Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/nvWYjhHXGuflWePISaSvNcdKkqQ.roa
File:                     nvWYjhHXGuflWePISaSvNcdKkqQ.roa (raw, json)
Hash identifier:          hx4+k+ZfhQfERSOkEsaZUId7/mQkGHRFBX4VUBA24sE=
Subject key identifier:   9E:F5:98:8E:11:D7:1A:E7:E5:59:E3:C8:49:A4:AF:35:C7:4A:92:A4
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019482E5CF91944BBB1997D2CAE155B10D26
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/nvWYjhHXGuflWePISaSvNcdKkqQ.roa
Signing time:             Mon 20 Jan 2025 08:48:06 +0000
ROA not before:           Mon 20 Jan 2025 08:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        85.133.221.0/24 maxlen: 24
                          85.133.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:82:e5:cf:91:94:4b:bb:19:97:d2:ca:e1:55:b1:0d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan 20 08:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ef5988e11d71ae7e559e3c849a4af35c74a92a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f5:2f:72:8a:c3:53:cb:ab:ed:0c:f4:ad:06:
                    e1:5d:2f:21:4d:6c:13:aa:13:3d:34:2f:51:a1:d0:
                    09:72:b7:52:ef:0c:97:b8:71:95:1f:86:1a:f6:f2:
                    04:6f:e1:31:71:82:70:e8:c7:4d:ea:9b:e4:cc:eb:
                    73:1c:a7:99:90:dd:1c:b3:85:dc:c0:58:b1:15:4a:
                    f0:88:96:82:9e:31:af:d4:1a:34:6e:3e:33:86:7d:
                    88:85:b3:63:d3:dc:69:3b:30:bd:b5:1a:dd:0f:95:
                    5f:cd:bf:a1:fd:94:1c:bd:5d:7b:ae:5f:29:7d:78:
                    91:28:fe:e7:e3:3a:0c:87:f3:b7:69:ad:6a:ce:9f:
                    d8:5e:b6:1d:bd:7d:6f:bf:54:44:c3:a3:c0:67:cd:
                    3b:9a:96:0b:23:d5:65:bd:eb:1c:72:64:33:65:ca:
                    0b:d2:9b:7d:a0:c1:12:4d:00:c7:5c:b7:19:9c:58:
                    3a:9e:7b:da:b8:82:bb:b6:2c:76:03:b3:47:5d:31:
                    af:f0:e4:78:bb:8b:47:97:d8:d7:c5:44:62:d8:ab:
                    db:82:44:00:27:89:bc:f9:5f:b2:c7:11:e2:70:45:
                    48:72:b5:7c:0c:1f:3d:a9:21:0b:3e:27:90:48:24:
                    a4:22:5e:24:22:39:10:82:2b:02:d1:58:a2:58:88:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F5:98:8E:11:D7:1A:E7:E5:59:E3:C8:49:A4:AF:35:C7:4A:92:A4
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/nvWYjhHXGuflWePISaSvNcdKkqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.221.0/24
                  85.133.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:cf:99:af:6b:00:7f:98:00:73:af:4f:2d:e9:1b:9c:5d:64:
         a8:11:8e:5b:2b:9f:1f:93:d2:de:50:5a:b0:97:19:33:f2:19:
         37:83:4c:2e:43:cd:47:50:8b:24:be:a4:2e:f4:5e:b7:c6:09:
         1f:d4:f9:ee:ec:86:88:74:ad:87:2a:9f:58:c3:6a:11:4c:0c:
         0c:4f:5b:b9:df:80:eb:38:9e:9f:0f:3a:ec:92:ab:4b:0b:0f:
         d4:7b:09:42:30:f9:08:88:3b:e6:39:ee:91:59:ea:f4:43:ff:
         de:67:54:59:f2:b4:47:d6:49:af:e4:63:e4:93:6d:e8:c5:20:
         ba:43:f3:1a:8e:3e:aa:e8:f9:9b:68:ce:16:97:58:0e:c3:c1:
         79:db:cf:55:cb:27:b2:b2:e4:9f:2d:fd:12:29:d1:1d:6d:84:
         2e:f5:6b:2e:ce:7d:ab:ac:7a:25:62:85:09:05:c1:83:ac:16:
         d1:09:ca:88:ab:49:eb:88:26:4a:d8:2e:49:f8:a0:81:94:7d:
         7a:de:30:b3:6b:5a:0e:83:d5:0f:3b:1b:47:3a:25:4d:5c:c1:
         69:04:d4:6e:af:c3:00:9f:e4:11:a1:98:25:53:33:cb:11:71:
         20:a4:8e:0b:c8:ee:c7:a4:fe:91:34:0e:ce:b1:cd:55:5c:9d:
         7d:3d:3e:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSC5c+RlEu7GZfSyuFVsQ0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwMTIwMDg0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY1OTg4ZTExZDcxYWU3ZTU1OWUzYzg0OWE0YWYzNWM3NGE5MmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvUvcorDU8ur7Qz0rQbhXS8hTWwT
qhM9NC9RodAJcrdS7wyXuHGVH4Ya9vIEb+ExcYJw6MdN6pvkzOtzHKeZkN0cs4Xc
wFixFUrwiJaCnjGv1Bo0bj4zhn2IhbNj09xpOzC9tRrdD5Vfzb+h/ZQcvV17rl8p
fXiRKP7n4zoMh/O3aa1qzp/YXrYdvX1vv1REw6PAZ807mpYLI9VlvesccmQzZcoL
0pt9oMESTQDHXLcZnFg6nnvauIK7tix2A7NHXTGv8OR4u4tHl9jXxURi2KvbgkQA
J4m8+V+yxxHicEVIcrV8DB89qSELPieQSCSkIl4kIjkQgisC0ViiWIjigwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ71mI4R1xrn5VnjyEmkrzXHSpKkMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvbnZXWWpoSFhHdWZsV2VQSVNhU3ZOY2RLa3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXdAwQA
VYX6MA0GCSqGSIb3DQEBCwUAA4IBAQBLz5mvawB/mABzr08t6RucXWSoEY5bK58f
k9LeUFqwlxkz8hk3g0wuQ81HUIskvqQu9F63xgkf1Pnu7IaIdK2HKp9Yw2oRTAwM
T1u534DrOJ6fDzrskqtLCw/UewlCMPkIiDvmOe6RWer0Q//eZ1RZ8rRH1kmv5GPk
k23oxSC6Q/Majj6q6PmbaM4Wl1gOw8F5289VyyeysuSfLf0SKdEdbYQu9Wsuzn2r
rHolYoUJBcGDrBbRCcqIq0nriCZK2C5J+KCBlH163jCza1oOg9UPOxtHOiVNXMFp
BNRur8MAn+QRoZglUzPLEXEgpI4LyO7HpP6RNA7Osc1VXJ19PT5o
-----END CERTIFICATE-----