Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/v4CBgLv9j2JeRIvOJQdKbNxvJTA.roa
File:                     v4CBgLv9j2JeRIvOJQdKbNxvJTA.roa (raw, json)
Hash identifier:          Ttid+kREmc6Upy79hRBO9XMBfRE+dqbNAYWtSZGV6ag=
Subject key identifier:   BF:80:81:80:BB:FD:8F:62:5E:44:8B:CE:25:07:4A:6C:DC:6F:25:30
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019427B5FA2953569C11690822DEEFB82199
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/v4CBgLv9j2JeRIvOJQdKbNxvJTA.roa
Signing time:             Thu 02 Jan 2025 15:50:24 +0000
ROA not before:           Thu 02 Jan 2025 15:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35372
IP address blocks:        85.133.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:fa:29:53:56:9c:11:69:08:22:de:ef:b8:21:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  2 15:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf808180bbfd8f625e448bce25074a6cdc6f2530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9e:14:21:0f:60:8e:4d:a9:c4:8d:54:4f:69:
                    6e:68:29:69:b2:1a:64:9f:df:82:52:2e:e0:05:0d:
                    6e:26:4e:1d:b2:af:65:f5:d5:b1:38:f3:c3:bc:f1:
                    c6:5d:fa:89:e4:ae:73:7a:f0:9a:a8:c3:1a:08:f7:
                    cc:66:26:cd:1b:2b:90:82:3a:a5:cd:c8:3a:df:bc:
                    3b:62:ee:70:ef:9b:7a:b8:4b:0d:dd:34:5a:7d:ca:
                    05:68:b3:5f:d5:49:1c:be:03:a4:de:c0:36:5f:4a:
                    f7:73:91:58:7a:fc:7e:b7:43:58:16:67:ed:94:b3:
                    8d:56:8e:96:f0:01:80:6b:80:c1:bf:eb:83:3a:91:
                    5f:3b:51:bf:4c:22:6d:83:2b:5a:75:f1:7a:10:ad:
                    3e:23:8f:9a:ba:73:c3:31:76:46:48:c3:4f:94:a9:
                    6f:60:c4:53:61:67:a1:dc:59:bc:01:f5:52:16:86:
                    36:3e:e6:6e:2f:c7:1d:84:b2:b7:14:2b:f1:25:48:
                    26:6b:bf:25:1b:b2:5b:bb:50:a1:d8:10:3d:8e:1b:
                    e4:03:45:6d:ce:ef:2d:19:a3:35:ce:da:32:45:d8:
                    bb:a0:e5:78:d4:57:2a:59:74:d3:c8:95:ca:9f:32:
                    d6:39:e7:12:9d:57:6a:a2:07:98:d6:46:38:f3:c6:
                    17:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:80:81:80:BB:FD:8F:62:5E:44:8B:CE:25:07:4A:6C:DC:6F:25:30
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/v4CBgLv9j2JeRIvOJQdKbNxvJTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:fd:ed:28:cd:1a:fb:b4:69:6c:f1:de:67:6b:ff:52:e1:0b:
         61:41:e0:3a:b6:f5:00:99:33:0b:8a:6c:16:6c:54:6f:ac:22:
         59:17:87:f5:90:22:48:3a:36:d2:37:73:e2:2e:2e:ec:8b:68:
         e6:27:d6:c9:8f:2e:a9:ae:3f:47:dd:c8:fc:ef:71:13:cd:09:
         69:b1:2b:8e:b8:59:88:78:d7:81:f9:d4:36:5f:c4:63:aa:d5:
         fa:35:cd:92:72:61:06:07:01:6b:01:e1:0a:73:9a:d4:c9:d4:
         95:e9:5d:37:ab:87:bf:e4:ff:1b:ab:85:f8:89:ca:b0:1d:55:
         fe:a4:04:57:ae:b6:20:af:12:cd:c1:52:0e:36:24:25:ec:9a:
         ed:3e:51:c6:e5:29:85:7f:05:6e:34:00:4b:3c:e9:4d:4d:3e:
         04:22:fd:63:69:b9:25:22:cc:52:ad:98:f8:8c:e3:8e:e4:b9:
         f6:4f:19:a7:c8:24:49:3e:b9:59:aa:11:41:47:7f:f0:b2:24:
         64:79:ca:3c:02:8f:96:d2:26:e7:ee:27:6e:eb:46:d7:72:c8:
         00:1a:f6:81:36:03:5a:3a:e4:8c:3c:b6:21:35:0e:67:0c:e3:
         18:7d:31:b8:98:a4:58:9a:86:86:1a:35:f2:0c:e6:dd:63:02:
         c8:2f:20:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntfopU1acEWkIIt7vuCGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwMTAyMTU1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjgwODE4MGJiZmQ4ZjYyNWU0NDhiY2UyNTA3NGE2Y2RjNmYyNTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwp4UIQ9gjk2pxI1UT2luaClpshpk
n9+CUi7gBQ1uJk4dsq9l9dWxOPPDvPHGXfqJ5K5zevCaqMMaCPfMZibNGyuQgjql
zcg637w7Yu5w75t6uEsN3TRafcoFaLNf1UkcvgOk3sA2X0r3c5FYevx+t0NYFmft
lLONVo6W8AGAa4DBv+uDOpFfO1G/TCJtgytadfF6EK0+I4+aunPDMXZGSMNPlKlv
YMRTYWeh3Fm8AfVSFoY2PuZuL8cdhLK3FCvxJUgma78lG7Jbu1Ch2BA9jhvkA0Vt
zu8tGaM1ztoyRdi7oOV41FcqWXTTyJXKnzLWOecSnVdqogeY1kY488YX6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+AgYC7/Y9iXkSLziUHSmzcbyUwMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdjRDQmdMdjlqMkplUkl2T0pRZEtiTnh2SlRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVYXaMA0G
CSqGSIb3DQEBCwUAA4IBAQCh/e0ozRr7tGls8d5na/9S4QthQeA6tvUAmTMLimwW
bFRvrCJZF4f1kCJIOjbSN3PiLi7si2jmJ9bJjy6prj9H3cj873ETzQlpsSuOuFmI
eNeB+dQ2X8RjqtX6Nc2ScmEGBwFrAeEKc5rUydSV6V03q4e/5P8bq4X4icqwHVX+
pARXrrYgrxLNwVIONiQl7JrtPlHG5SmFfwVuNABLPOlNTT4EIv1jabklIsxSrZj4
jOOO5Ln2TxmnyCRJPrlZqhFBR3/wsiRkeco8Ao+W0ibn7idu60bXcsgAGvaBNgNa
OuSMPLYhNQ5nDOMYfTG4mKRYmoaGGjXyDObdYwLILyAg
-----END CERTIFICATE-----