Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b4aaf6-10f4-4171-ac5a-ab0c1c442f5d/1/bDGRuxkT59Z6ZB75B8wYlq_pQ6Q.roa
File:                     bDGRuxkT59Z6ZB75B8wYlq_pQ6Q.roa (raw, json)
Hash identifier:          3069c8AKBflA7Qf5itUct3lXPIMT3zsgJd5D/2cUcko=
Subject key identifier:   6C:31:91:BB:19:13:E7:D6:7A:64:1E:F9:07:CC:18:96:AF:E9:43:A4
Certificate issuer:       /CN=caf9688e176cf386436d7bb88d3a405b46d0e2b9
Certificate serial:       01909282A6AD64236DD1054DCDD3A73BD855
Authority key identifier: CA:F9:68:8E:17:6C:F3:86:43:6D:7B:B8:8D:3A:40:5B:46:D0:E2:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yvlojhds84ZDbXu4jTpAW0bQ4rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/b4aaf6-10f4-4171-ac5a-ab0c1c442f5d/1/bDGRuxkT59Z6ZB75B8wYlq_pQ6Q.roa
Signing time:             Mon 08 Jul 2024 13:22:34 +0000
ROA not before:           Mon 08 Jul 2024 13:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215033
IP address blocks:        85.90.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/b4aaf6-10f4-4171-ac5a-ab0c1c442f5d/1/yvlojhds84ZDbXu4jTpAW0bQ4rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/b4aaf6-10f4-4171-ac5a-ab0c1c442f5d/1/yvlojhds84ZDbXu4jTpAW0bQ4rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yvlojhds84ZDbXu4jTpAW0bQ4rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:82:a6:ad:64:23:6d:d1:05:4d:cd:d3:a7:3b:d8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caf9688e176cf386436d7bb88d3a405b46d0e2b9
        Validity
            Not Before: Jul  8 13:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c3191bb1913e7d67a641ef907cc1896afe943a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fc:8f:4b:82:03:ff:9a:96:98:50:95:13:92:
                    82:3e:57:32:bb:a4:b8:10:82:3d:1a:64:91:24:44:
                    16:02:43:96:50:3e:5b:28:90:a0:42:4c:bd:c8:99:
                    57:0d:7c:2c:08:14:b7:80:e2:7c:7f:b9:14:b4:94:
                    28:4a:58:49:ec:9f:24:4d:d4:92:d5:87:4d:21:0e:
                    35:b7:bc:60:b4:d4:52:15:30:9e:82:a6:e3:69:c8:
                    bb:a0:b5:83:a6:e6:eb:29:5b:23:39:c8:ff:4f:d1:
                    bf:9a:8a:fd:6b:62:44:f3:a8:57:f6:de:31:91:e2:
                    dc:87:4c:d2:91:d2:96:dd:17:19:6f:f5:7f:fe:87:
                    0f:0d:ce:e1:e7:22:07:79:98:e8:f2:ab:a1:ec:22:
                    59:21:75:ab:99:4f:27:d2:64:cc:63:dd:e8:01:80:
                    70:5a:ea:dc:7d:1e:34:8f:c0:4e:fc:df:80:99:35:
                    40:35:5a:2f:8e:67:38:94:a2:30:8b:39:6c:63:06:
                    1d:b0:8c:d5:f0:67:99:79:78:6e:ca:83:fa:c7:cf:
                    90:fa:50:1a:71:f9:d4:9e:93:28:46:77:4d:d1:7f:
                    ba:a3:e3:34:80:6d:41:a6:a9:f6:3e:e1:8f:1b:7a:
                    cc:0e:fa:4c:5a:0f:e6:f2:3e:51:3d:d0:ec:0f:6d:
                    ba:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:31:91:BB:19:13:E7:D6:7A:64:1E:F9:07:CC:18:96:AF:E9:43:A4
            X509v3 Authority Key Identifier:
                keyid:CA:F9:68:8E:17:6C:F3:86:43:6D:7B:B8:8D:3A:40:5B:46:D0:E2:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yvlojhds84ZDbXu4jTpAW0bQ4rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b4aaf6-10f4-4171-ac5a-ab0c1c442f5d/1/bDGRuxkT59Z6ZB75B8wYlq_pQ6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b4aaf6-10f4-4171-ac5a-ab0c1c442f5d/1/yvlojhds84ZDbXu4jTpAW0bQ4rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.90.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:a1:1f:3d:92:17:ed:cf:ff:0d:02:ac:4f:ff:8d:67:77:66:
         a8:12:b2:09:61:4a:4f:c2:7a:a1:fa:48:4e:0b:cf:bf:91:6b:
         c9:46:2c:0b:6b:81:fe:6a:8b:47:c6:27:f5:69:e1:1c:6e:ac:
         b8:29:e1:77:c5:d7:6e:c1:fa:e3:a9:f7:78:fa:9e:af:7b:6d:
         fb:53:32:1c:eb:f5:73:0e:08:d1:b4:7d:e0:e3:17:0d:b8:fe:
         99:e9:07:ee:da:67:de:ba:cb:e9:df:5b:71:a5:72:14:64:64:
         db:1b:1e:d6:1b:02:82:f9:ae:07:4f:2f:32:5d:6f:0f:4a:10:
         72:9a:34:8c:a6:4c:6f:f3:82:16:80:4c:50:f9:70:73:eb:b8:
         cf:4b:be:d7:28:79:9d:84:aa:91:c1:63:99:5c:87:a9:3b:b3:
         81:ea:89:8b:9b:e4:6f:fd:1a:7e:1e:28:8a:3d:48:0c:7f:c5:
         b1:85:cf:fa:fc:63:f4:11:8e:49:d9:4d:71:07:ba:0e:49:ad:
         d7:5c:c2:55:5e:ea:1b:4b:e3:81:e5:4a:5b:11:31:7a:a2:0d:
         8a:79:16:97:9d:56:0a:35:57:3a:03:22:b3:6d:2b:31:24:e3:
         4c:2b:7f:d2:37:ce:41:78:84:f8:95:e5:32:be:00:f3:67:de:
         08:47:31:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCSgqatZCNt0QVNzdOnO9hVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZjk2ODhlMTc2Y2YzODY0MzZkN2JiODhkM2E0MDViNDZk
MGUyYjkwHhcNMjQwNzA4MTMyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzMxOTFiYjE5MTNlN2Q2N2E2NDFlZjkwN2NjMTg5NmFmZTk0M2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/yPS4ID/5qWmFCVE5KCPlcyu6S4
EII9GmSRJEQWAkOWUD5bKJCgQky9yJlXDXwsCBS3gOJ8f7kUtJQoSlhJ7J8kTdSS
1YdNIQ41t7xgtNRSFTCegqbjaci7oLWDpubrKVsjOcj/T9G/mor9a2JE86hX9t4x
keLch0zSkdKW3RcZb/V//ocPDc7h5yIHeZjo8quh7CJZIXWrmU8n0mTMY93oAYBw
WurcfR40j8BO/N+AmTVANVovjmc4lKIwizlsYwYdsIzV8GeZeXhuyoP6x8+Q+lAa
cfnUnpMoRndN0X+6o+M0gG1Bpqn2PuGPG3rMDvpMWg/m8j5RPdDsD226lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwxkbsZE+fWemQe+QfMGJav6UOkMB8GA1UdIwQY
MBaAFMr5aI4XbPOGQ217uI06QFtG0OK5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXZsb2poZHM4NFpEYlh1NGpUcEFXMGJRNHJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iNGFhZjYtMTBmNC00MTcxLWFjNWEt
YWIwYzFjNDQyZjVkLzEvYkRHUnV4a1Q1OVo2WkI3NUI4d1lscV9wUTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iNGFhZjYtMTBmNC00MTcxLWFjNWEtYWIwYzFjNDQyZjVk
LzEveXZsb2poZHM4NFpEYlh1NGpUcEFXMGJRNHJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVVrSMA0G
CSqGSIb3DQEBCwUAA4IBAQDCoR89khftz/8NAqxP/41nd2aoErIJYUpPwnqh+khO
C8+/kWvJRiwLa4H+aotHxif1aeEcbqy4KeF3xdduwfrjqfd4+p6ve237UzIc6/Vz
DgjRtH3g4xcNuP6Z6Qfu2mfeusvp31txpXIUZGTbGx7WGwKC+a4HTy8yXW8PShBy
mjSMpkxv84IWgExQ+XBz67jPS77XKHmdhKqRwWOZXIepO7OB6omLm+Rv/Rp+HiiK
PUgMf8Wxhc/6/GP0EY5J2U1xB7oOSa3XXMJVXuobS+OB5UpbETF6og2KeRaXnVYK
NVc6AyKzbSsxJONMK3/SN85BeIT4leUyvgDzZ94IRzGM
-----END CERTIFICATE-----