Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/bRsgTPk08-KlnWUYbujqk_6W2v0.roa
File:                     bRsgTPk08-KlnWUYbujqk_6W2v0.roa (raw, json)
Hash identifier:          XZNjlfCztmwTStwyhp3/Lx6XOn87s6eJ6mo/+sF/Jhc=
Subject key identifier:   6D:1B:20:4C:F9:34:F3:E2:A5:9D:65:18:6E:E8:EA:93:FE:96:DA:FD
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B50FD10F3D10114E1B83F68DDACC
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/bRsgTPk08-KlnWUYbujqk_6W2v0.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57494
IP address blocks:        85.209.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b5:0f:d1:0f:3d:10:11:4e:1b:83:f6:8d:da:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d1b204cf934f3e2a59d65186ee8ea93fe96dafd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:63:48:93:02:4b:52:88:8b:cc:4f:96:b1:5e:
                    fc:d2:4f:0d:2e:b4:4e:ad:a2:42:56:c4:0d:35:53:
                    99:df:d1:a3:2f:00:d1:8f:6d:c6:03:eb:58:9b:6c:
                    ca:8f:40:f6:43:c8:59:b9:ba:1c:31:5b:2d:b2:8c:
                    3e:3d:8d:77:ef:9d:84:91:12:3e:a4:bd:f0:68:f2:
                    fa:38:82:ad:8b:9f:0a:ee:b6:bb:07:82:73:fd:e1:
                    fd:12:f8:80:05:d0:3c:b0:b1:cd:e3:bd:e4:f8:5c:
                    89:0a:85:5d:e2:77:10:7e:30:3a:12:f9:98:ed:65:
                    a7:ef:8e:88:d3:16:48:12:90:93:14:de:de:c0:b7:
                    3f:81:e1:71:7b:a6:94:3f:1c:2e:00:30:d7:1b:76:
                    49:9b:82:fa:74:c6:80:d5:08:22:a0:4b:e7:b2:ff:
                    60:54:05:e6:5e:67:0c:67:40:65:4b:38:f6:04:c8:
                    67:50:53:65:75:90:09:71:27:60:ac:84:4c:c6:c2:
                    da:47:9c:05:33:ae:45:2c:56:11:1c:4e:f0:c0:08:
                    f4:2f:08:92:b1:d4:5c:3c:64:2e:48:4a:59:5c:6e:
                    d5:ef:69:3f:97:b1:c4:14:ed:17:0e:c0:f7:3a:2e:
                    d4:d8:23:73:1f:75:6c:7d:bc:40:cd:27:c9:59:23:
                    75:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1B:20:4C:F9:34:F3:E2:A5:9D:65:18:6E:E8:EA:93:FE:96:DA:FD
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/bRsgTPk08-KlnWUYbujqk_6W2v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:2e:ae:03:e4:83:ae:bf:79:29:51:d1:dd:75:d3:ec:55:96:
         52:99:df:cb:cf:00:7f:ae:0c:d0:f7:8a:7d:cc:d9:70:83:c8:
         ac:4e:93:3b:f7:de:33:11:1e:af:8d:9f:ce:92:eb:8a:ed:3d:
         3d:a6:d0:cc:97:d1:cd:cc:4a:f8:1c:15:47:9d:18:dd:c7:4e:
         03:70:6d:56:19:40:09:79:6e:14:e5:d6:a1:6c:c0:c0:8b:bc:
         0e:88:39:35:6f:c9:f0:d6:8b:c5:64:8a:4f:03:16:08:fb:12:
         16:e3:35:da:11:ac:e8:98:27:66:26:a3:8d:c4:8d:d8:8d:63:
         e8:b6:8a:ae:74:cc:e1:1f:c5:78:6a:29:e1:98:f8:2a:90:fa:
         9b:c6:a3:47:84:97:26:ef:7f:82:b5:af:bb:bd:52:5a:b8:80:
         aa:f5:30:9a:9f:ea:24:b7:e1:ab:3b:73:13:0e:19:2a:c2:3e:
         22:a4:b9:8b:ba:e8:54:13:93:d3:e1:78:11:6c:4c:e5:4f:cf:
         c6:bd:d9:55:5c:c1:30:ee:6b:66:57:e9:13:7c:df:98:81:75:
         a0:1f:be:36:aa:f8:2a:35:7a:cb:ea:51:54:42:cb:d4:c1:46:
         10:1d:43:5f:5f:1f:4d:bb:90:bc:6f:ab:66:c4:17:65:f9:a0:
         f3:a4:f4:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7UP0Q89EBFOG4P2jdrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDFiMjA0Y2Y5MzRmM2UyYTU5ZDY1MTg2ZWU4ZWE5M2ZlOTZkYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmNIkwJLUoiLzE+WsV780k8NLrRO
raJCVsQNNVOZ39GjLwDRj23GA+tYm2zKj0D2Q8hZubocMVstsow+PY13752EkRI+
pL3waPL6OIKti58K7ra7B4Jz/eH9EviABdA8sLHN473k+FyJCoVd4ncQfjA6EvmY
7WWn746I0xZIEpCTFN7ewLc/geFxe6aUPxwuADDXG3ZJm4L6dMaA1QgioEvnsv9g
VAXmXmcMZ0BlSzj2BMhnUFNldZAJcSdgrIRMxsLaR5wFM65FLFYRHE7wwAj0LwiS
sdRcPGQuSEpZXG7V72k/l7HEFO0XDsD3Oi7U2CNzH3VsfbxAzSfJWSN1gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0bIEz5NPPipZ1lGG7o6pP+ltr9MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvYlJzZ1RQazA4LUtsbldVWWJ1anFrXzZXMnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdEJMA0G
CSqGSIb3DQEBCwUAA4IBAQBSLq4D5IOuv3kpUdHdddPsVZZSmd/LzwB/rgzQ94p9
zNlwg8isTpM7994zER6vjZ/OkuuK7T09ptDMl9HNzEr4HBVHnRjdx04DcG1WGUAJ
eW4U5dahbMDAi7wOiDk1b8nw1ovFZIpPAxYI+xIW4zXaEazomCdmJqONxI3YjWPo
toqudMzhH8V4ainhmPgqkPqbxqNHhJcm73+Cta+7vVJauICq9TCan+okt+GrO3MT
Dhkqwj4ipLmLuuhUE5PT4XgRbEzlT8/GvdlVXMEw7mtmV+kTfN+YgXWgH742qvgq
NXrL6lFUQsvUwUYQHUNfXx9Nu5C8b6tmxBdl+aDzpPQ2
-----END CERTIFICATE-----