Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/akQ6W_szrCA0QpfMKdOb0MI3uD8.roa
File:                     akQ6W_szrCA0QpfMKdOb0MI3uD8.roa (raw, json)
Hash identifier:          /8KU9bHW4RyfCq9qF0DQz8jycGDv3OkJvgBP+LrXBpY=
Subject key identifier:   6A:44:3A:5B:FB:33:AC:20:34:42:97:CC:29:D3:9B:D0:C2:37:B8:3F
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0191FA35B32CEFC42351211B6C75DF1C79D6
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/akQ6W_szrCA0QpfMKdOb0MI3uD8.roa
Signing time:             Mon 16 Sep 2024 09:41:48 +0000
ROA not before:           Mon 16 Sep 2024 09:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214922
IP address blocks:        85.133.201.0/24 maxlen: 24
                          85.133.202.0/24 maxlen: 24
                          85.133.203.0/24 maxlen: 24
                          85.133.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:35:b3:2c:ef:c4:23:51:21:1b:6c:75:df:1c:79:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Sep 16 09:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a443a5bfb33ac20344297cc29d39bd0c237b83f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8d:60:5d:ef:cc:f2:30:c8:f6:08:7a:c8:35:
                    0c:df:68:d3:a0:81:a8:4f:5d:d6:c6:2d:6c:8d:86:
                    87:65:22:e1:2e:ef:89:80:eb:b0:1c:d3:15:4b:d7:
                    19:7e:7c:8f:93:d3:46:a9:41:2c:ee:07:54:81:b8:
                    34:ed:62:65:ca:07:f8:dc:67:29:7f:00:04:e2:1c:
                    7a:03:40:37:5e:29:60:73:09:bd:1c:7b:c2:fc:14:
                    a1:68:a7:db:d7:9b:9e:c2:b0:2d:9f:ab:c5:e1:39:
                    f8:23:c2:52:4d:b6:01:63:59:a2:3a:50:b5:48:bf:
                    d2:da:5b:61:78:96:78:6e:5a:9f:c0:51:1d:a7:9f:
                    9d:5f:3a:7f:b2:0a:40:d2:d8:7c:84:6b:f9:a8:0d:
                    64:56:fa:1d:ed:6b:23:e6:f2:bb:a8:30:01:8c:07:
                    6d:08:b2:2b:a5:c1:0b:4d:be:9e:a7:f5:b6:10:b8:
                    bf:bb:e6:ea:92:dc:a4:6f:84:e5:54:bf:29:21:ef:
                    87:bd:00:29:96:76:77:7e:81:51:2d:05:77:4e:52:
                    db:3d:ec:c9:0e:62:f0:a4:e1:7f:30:e3:41:f9:c4:
                    f1:9c:1c:06:18:b4:3f:e9:77:8e:85:e3:30:73:05:
                    2a:6c:ca:2f:fc:87:c2:10:95:06:f5:30:cc:5e:7e:
                    e6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:44:3A:5B:FB:33:AC:20:34:42:97:CC:29:D3:9B:D0:C2:37:B8:3F
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/akQ6W_szrCA0QpfMKdOb0MI3uD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.201.0-85.133.204.255

    Signature Algorithm: sha256WithRSAEncryption
         4a:02:0d:25:e1:ff:80:cb:96:d4:1f:f1:01:2f:80:6d:48:c2:
         f2:b9:00:aa:0b:9f:1e:13:7c:e4:be:30:d4:32:e9:12:0a:e2:
         df:5f:8e:a7:cf:0a:58:99:2c:ef:99:35:5e:26:df:1f:50:ec:
         3d:61:ac:87:b1:b1:ea:32:0e:b3:b1:76:31:b3:2d:83:97:8c:
         cc:43:51:91:5e:ef:68:36:50:94:cb:30:af:4d:7b:d0:ec:ce:
         1b:89:3f:1b:8b:e2:b7:b3:1f:3e:ac:71:67:54:64:85:56:9d:
         12:43:cd:8c:1f:07:cb:39:96:be:c5:ca:fd:46:2a:93:f3:63:
         20:ea:65:6e:03:9e:58:9d:25:4a:af:1e:ac:0e:2b:eb:e6:5c:
         fc:76:4f:29:ab:38:27:b5:0e:b9:da:d7:43:97:5c:f8:70:8c:
         3c:1c:66:5e:0b:60:1f:95:49:39:be:0c:18:c8:b8:a1:18:e0:
         95:2c:37:61:10:ee:a3:c2:aa:9f:8b:dc:5e:57:b2:90:80:a9:
         21:bc:c1:0a:7e:aa:a9:5d:2b:e2:93:91:4c:e3:d9:18:ca:3f:
         3c:61:a9:b3:a3:26:fa:fc:97:db:43:91:60:2c:40:2e:c8:5c:
         ab:cf:a2:77:99:d5:e3:a4:9b:e3:98:75:b6:f2:b9:02:e7:23:
         13:ef:9d:87
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZH6NbMs78QjUSEbbHXfHHnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwOTE2MDk0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQ0M2E1YmZiMzNhYzIwMzQ0Mjk3Y2MyOWQzOWJkMGMyMzdiODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn41gXe/M8jDI9gh6yDUM32jToIGo
T13Wxi1sjYaHZSLhLu+JgOuwHNMVS9cZfnyPk9NGqUEs7gdUgbg07WJlygf43Gcp
fwAE4hx6A0A3Xilgcwm9HHvC/BShaKfb15uewrAtn6vF4Tn4I8JSTbYBY1miOlC1
SL/S2ltheJZ4blqfwFEdp5+dXzp/sgpA0th8hGv5qA1kVvod7Wsj5vK7qDABjAdt
CLIrpcELTb6ep/W2ELi/u+bqktykb4TlVL8pIe+HvQAplnZ3foFRLQV3TlLbPezJ
DmLwpOF/MONB+cTxnBwGGLQ/6XeOheMwcwUqbMov/IfCEJUG9TDMXn7mDQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGpEOlv7M6wgNEKXzCnTm9DCN7g/MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvYWtRNldfc3pyQ0EwUXBmTUtkT2IwTUkzdUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABVhckD
BABVhcwwDQYJKoZIhvcNAQELBQADggEBAEoCDSXh/4DLltQf8QEvgG1IwvK5AKoL
nx4TfOS+MNQy6RIK4t9fjqfPCliZLO+ZNV4m3x9Q7D1hrIexseoyDrOxdjGzLYOX
jMxDUZFe72g2UJTLMK9Ne9DszhuJPxuL4rezHz6scWdUZIVWnRJDzYwfB8s5lr7F
yv1GKpPzYyDqZW4DnlidJUqvHqwOK+vmXPx2TymrOCe1Drna10OXXPhwjDwcZl4L
YB+VSTm+DBjIuKEY4JUsN2EQ7qPCqp+L3F5XspCAqSG8wQp+qqldK+KTkUzj2RjK
PzxhqbOjJvr8l9tDkWAsQC7IXKvPoneZ1eOkm+OYdbbyuQLnIxPvnYc=
-----END CERTIFICATE-----