0192BA293B0AA907C3CFD92E941B0614168D
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/VVkYUE6o-R4M4ntXpbWaz-LwHzI.roa
Signing time:             Wed 23 Oct 2024 16:15:17 +0000
ROA not before:           Wed 23 Oct 2024 16:15:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204104
IP address blocks:        85.133.151.0/24 maxlen: 24
                          85.133.166.0/24 maxlen: 24
                          85.133.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ba:29:3b:0a:a9:07:c3:cf:d9:2e:94:1b:06:14:16:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Oct 23 16:15:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=555918504ea8f91e0ce27b57a5b59acfe2f01f32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b7:4e:fc:2a:b0:a3:26:ad:aa:f5:8b:4f:96:
                    06:cb:c4:8d:4b:d9:4b:ce:21:9a:8b:66:44:fb:ba:
                    89:f5:ec:9b:99:60:33:23:1f:c8:5f:58:3c:de:f8:
                    e0:8a:a7:11:40:ea:c6:0d:17:24:ac:f5:06:70:16:
                    7b:fc:fd:33:25:6c:78:00:80:96:39:87:5c:ae:94:
                    9f:6b:b7:35:19:e5:7f:a0:a4:68:9a:ac:61:40:c4:
                    7a:1d:08:c8:ba:de:cd:25:79:2e:11:07:d8:1c:b2:
                    7b:2e:83:0c:a9:10:91:42:62:c5:9d:a5:b0:d5:b5:
                    3c:0d:08:b2:d7:10:6d:9e:3c:d3:69:bb:5b:7f:2a:
                    78:42:3b:5f:26:a8:6d:92:52:85:f1:9a:bd:5c:29:
                    2a:98:4e:4c:35:78:5c:22:eb:b0:9b:a5:cb:de:33:
                    11:c9:e2:75:ba:e8:44:80:86:66:4a:f4:a4:ce:28:
                    e1:e1:5c:bf:71:df:1a:eb:dc:87:d6:aa:33:fe:74:
                    a2:d6:55:18:4c:d6:18:c3:4f:a4:b1:53:c3:f7:6f:
                    44:fd:ab:3e:6c:62:cc:0d:30:42:a4:e9:02:54:2e:
                    66:99:1a:5f:88:f7:75:b7:90:04:1d:0c:f7:ef:ea:
                    24:81:c0:d0:dc:b1:e2:32:af:92:3b:30:cb:35:d8:
                    78:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:59:18:50:4E:A8:F9:1E:0C:E2:7B:57:A5:B5:9A:CF:E2:F0:1F:32
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/VVkYUE6o-R4M4ntXpbWaz-LwHzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.151.0/24
                  85.133.166.0/24
                  85.133.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c1:06:0a:14:8c:e1:97:7b:e1:6f:df:ea:ef:42:d2:66:0d:
         d6:90:fd:e8:10:65:fe:3b:4e:fe:52:48:64:b1:de:36:52:0d:
         0f:d0:b0:9a:c0:77:2d:0c:d4:23:a1:3f:b4:1d:d1:c5:61:71:
         d9:11:cd:e7:14:79:14:fd:33:25:59:64:71:bd:d2:3f:5d:0b:
         e3:91:74:98:da:35:f5:07:dc:95:52:b1:1e:d1:33:d8:78:9e:
         68:27:3d:87:c6:ef:3b:8d:78:b9:9a:4f:50:51:d1:dd:a1:68:
         e9:55:03:32:4c:48:41:97:85:d3:ca:b7:79:49:69:81:4d:12:
         b6:f8:44:a4:ca:18:59:ca:a4:e6:74:30:6c:17:fa:ed:c7:31:
         d4:c6:43:99:91:12:0b:d8:56:4b:47:4d:66:5d:b9:33:05:fa:
         f1:9f:68:d3:0d:4d:35:77:83:94:d5:6f:75:23:1f:73:f3:b5:
         05:9e:0b:40:4b:8a:40:2a:1d:c4:81:92:82:41:48:47:ce:e5:
         e0:fb:4a:9f:f3:02:db:66:31:b0:7d:7b:28:ec:16:ef:05:53:
         75:23:ac:42:cc:e7:0a:6f:26:06:99:64:fc:9b:c5:34:54:fc:
         7c:0d:a4:4e:92:a5:cc:54:db:d2:8c:56:05:da:95:3c:4e:f7:
         30:e1:f2:a2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZK6KTsKqQfDz9kulBsGFBaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQxMDIzMTYxNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTU5MTg1MDRlYThmOTFlMGNlMjdiNTdhNWI1OWFjZmUyZjAxZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bdO/CqwoyatqvWLT5YGy8SNS9lL
ziGai2ZE+7qJ9eybmWAzIx/IX1g83vjgiqcRQOrGDRckrPUGcBZ7/P0zJWx4AICW
OYdcrpSfa7c1GeV/oKRomqxhQMR6HQjIut7NJXkuEQfYHLJ7LoMMqRCRQmLFnaWw
1bU8DQiy1xBtnjzTabtbfyp4QjtfJqhtklKF8Zq9XCkqmE5MNXhcIuuwm6XL3jMR
yeJ1uuhEgIZmSvSkzijh4Vy/cd8a69yH1qoz/nSi1lUYTNYYw0+ksVPD929E/as+
bGLMDTBCpOkCVC5mmRpfiPd1t5AEHQz37+okgcDQ3LHiMq+SOzDLNdh4FQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFVZGFBOqPkeDOJ7V6W1ms/i8B8yMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvVlZrWVVFNm8tUjRNNG50WHBiV2F6LUx3SHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVYWXAwQA
VYWmAwQAVYXCMA0GCSqGSIb3DQEBCwUAA4IBAQBFwQYKFIzhl3vhb9/q70LSZg3W
kP3oEGX+O07+Ukhksd42Ug0P0LCawHctDNQjoT+0HdHFYXHZEc3nFHkU/TMlWWRx
vdI/XQvjkXSY2jX1B9yVUrEe0TPYeJ5oJz2Hxu87jXi5mk9QUdHdoWjpVQMyTEhB
l4XTyrd5SWmBTRK2+ESkyhhZyqTmdDBsF/rtxzHUxkOZkRIL2FZLR01mXbkzBfrx
n2jTDU01d4OU1W91Ix9z87UFngtAS4pAKh3EgZKCQUhHzuXg+0qf8wLbZjGwfXso
7BbvBVN1I6xCzOcKbyYGmWT8m8U0VPx8DaROkqXMVNvSjFYF2pU8Tvcw4fKi
-----END CERTIFICATE-----