Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/iFhyxYhjlx3Xt-gQy0JmAxqwEDk.roa
File:                     iFhyxYhjlx3Xt-gQy0JmAxqwEDk.roa (raw, json)
Hash identifier:          XmNrbh9cOVw1XQy2pZh7w/k+u/b/kMN3G1+qB3PPtb8=
Subject key identifier:   88:58:72:C5:88:63:97:1D:D7:B7:E8:10:CB:42:66:03:1A:B0:10:39
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01925CABFF8009DE7973B63BF7EB171D8488
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/iFhyxYhjlx3Xt-gQy0JmAxqwEDk.roa
Signing time:             Sat 05 Oct 2024 12:33:48 +0000
ROA not before:           Sat 05 Oct 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        85.133.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5c:ab:ff:80:09:de:79:73:b6:3b:f7:eb:17:1d:84:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Oct  5 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=885872c58863971dd7b7e810cb4266031ab01039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8a:86:65:79:ad:ba:08:1c:c0:b8:9d:40:9d:
                    b9:c3:31:44:3f:ea:88:22:00:53:fb:f2:15:2b:49:
                    91:ef:0d:2c:fd:2e:03:b6:e7:28:89:77:ac:d5:2b:
                    a3:5b:86:06:c6:4e:11:30:95:2c:d8:2b:23:0c:3b:
                    91:16:87:4a:53:4a:fe:bc:ec:16:4b:a1:55:cd:51:
                    86:49:c4:04:54:cd:df:5c:ce:1f:00:8b:84:de:b6:
                    ea:ee:bb:92:43:d3:a0:20:2c:71:da:5d:f3:ff:99:
                    30:df:ed:76:65:ec:e7:8c:3b:27:3d:70:e1:9e:39:
                    57:49:ce:76:4a:e5:b9:7d:0c:ab:96:4c:0f:c5:e3:
                    50:c6:8d:59:0a:62:77:ab:7a:8d:6a:38:7b:f8:8e:
                    37:0c:ab:1a:a6:5c:5c:7c:00:27:a3:cb:68:1b:60:
                    b4:60:0c:ac:21:e3:38:a9:68:50:1f:67:d0:52:8a:
                    7d:9c:fc:40:75:c2:dc:50:d6:ab:cf:f5:03:2d:bd:
                    59:99:4b:58:7b:2b:9b:28:94:37:8f:94:c1:ae:a2:
                    e1:58:f3:99:cd:c4:6a:39:c5:01:fd:cc:dc:5a:fb:
                    41:27:6c:06:a6:78:0f:49:7e:af:a6:35:4f:f3:3e:
                    6e:aa:f7:c6:39:17:3b:8a:4a:94:d4:16:bd:2b:b8:
                    b2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:58:72:C5:88:63:97:1D:D7:B7:E8:10:CB:42:66:03:1A:B0:10:39
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/iFhyxYhjlx3Xt-gQy0JmAxqwEDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:02:bd:8a:38:eb:6b:40:16:73:06:74:90:8c:f6:f2:1d:3c:
         3e:8f:f1:79:8d:c6:52:c4:2e:68:3c:ee:62:05:19:82:be:42:
         30:40:ef:32:c9:6e:3f:4b:11:9f:a2:ca:d2:a2:60:ad:ac:c9:
         59:d4:aa:fb:91:41:84:a7:1f:5d:86:56:2b:ae:11:40:dc:78:
         58:49:7a:f3:68:3a:2c:ff:c8:3f:44:a2:8d:f2:c5:df:50:7c:
         c7:53:87:fe:9e:c1:15:1a:f7:74:2d:02:f9:99:b8:02:fe:e4:
         23:9a:40:67:5c:de:3f:5e:6c:19:a5:4e:21:d5:5e:3c:da:6a:
         88:ff:2e:cd:cd:fe:06:58:37:2f:e5:31:1e:9d:9f:a9:ba:99:
         99:ef:1f:70:e8:2f:6f:c8:6b:c1:13:86:88:31:1e:f6:46:78:
         7e:b8:ef:e7:40:e2:01:a8:ad:68:78:fb:97:d0:c6:87:49:f3:
         32:2e:f0:7e:02:8e:cc:80:2f:9e:64:b3:eb:4a:75:ef:2a:0b:
         a7:54:db:d2:59:fa:5f:dc:82:e3:8b:98:29:b5:a1:b2:fd:19:
         04:17:0e:69:79:ab:b7:d8:88:6f:18:f1:82:b8:fc:65:ba:fa:
         2f:16:ae:f4:30:70:74:7f:e3:ba:56:f3:a9:42:b0:e3:01:fc:
         b4:d6:89:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJcq/+ACd55c7Y79+sXHYSIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQxMDA1MTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODU4NzJjNTg4NjM5NzFkZDdiN2U4MTBjYjQyNjYwMzFhYjAxMDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4qGZXmtuggcwLidQJ25wzFEP+qI
IgBT+/IVK0mR7w0s/S4DtucoiXes1SujW4YGxk4RMJUs2CsjDDuRFodKU0r+vOwW
S6FVzVGGScQEVM3fXM4fAIuE3rbq7ruSQ9OgICxx2l3z/5kw3+12ZeznjDsnPXDh
njlXSc52SuW5fQyrlkwPxeNQxo1ZCmJ3q3qNajh7+I43DKsaplxcfAAno8toG2C0
YAysIeM4qWhQH2fQUop9nPxAdcLcUNarz/UDLb1ZmUtYeyubKJQ3j5TBrqLhWPOZ
zcRqOcUB/czcWvtBJ2wGpngPSX6vpjVP8z5uqvfGORc7ikqU1Ba9K7iyTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhYcsWIY5cd17foEMtCZgMasBA5MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvaUZoeXhZaGpseDNYdC1nUXkwSm1BeHF3RURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXxMA0G
CSqGSIb3DQEBCwUAA4IBAQCgAr2KOOtrQBZzBnSQjPbyHTw+j/F5jcZSxC5oPO5i
BRmCvkIwQO8yyW4/SxGfosrSomCtrMlZ1Kr7kUGEpx9dhlYrrhFA3HhYSXrzaDos
/8g/RKKN8sXfUHzHU4f+nsEVGvd0LQL5mbgC/uQjmkBnXN4/XmwZpU4h1V482mqI
/y7Nzf4GWDcv5TEenZ+pupmZ7x9w6C9vyGvBE4aIMR72Rnh+uO/nQOIBqK1oePuX
0MaHSfMyLvB+Ao7MgC+eZLPrSnXvKgunVNvSWfpf3ILji5gptaGy/RkEFw5peau3
2IhvGPGCuPxluvovFq70MHB0f+O6VvOpQrDjAfy01om5
-----END CERTIFICATE-----