Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Vblcd5FYBNAOODne6tL0FaRkeSQ.roa
File:                     Vblcd5FYBNAOODne6tL0FaRkeSQ.roa (raw, json)
Hash identifier:          eF5o+/zJjKLl3Hzn6F34LPPI4gh5HMGLs/mmUW30C/4=
Subject key identifier:   55:B9:5C:77:91:58:04:D0:0E:38:39:DE:EA:D2:F4:15:A4:64:79:24
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019248667F30AC9AC94C21E4AA1F12DD21F4
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Vblcd5FYBNAOODne6tL0FaRkeSQ.roa
Signing time:             Tue 01 Oct 2024 14:05:29 +0000
ROA not before:           Tue 01 Oct 2024 14:05:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34918
IP address blocks:        85.133.197.0/24 maxlen: 24
                          85.133.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:66:7f:30:ac:9a:c9:4c:21:e4:aa:1f:12:dd:21:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Oct  1 14:05:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55b95c77915804d00e3839deead2f415a4647924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:22:cd:f6:d4:bc:64:32:26:4b:be:21:5d:20:
                    dd:ca:61:b6:a0:4e:eb:8c:e8:0f:5c:d7:ac:46:f4:
                    65:ec:2c:d8:5f:a7:4f:d2:28:06:50:5c:2b:01:a0:
                    29:b6:bf:df:78:dc:2d:98:b6:90:4b:de:9a:b5:27:
                    59:a9:b8:4d:f2:d8:a8:d4:f1:26:4f:08:0a:0b:91:
                    bb:18:c2:20:06:2d:f8:f0:ea:0d:1a:69:bf:8c:4d:
                    e9:59:24:79:69:c4:52:ac:45:81:1a:80:6a:3d:78:
                    16:32:6a:f6:41:79:5a:ba:1a:0c:61:71:db:4f:f8:
                    44:88:d6:0e:0d:1b:f9:b6:b0:00:3c:fd:c8:51:9f:
                    e7:88:66:ab:a9:d9:85:2a:98:2e:ed:af:2c:34:e9:
                    28:78:a2:dc:e2:1b:6e:56:19:26:66:00:8c:46:21:
                    cc:21:0c:6c:72:b8:bf:de:fc:61:81:5e:4e:fe:9c:
                    ec:98:57:cb:ee:c7:d2:9e:40:91:63:96:10:43:bd:
                    b0:ce:25:bf:d7:67:7b:09:73:d1:e4:9d:f0:34:0a:
                    cf:51:69:e3:5a:2d:fb:98:30:3c:e1:80:dd:74:ef:
                    6f:f7:c3:e2:f8:f1:94:68:71:c5:77:7c:2b:15:18:
                    35:53:04:8e:4d:89:36:2c:12:eb:83:00:d8:17:17:
                    99:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B9:5C:77:91:58:04:D0:0E:38:39:DE:EA:D2:F4:15:A4:64:79:24
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Vblcd5FYBNAOODne6tL0FaRkeSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.197.0/24
                  85.133.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:c7:26:ec:06:4a:ea:7c:60:4d:c6:69:fe:e8:ec:46:32:9b:
         94:8e:49:9f:85:e0:27:7b:d7:24:25:36:45:d0:9b:74:b0:f9:
         5e:c8:e3:f3:d7:a1:10:16:ea:7a:9a:7c:62:50:be:93:b7:a8:
         f7:74:09:28:ad:9e:89:4b:4f:86:c7:32:70:90:c9:f4:5e:a5:
         3b:73:bd:9a:a3:1f:e9:ea:4c:40:67:6a:f8:8e:cb:a8:de:ec:
         91:37:f1:69:b7:98:fc:e6:1a:b3:f4:a2:62:fb:b2:92:0f:a3:
         0e:3a:6f:15:87:9c:62:a0:b6:a3:da:e7:d8:4f:c0:c5:68:b9:
         30:a9:93:02:ef:5c:ef:c1:8b:e8:80:6a:ee:c6:36:0c:bc:29:
         32:a7:2c:d6:6e:a1:42:34:58:c4:83:e8:64:18:d0:4e:dc:d2:
         ec:fc:93:d4:74:bb:97:1b:03:db:36:d2:be:73:cd:11:33:18:
         3a:ac:5b:3c:45:23:4c:96:33:ee:0d:63:8b:91:6f:a7:f1:ab:
         fe:df:6f:b3:8a:b1:28:a7:61:85:35:19:9c:ac:1b:23:b5:9b:
         90:1f:5c:b5:81:2d:be:d6:b6:d0:c4:3a:10:ed:32:6c:13:9f:
         da:27:8a:8d:7d:08:7e:03:0a:71:47:2f:8f:3a:f9:9b:9a:50:
         d8:30:f3:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJIZn8wrJrJTCHkqh8S3SH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQxMDAxMTQwNTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI5NWM3NzkxNTgwNGQwMGUzODM5ZGVlYWQyZjQxNWE0NjQ3OTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSLN9tS8ZDImS74hXSDdymG2oE7r
jOgPXNesRvRl7CzYX6dP0igGUFwrAaAptr/feNwtmLaQS96atSdZqbhN8tio1PEm
TwgKC5G7GMIgBi348OoNGmm/jE3pWSR5acRSrEWBGoBqPXgWMmr2QXlauhoMYXHb
T/hEiNYODRv5trAAPP3IUZ/niGarqdmFKpgu7a8sNOkoeKLc4htuVhkmZgCMRiHM
IQxscri/3vxhgV5O/pzsmFfL7sfSnkCRY5YQQ72wziW/12d7CXPR5J3wNArPUWnj
Wi37mDA84YDddO9v98Pi+PGUaHHFd3wrFRg1UwSOTYk2LBLrgwDYFxeZMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFW5XHeRWATQDjg53urS9BWkZHkkMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvVmJsY2Q1RllCTkFPT0RuZTZ0TDBGYVJrZVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXFAwQA
VYXjMA0GCSqGSIb3DQEBCwUAA4IBAQCDxybsBkrqfGBNxmn+6OxGMpuUjkmfheAn
e9ckJTZF0Jt0sPleyOPz16EQFup6mnxiUL6Tt6j3dAkorZ6JS0+GxzJwkMn0XqU7
c72aox/p6kxAZ2r4jsuo3uyRN/Fpt5j85hqz9KJi+7KSD6MOOm8Vh5xioLaj2ufY
T8DFaLkwqZMC71zvwYvogGruxjYMvCkypyzWbqFCNFjEg+hkGNBO3NLs/JPUdLuX
GwPbNtK+c80RMxg6rFs8RSNMljPuDWOLkW+n8av+32+zirEop2GFNRmcrBsjtZuQ
H1y1gS2+1rbQxDoQ7TJsE5/aJ4qNfQh+AwpxRy+POvmbmlDYMPNK
-----END CERTIFICATE-----