Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/bBGzNd5qGUUIPYH3-5zWMnwwyJg.roa
File:                     bBGzNd5qGUUIPYH3-5zWMnwwyJg.roa (raw, json)
Hash identifier:          290Z2J6Jo9xanYpdqpciKr53wSmtU/PW4k3Qs+NnOTs=
Subject key identifier:   6C:11:B3:35:DE:6A:19:45:08:3D:81:F7:FB:9C:D6:32:7C:30:C8:98
Certificate issuer:       /CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
Certificate serial:       019422FB6F725E00EBDE6F19A998AB12D434
Authority key identifier: DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/bBGzNd5qGUUIPYH3-5zWMnwwyJg.roa
Signing time:             Wed 01 Jan 2025 17:48:10 +0000
ROA not before:           Wed 01 Jan 2025 17:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215273
IP address blocks:        85.194.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6f:72:5e:00:eb:de:6f:19:a9:98:ab:12:d4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
        Validity
            Not Before: Jan  1 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c11b335de6a1945083d81f7fb9cd6327c30c898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:95:fd:37:4d:63:d2:81:d4:4d:fc:80:43:7c:
                    b4:64:35:14:36:7d:c8:83:93:09:1a:60:b6:b9:23:
                    ab:7d:77:f5:eb:8e:37:b9:79:46:44:59:45:8c:e7:
                    31:d7:83:f3:57:10:95:1b:c7:29:4a:81:7b:a6:b4:
                    2c:8a:aa:da:1e:65:0e:db:f3:ff:e3:84:a5:98:38:
                    92:b7:13:84:1b:a6:43:01:1a:bb:71:43:46:bb:20:
                    4e:87:1a:b5:31:73:c7:a3:ca:89:37:fd:40:47:39:
                    54:5a:89:a6:ae:0f:e3:87:f9:47:46:0d:c4:df:00:
                    c2:e0:70:56:c9:67:05:83:da:bc:0d:8f:91:7c:cd:
                    8f:f2:77:b5:61:5e:1a:a9:2e:a9:c8:ff:bc:9d:93:
                    58:6e:27:41:69:c0:c8:e7:bb:c6:3c:57:2f:f8:a9:
                    c8:a2:1f:dc:54:ed:52:e0:51:e7:b5:83:a4:6f:72:
                    7d:d0:40:88:5b:8d:42:a2:2f:0f:f3:50:3c:4b:4f:
                    72:90:7a:b2:b3:83:51:30:a2:2f:a2:af:3e:6c:84:
                    56:15:72:44:d8:9b:55:90:cd:41:fc:e3:31:33:99:
                    f7:5d:45:89:74:29:e3:88:4a:5c:7b:e7:ef:cf:cb:
                    9d:23:7a:e6:ae:56:16:2a:b3:b3:2d:04:f3:0e:de:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:11:B3:35:DE:6A:19:45:08:3D:81:F7:FB:9C:D6:32:7C:30:C8:98
            X509v3 Authority Key Identifier:
                keyid:DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/bBGzNd5qGUUIPYH3-5zWMnwwyJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:34:7e:aa:95:b8:16:67:3c:9a:0c:bb:64:51:14:8a:4e:54:
         85:ca:cb:f3:0c:13:2b:e7:9b:d9:ea:9d:4c:9e:2e:8c:80:e5:
         35:3e:a2:c5:93:29:1f:97:e8:c0:75:be:90:40:08:49:3f:08:
         ee:c0:b3:6a:a8:8d:29:5b:29:98:50:29:0a:4d:cb:57:40:d9:
         61:d2:a3:46:14:b4:b6:7e:bb:61:e0:94:a5:2e:8b:dd:eb:65:
         d6:c2:d1:51:39:e3:d6:0d:bd:91:d4:29:e0:9c:b3:14:a3:81:
         5a:91:7c:b2:92:be:a1:ca:38:8c:20:1a:ce:e1:84:e8:f1:bc:
         b6:46:0d:1d:ee:3c:aa:92:3d:75:d9:df:a7:ea:bf:ba:19:4d:
         94:49:ff:15:16:8c:35:66:bd:6e:6d:c7:ee:1a:df:54:10:cf:
         d9:d9:2e:ea:46:7e:63:de:ae:23:4e:31:2f:bb:75:ba:ce:29:
         b2:57:05:8e:f1:89:83:c5:34:fc:ba:60:03:bb:14:1e:d1:b8:
         13:76:ee:5c:3a:69:0a:1a:6a:8e:c8:dc:54:c0:e9:a4:77:9c:
         0e:6c:33:c4:64:94:e4:20:21:f8:67:f9:87:2a:e3:4e:7e:55:
         f5:84:9c:c1:79:8d:00:e3:df:4a:1d:8d:3d:44:93:97:3e:6f:
         88:ee:84:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+29yXgDr3m8ZqZirEtQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGIzM2NkZGI3OTliN2JjZjVkM2RjZTAwNGZkYmE4YzNl
ODY0ZmYwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzExYjMzNWRlNmExOTQ1MDgzZDgxZjdmYjljZDYzMjdjMzBjODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZX9N01j0oHUTfyAQ3y0ZDUUNn3I
g5MJGmC2uSOrfXf16443uXlGRFlFjOcx14PzVxCVG8cpSoF7prQsiqraHmUO2/P/
44SlmDiStxOEG6ZDARq7cUNGuyBOhxq1MXPHo8qJN/1ARzlUWommrg/jh/lHRg3E
3wDC4HBWyWcFg9q8DY+RfM2P8ne1YV4aqS6pyP+8nZNYbidBacDI57vGPFcv+KnI
oh/cVO1S4FHntYOkb3J90ECIW41Coi8P81A8S09ykHqys4NRMKIvoq8+bIRWFXJE
2JtVkM1B/OMxM5n3XUWJdCnjiEpce+fvz8udI3rmrlYWKrOzLQTzDt5syQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwRszXeahlFCD2B9/uc1jJ8MMiYMB8GA1UdIwQY
MBaAFNoLM83beZt7z109zgBP26jD6GT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQt
NzczM2JkODg4ZTI4LzEvYkJHek5kNXFHVVVJUFlIMy01eldNbnd3eUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQtNzczM2JkODg4ZTI4
LzEvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcKJMA0G
CSqGSIb3DQEBCwUAA4IBAQB4NH6qlbgWZzyaDLtkURSKTlSFysvzDBMr55vZ6p1M
ni6MgOU1PqLFkykfl+jAdb6QQAhJPwjuwLNqqI0pWymYUCkKTctXQNlh0qNGFLS2
frth4JSlLovd62XWwtFROePWDb2R1CngnLMUo4FakXyykr6hyjiMIBrO4YTo8by2
Rg0d7jyqkj112d+n6r+6GU2USf8VFow1Zr1ubcfuGt9UEM/Z2S7qRn5j3q4jTjEv
u3W6zimyVwWO8YmDxTT8umADuxQe0bgTdu5cOmkKGmqOyNxUwOmkd5wObDPEZJTk
ICH4Z/mHKuNOflX1hJzBeY0A499KHY09RJOXPm+I7oTt
-----END CERTIFICATE-----