Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/QmYcIkRR06OWVP3_TV854H29jqg.roa
File:                     QmYcIkRR06OWVP3_TV854H29jqg.roa (raw, json)
Hash identifier:          8qzLEzhAOZY3X4fhA12x37FurknmUnllq6QcnwfMgKY=
Subject key identifier:   42:66:1C:22:44:51:D3:A3:96:54:FD:FF:4D:5F:39:E0:7D:BD:8E:A8
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       018CCA2AA415B648D5047938770E5666E986
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/QmYcIkRR06OWVP3_TV854H29jqg.roa
Signing time:             Tue 02 Jan 2024 12:34:01 +0000
ROA not before:           Tue 02 Jan 2024 12:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50867
IP address blocks:        80.85.155.0/24 maxlen: 24
                          2a0a:eec0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a4:15:b6:48:d5:04:79:38:77:0e:56:66:e9:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Jan  2 12:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42661c224451d3a39654fdff4d5f39e07dbd8ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0e:2b:6c:32:b4:37:b1:bd:bb:18:8f:d5:5d:
                    21:fa:f3:16:ff:ac:14:29:31:02:cb:d0:d9:00:dd:
                    cd:ca:1a:40:b3:c5:55:bf:05:0f:e7:74:08:97:84:
                    5f:6b:df:05:c0:df:6b:07:7d:2a:d9:44:fc:b3:26:
                    bb:d9:35:8f:ca:34:a5:61:14:16:03:6a:1f:6b:9e:
                    5f:10:8e:b9:53:6b:c3:35:f5:09:20:25:ab:94:f6:
                    ef:25:4d:1f:cb:35:ba:46:f3:93:95:d1:cc:2d:f5:
                    9c:cc:77:af:6f:ca:4e:d9:7d:92:f5:9a:16:8a:de:
                    18:6f:4e:6b:c9:dd:92:d8:22:f6:51:a7:22:dc:a6:
                    51:27:b9:da:1c:fe:cb:60:71:b9:0b:f6:d6:84:ea:
                    4e:53:81:3c:91:08:1f:69:96:b6:01:54:19:7a:49:
                    74:0a:96:0c:fc:16:cf:62:21:de:fe:a3:b0:ee:71:
                    48:50:01:72:f4:a9:6d:fd:74:c3:a6:f3:f9:f9:f3:
                    f6:97:1d:55:52:ef:38:32:8f:55:5e:21:40:e7:07:
                    df:c7:3c:e9:eb:80:22:59:be:38:2d:6e:80:71:f0:
                    ff:69:20:14:32:47:70:92:98:ba:3c:f8:71:60:37:
                    c2:9d:4a:1d:63:45:a2:16:cc:06:f1:61:44:a5:bf:
                    ab:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:66:1C:22:44:51:D3:A3:96:54:FD:FF:4D:5F:39:E0:7D:BD:8E:A8
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/QmYcIkRR06OWVP3_TV854H29jqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.155.0/24
                IPv6:
                  2a0a:eec0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:a3:53:c1:88:1c:b1:bf:3c:7f:6c:f3:ef:c3:2a:87:59:4d:
         3c:02:fe:d8:95:72:36:06:f6:ec:88:cf:4d:ef:21:e3:0f:3e:
         7c:ca:b8:b5:df:8b:eb:eb:32:53:89:da:08:b4:7e:4f:8e:5e:
         50:8e:bb:8d:23:5b:2b:f8:8f:4f:50:86:ba:3d:97:f1:d9:4f:
         2a:7a:de:94:fb:99:32:1f:ec:a1:fa:8f:f8:a0:e0:23:aa:a7:
         d9:59:80:69:ef:49:30:55:63:5e:f6:b7:16:ff:30:ee:52:d8:
         e9:f1:4b:57:b1:f0:f1:9e:6a:e7:1e:6d:84:c3:05:e3:f0:90:
         22:d5:7d:1a:0b:69:ad:4a:0a:0d:2b:0c:f7:66:f7:11:8a:20:
         6e:45:3e:b9:ac:ec:91:1e:d1:d3:a9:4b:8e:43:e2:7e:9e:a7:
         7a:c6:61:48:44:f1:64:a8:7c:6d:89:33:82:e3:21:2f:36:64:
         51:7e:0a:70:ef:35:b9:26:b6:55:21:87:1a:22:eb:0d:d7:52:
         74:71:b9:2b:af:f6:4c:41:c6:12:30:44:40:6d:d4:0a:5f:52:
         cf:ba:bf:1b:e1:fc:40:18:3d:c9:69:51:74:c0:fe:5f:e6:d5:
         4d:4b:86:37:8a:a6:f5:ed:eb:b1:1f:7d:5b:8d:0d:dd:8b:a8:
         72:bb:18:36
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKqQVtkjVBHk4dw5WZumGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjQwMTAyMTIzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY2MWMyMjQ0NTFkM2EzOTY1NGZkZmY0ZDVmMzllMDdkYmQ4ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtg4rbDK0N7G9uxiP1V0h+vMW/6wU
KTECy9DZAN3NyhpAs8VVvwUP53QIl4Rfa98FwN9rB30q2UT8sya72TWPyjSlYRQW
A2ofa55fEI65U2vDNfUJICWrlPbvJU0fyzW6RvOTldHMLfWczHevb8pO2X2S9ZoW
it4Yb05ryd2S2CL2Uaci3KZRJ7naHP7LYHG5C/bWhOpOU4E8kQgfaZa2AVQZekl0
CpYM/BbPYiHe/qOw7nFIUAFy9Klt/XTDpvP5+fP2lx1VUu84Mo9VXiFA5wffxzzp
64AiWb44LW6AcfD/aSAUMkdwkpi6PPhxYDfCnUodY0WiFswG8WFEpb+rmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEJmHCJEUdOjllT9/01fOeB9vY6oMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvUW1ZY0lrUlIwNk9XVlAzX1RWODU0SDI5anFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUFWbMA8E
AgACMAkDBwAqCu7AAAEwDQYJKoZIhvcNAQELBQADggEBAGmjU8GIHLG/PH9s8+/D
KodZTTwC/tiVcjYG9uyIz03vIeMPPnzKuLXfi+vrMlOJ2gi0fk+OXlCOu40jWyv4
j09Qhro9l/HZTyp63pT7mTIf7KH6j/ig4COqp9lZgGnvSTBVY172txb/MO5S2Onx
S1ex8PGeaucebYTDBePwkCLVfRoLaa1KCg0rDPdm9xGKIG5FPrms7JEe0dOpS45D
4n6ep3rGYUhE8WSofG2JM4LjIS82ZFF+CnDvNbkmtlUhhxoi6w3XUnRxuSuv9kxB
xhIwREBt1ApfUs+6vxvh/EAYPclpUXTA/l/m1U1LhjeKpvXt67EffVuNDd2LqHK7
GDY=
-----END CERTIFICATE-----