Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/lQZCaJQlW3SO3gu-2CV9l-VcUUw.roa
File:                     lQZCaJQlW3SO3gu-2CV9l-VcUUw.roa (raw, json)
Hash identifier:          rQJUV585hNXWapnVqCaAOADmDE7QJDsmduzF9JJS3FM=
Subject key identifier:   95:06:42:68:94:25:5B:74:8E:DE:0B:BE:D8:25:7D:97:E5:5C:51:4C
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019107BC45CB62B9501EAEC410442879AC35
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/lQZCaJQlW3SO3gu-2CV9l-VcUUw.roa
Signing time:             Wed 31 Jul 2024 07:41:04 +0000
ROA not before:           Wed 31 Jul 2024 07:41:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204203
IP address blocks:        85.133.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:07:bc:45:cb:62:b9:50:1e:ae:c4:10:44:28:79:ac:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jul 31 07:41:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9506426894255b748ede0bbed8257d97e55c514c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:24:f8:36:77:88:1c:ad:b8:00:e2:30:1e:39:
                    3a:c3:7e:9b:92:1f:6e:a1:35:d6:d7:f9:7c:2e:3d:
                    7a:a1:5a:aa:7a:e3:90:3b:0e:d2:69:ef:68:f5:00:
                    f4:19:36:0e:a7:96:f4:e2:1a:9a:48:79:87:33:d0:
                    eb:a2:5e:be:61:1a:a9:c8:de:74:35:8e:63:ef:b3:
                    d7:71:76:e5:9f:5d:44:e1:1c:dc:4b:6a:ab:2e:f7:
                    dc:18:3f:b9:44:ee:f0:37:63:4d:2c:5c:9c:1e:51:
                    a6:74:8b:66:e5:22:3f:4d:03:fe:5c:3d:2c:79:75:
                    47:5c:f0:3c:e9:d3:76:fa:86:0b:e6:3c:e8:59:44:
                    82:cc:24:28:ea:84:d9:12:bf:cd:a8:51:77:b4:8c:
                    bc:96:8b:67:39:2d:74:43:76:04:64:60:f1:d3:27:
                    7c:2a:c8:1b:08:6b:92:9a:f2:cd:f1:c5:f0:4d:a5:
                    b8:3b:60:1a:f1:80:62:86:35:a5:9f:69:b4:ab:62:
                    ea:97:72:cd:c4:39:7a:e5:89:25:d8:75:4b:b5:b4:
                    34:f6:dc:2f:3a:25:4a:02:65:a3:68:7f:90:b3:5f:
                    b9:71:9a:10:eb:c4:f3:83:5a:a5:f0:8b:a4:87:1a:
                    f2:c8:06:35:7e:44:0b:61:0e:7f:e0:b3:18:f0:fa:
                    0b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:06:42:68:94:25:5B:74:8E:DE:0B:BE:D8:25:7D:97:E5:5C:51:4C
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/lQZCaJQlW3SO3gu-2CV9l-VcUUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:c3:e7:f2:0f:f6:b4:dc:45:fa:d9:de:fa:12:63:43:e4:01:
         51:b1:49:9a:b6:7b:42:c4:21:b9:00:49:6b:f3:42:60:9d:5f:
         fa:d5:e6:67:9f:27:34:cb:55:27:f2:04:83:59:e9:fe:41:e8:
         8a:20:1e:04:fd:fb:d6:41:d5:64:ed:64:2c:4c:1b:b9:f4:3c:
         d9:44:35:7c:6a:7d:80:ef:f7:3c:07:c2:75:c3:e1:40:cc:36:
         80:80:65:62:46:64:f7:a2:48:5a:7e:aa:c4:28:a7:a0:a6:1d:
         28:d7:d9:5a:21:cf:4b:52:c2:58:d5:a0:c8:39:31:7e:a9:f4:
         22:52:dd:8b:19:ce:21:c5:d6:ec:96:23:a2:69:95:12:29:43:
         f6:8a:14:ef:ef:46:c1:16:eb:61:5c:9f:e4:c4:37:ec:82:d4:
         f3:2d:78:ae:b5:ca:13:6c:5c:a2:45:80:46:79:48:4f:40:bf:
         1a:14:40:31:92:2d:a9:66:d5:4e:6d:6f:3f:8d:a7:5e:2b:be:
         7d:71:4e:25:30:a9:6d:d2:c8:b7:79:1d:eb:68:8f:05:bf:d2:
         78:a2:d2:e1:96:15:8a:f2:4c:46:9f:a4:50:b8:a0:67:b6:00:
         43:f1:14:96:90:8c:50:bc:5e:c2:d2:d6:b3:9a:37:1e:14:3d:
         d3:36:86:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEHvEXLYrlQHq7EEEQoeaw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwNzMxMDc0MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA2NDI2ODk0MjU1Yjc0OGVkZTBiYmVkODI1N2Q5N2U1NWM1MTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyT4NneIHK24AOIwHjk6w36bkh9u
oTXW1/l8Lj16oVqqeuOQOw7Sae9o9QD0GTYOp5b04hqaSHmHM9Drol6+YRqpyN50
NY5j77PXcXbln11E4RzcS2qrLvfcGD+5RO7wN2NNLFycHlGmdItm5SI/TQP+XD0s
eXVHXPA86dN2+oYL5jzoWUSCzCQo6oTZEr/NqFF3tIy8lotnOS10Q3YEZGDx0yd8
KsgbCGuSmvLN8cXwTaW4O2Aa8YBihjWln2m0q2Lql3LNxDl65Ykl2HVLtbQ09twv
OiVKAmWjaH+Qs1+5cZoQ68Tzg1ql8IukhxryyAY1fkQLYQ5/4LMY8PoLvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUGQmiUJVt0jt4LvtglfZflXFFMMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvbFFaQ2FKUWxXM1NPM2d1LTJDVjlsLVZjVVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXOMA0G
CSqGSIb3DQEBCwUAA4IBAQALw+fyD/a03EX62d76EmND5AFRsUmatntCxCG5AElr
80JgnV/61eZnnyc0y1Un8gSDWen+QeiKIB4E/fvWQdVk7WQsTBu59DzZRDV8an2A
7/c8B8J1w+FAzDaAgGViRmT3okhafqrEKKegph0o19laIc9LUsJY1aDIOTF+qfQi
Ut2LGc4hxdbsliOiaZUSKUP2ihTv70bBFuthXJ/kxDfsgtTzLXiutcoTbFyiRYBG
eUhPQL8aFEAxki2pZtVObW8/jadeK759cU4lMKlt0si3eR3raI8Fv9J4otLhlhWK
8kxGn6RQuKBntgBD8RSWkIxQvF7C0tazmjceFD3TNoYS
-----END CERTIFICATE-----