Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/ppW43VM2CosiQ0jXWBLP26MIgec.roa
File:                     ppW43VM2CosiQ0jXWBLP26MIgec.roa (raw, json)
Hash identifier:          fkLyzmpdBhfbIOJrEyE+Zx2ZEoyizeyrfXYsByRxcls=
Subject key identifier:   A6:95:B8:DD:53:36:0A:8B:22:43:48:D7:58:12:CF:DB:A3:08:81:E7
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       0194AC048B69461575C93C6496355B7C8EF5
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/ppW43VM2CosiQ0jXWBLP26MIgec.roa
Signing time:             Tue 28 Jan 2025 08:26:06 +0000
ROA not before:           Tue 28 Jan 2025 08:26:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        185.89.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:04:8b:69:46:15:75:c9:3c:64:96:35:5b:7c:8e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan 28 08:26:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a695b8dd53360a8b224348d75812cfdba30881e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:09:9c:36:4f:26:cd:83:d1:df:dc:4b:69:f2:
                    a1:24:21:37:b1:b9:6b:19:88:de:2e:a4:ff:23:8d:
                    6c:5a:b0:d7:2e:56:dd:fc:94:5a:0a:36:bd:29:54:
                    d2:da:69:0f:b3:0d:40:1a:e5:80:9c:ed:51:47:07:
                    76:a4:10:a5:07:45:41:43:43:6a:03:9c:ca:da:91:
                    b9:41:99:2d:05:80:b2:fb:ed:89:7a:e3:8c:fb:c3:
                    85:b9:13:d4:70:5e:fe:58:d1:c7:00:87:26:6f:62:
                    b4:52:a8:c3:90:e7:ab:df:b7:00:5e:b7:60:6b:b3:
                    11:d6:70:49:e9:6f:ea:87:5d:f9:7a:c0:97:9c:03:
                    d3:7d:d5:27:5d:7a:b0:df:9c:89:13:61:41:67:04:
                    3c:dc:13:8d:0d:6a:f2:51:b7:b8:7e:ad:92:28:90:
                    2d:1b:37:06:75:42:51:1f:39:e7:90:d4:50:66:f4:
                    36:f5:40:58:b1:60:29:bc:7b:1a:20:e6:71:af:65:
                    a6:64:7e:f2:3e:5d:a0:41:a9:06:bc:64:12:ea:43:
                    44:3d:b7:22:bc:23:f0:90:d6:80:80:67:f5:b3:38:
                    f1:ce:96:91:f6:33:5a:8f:d4:08:f6:b3:a6:78:e4:
                    ff:da:bc:cd:ed:ab:36:bb:3c:83:10:82:be:b1:4f:
                    a6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:95:B8:DD:53:36:0A:8B:22:43:48:D7:58:12:CF:DB:A3:08:81:E7
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/ppW43VM2CosiQ0jXWBLP26MIgec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d7:cd:55:85:55:83:aa:2d:f3:24:54:c8:21:62:26:cd:85:
         36:78:5b:9e:37:67:4d:b3:7b:9a:49:c1:ac:54:25:78:6b:0c:
         e6:d5:c1:b1:00:4a:54:48:ac:3d:2b:db:43:0b:eb:1c:c3:42:
         9e:2d:9d:b5:84:c1:b9:b0:05:36:62:bc:1c:32:88:aa:0e:7e:
         6c:f1:d3:ae:d6:2a:b2:95:77:19:dd:75:e7:0d:fe:6c:25:40:
         1c:1b:51:78:77:aa:29:b1:57:59:97:9b:ff:b9:7b:4e:28:76:
         cf:92:6e:24:6a:ab:af:70:a4:08:2a:50:75:5e:57:8f:fc:2a:
         b3:62:04:7a:2f:e4:c0:a8:d6:5e:4e:98:ba:a7:f4:58:80:85:
         4d:f0:1b:a3:f2:ad:ca:97:53:a0:40:75:cb:1c:98:59:6e:aa:
         3e:68:43:25:d9:99:cd:81:e5:84:fb:ac:7e:d3:bd:97:82:05:
         ac:d7:8a:bf:91:b7:8e:5e:53:e9:8b:44:04:50:67:8f:21:fa:
         f1:d8:50:13:cf:7a:6a:ab:03:b7:e4:4c:d3:6c:0f:86:4e:e0:
         19:07:f1:1e:75:58:82:8b:db:ae:8f:b6:a1:e7:0e:68:4e:77:
         93:bb:e5:1b:66:32:4f:83:16:f0:80:bf:26:d7:2b:f2:a2:ec:
         a7:25:63:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsBItpRhV1yTxkljVbfI71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjUwMTI4MDgyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk1YjhkZDUzMzYwYThiMjI0MzQ4ZDc1ODEyY2ZkYmEzMDg4MWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwmcNk8mzYPR39xLafKhJCE3sblr
GYjeLqT/I41sWrDXLlbd/JRaCja9KVTS2mkPsw1AGuWAnO1RRwd2pBClB0VBQ0Nq
A5zK2pG5QZktBYCy++2JeuOM+8OFuRPUcF7+WNHHAIcmb2K0UqjDkOer37cAXrdg
a7MR1nBJ6W/qh135esCXnAPTfdUnXXqw35yJE2FBZwQ83BONDWryUbe4fq2SKJAt
GzcGdUJRHznnkNRQZvQ29UBYsWApvHsaIOZxr2WmZH7yPl2gQakGvGQS6kNEPbci
vCPwkNaAgGf1szjxzpaR9jNaj9QI9rOmeOT/2rzN7as2uzyDEIK+sU+mNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaVuN1TNgqLIkNI11gSz9ujCIHnMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvcHBXNDNWTTJDb3NpUTBqWFdCTFAyNk1JZ2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVn6MA0G
CSqGSIb3DQEBCwUAA4IBAQA/181VhVWDqi3zJFTIIWImzYU2eFueN2dNs3uaScGs
VCV4awzm1cGxAEpUSKw9K9tDC+scw0KeLZ21hMG5sAU2YrwcMoiqDn5s8dOu1iqy
lXcZ3XXnDf5sJUAcG1F4d6opsVdZl5v/uXtOKHbPkm4kaquvcKQIKlB1XleP/Cqz
YgR6L+TAqNZeTpi6p/RYgIVN8Buj8q3Kl1OgQHXLHJhZbqo+aEMl2ZnNgeWE+6x+
072XggWs14q/kbeOXlPpi0QEUGePIfrx2FATz3pqqwO35EzTbA+GTuAZB/EedViC
i9uuj7ah5w5oTneTu+UbZjJPgxbwgL8m1yvyouynJWNX
-----END CERTIFICATE-----