Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/dlMgTA37PYjMj29gw-38SqdkU3Y.roa
File:                     dlMgTA37PYjMj29gw-38SqdkU3Y.roa (raw, json)
Hash identifier:          1Uz3Ku2WqM/b08F/1HFeZ9d7LLkvQOmfAokOdqGf3nA=
Subject key identifier:   76:53:20:4C:0D:FB:3D:88:CC:8F:6F:60:C3:ED:FC:4A:A7:64:53:76
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019532E8592A501E0173ACE580C546C56257
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/dlMgTA37PYjMj29gw-38SqdkU3Y.roa
Signing time:             Sun 23 Feb 2025 13:04:02 +0000
ROA not before:           Sun 23 Feb 2025 13:04:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        85.133.199.0/24 maxlen: 24
                          85.133.221.0/24 maxlen: 24
                          85.133.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:32:e8:59:2a:50:1e:01:73:ac:e5:80:c5:46:c5:62:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb 23 13:04:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7653204c0dfb3d88cc8f6f60c3edfc4aa7645376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f4:0a:c3:4c:98:5e:40:cf:51:46:41:e9:a3:
                    08:85:0c:62:8d:ea:c0:9f:ed:67:0a:3f:1d:f5:6c:
                    1f:88:5c:03:c7:2e:a2:a5:b3:d1:02:76:ff:d8:10:
                    24:b7:fd:a4:2b:3c:8e:f8:2a:5e:26:24:0c:c4:db:
                    07:c1:73:c3:96:8d:e5:6d:73:e7:b8:de:d5:04:48:
                    d1:86:6d:bb:0a:5c:ec:06:f1:ff:a9:bc:81:82:12:
                    dc:41:aa:24:b4:3d:8d:92:ac:6d:4c:79:cc:18:ee:
                    60:29:16:ea:ed:d2:42:2d:5a:ed:ca:ff:08:be:65:
                    f3:d5:97:4b:1f:d2:75:ed:e9:b2:c6:c6:c4:76:c8:
                    b3:7e:e4:73:8b:70:90:4d:f5:8e:78:e4:9b:3c:6c:
                    12:fd:7a:c2:a9:ee:80:c7:33:c4:2f:ef:b7:c5:45:
                    1f:59:14:68:99:c6:28:a2:3a:38:e4:0c:7f:13:e9:
                    83:c7:c7:da:b9:49:8a:2b:3f:f5:80:6f:fa:cd:6e:
                    27:3e:0b:21:dc:4b:05:ca:f0:cd:9d:9d:ed:1d:f8:
                    93:7a:6f:5e:16:b9:c7:ff:59:11:dd:4c:53:b7:71:
                    5c:6e:9d:df:fb:2e:cd:8b:cf:4e:72:03:36:98:7e:
                    32:79:28:35:60:08:f6:12:f4:0a:46:35:14:e1:59:
                    ba:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:53:20:4C:0D:FB:3D:88:CC:8F:6F:60:C3:ED:FC:4A:A7:64:53:76
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/dlMgTA37PYjMj29gw-38SqdkU3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.199.0/24
                  85.133.221.0/24
                  85.133.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:8c:61:a1:a0:36:8d:06:6f:79:e1:b0:e6:84:a9:aa:da:99:
         37:55:02:6b:60:2a:71:92:8e:d3:f0:6a:05:a3:b4:d7:fe:64:
         9d:2c:0b:c9:e9:ca:de:2f:59:e4:f9:d2:04:d5:ef:cd:81:e8:
         13:5e:4a:71:c2:74:83:73:63:52:50:65:fb:4f:80:2d:32:18:
         54:c9:f8:47:38:17:91:13:4c:5b:03:1c:63:39:46:fc:c6:f8:
         6d:a3:6a:20:69:8a:b4:7f:e4:7f:a2:a6:c8:9c:bb:93:5b:ed:
         92:67:e9:24:2e:3e:72:a5:0a:d7:c5:62:f4:d1:0e:3a:e6:53:
         10:45:96:5f:23:b5:3f:f6:5a:39:3a:6c:f4:93:ca:41:c9:28:
         26:58:5d:ad:74:dc:86:13:b6:9a:16:76:cd:15:63:b5:49:28:
         0d:ff:84:b6:ac:71:dc:89:a8:a1:d5:4d:4a:ae:f9:93:e9:ed:
         32:4d:d1:e5:3b:bd:ce:72:e8:9d:20:fe:00:bd:56:54:bd:60:
         05:22:1e:ff:6e:c6:18:97:df:6d:52:5d:4c:9b:4c:b9:bb:20:
         b8:6b:3b:62:cc:ae:31:e0:c4:d1:2b:53:4c:f2:38:e4:44:ca:
         0e:a3:d6:c2:86:bb:03:84:a1:34:0a:11:a6:0b:95:b4:4b:80:
         6f:63:02:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZUy6FkqUB4Bc6zlgMVGxWJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwMjIzMTMwNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjUzMjA0YzBkZmIzZDg4Y2M4ZjZmNjBjM2VkZmM0YWE3NjQ1Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPQKw0yYXkDPUUZB6aMIhQxijerA
n+1nCj8d9WwfiFwDxy6ipbPRAnb/2BAkt/2kKzyO+CpeJiQMxNsHwXPDlo3lbXPn
uN7VBEjRhm27ClzsBvH/qbyBghLcQaoktD2NkqxtTHnMGO5gKRbq7dJCLVrtyv8I
vmXz1ZdLH9J17emyxsbEdsizfuRzi3CQTfWOeOSbPGwS/XrCqe6AxzPEL++3xUUf
WRRomcYoojo45Ax/E+mDx8fauUmKKz/1gG/6zW4nPgsh3EsFyvDNnZ3tHfiTem9e
FrnH/1kR3UxTt3Fcbp3f+y7Ni89OcgM2mH4yeSg1YAj2EvQKRjUU4Vm6IQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHZTIEwN+z2IzI9vYMPt/EqnZFN2MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvZGxNZ1RBMzdQWWpNajI5Z3ctMzhTcWRrVTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVYXHAwQA
VYXdAwQAVYX6MA0GCSqGSIb3DQEBCwUAA4IBAQBjjGGhoDaNBm954bDmhKmq2pk3
VQJrYCpxko7T8GoFo7TX/mSdLAvJ6creL1nk+dIE1e/NgegTXkpxwnSDc2NSUGX7
T4AtMhhUyfhHOBeRE0xbAxxjOUb8xvhto2ogaYq0f+R/oqbInLuTW+2SZ+kkLj5y
pQrXxWL00Q465lMQRZZfI7U/9lo5Omz0k8pBySgmWF2tdNyGE7aaFnbNFWO1SSgN
/4S2rHHciaih1U1KrvmT6e0yTdHlO73OcuidIP4AvVZUvWAFIh7/bsYYl99tUl1M
m0y5uyC4aztizK4x4MTRK1NM8jjkRMoOo9bChrsDhKE0ChGmC5W0S4BvYwJb
-----END CERTIFICATE-----