Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/y72ioZ9vcp7DqGWY8rVyBxu728s.roa
File:                     y72ioZ9vcp7DqGWY8rVyBxu728s.roa (raw, json)
Hash identifier:          PbIGmtWe0+HcZ3GBbrnUP6pZwodFKUDC/Q3NIX5q6Jg=
Subject key identifier:   CB:BD:A2:A1:9F:6F:72:9E:C3:A8:65:98:F2:B5:72:07:1B:BB:DB:CB
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       01942747E4AF0B45B4DAF4D031ECA1968863
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/y72ioZ9vcp7DqGWY8rVyBxu728s.roa
Signing time:             Thu 02 Jan 2025 13:50:10 +0000
ROA not before:           Thu 02 Jan 2025 13:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216319
IP address blocks:        85.28.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e4:af:0b:45:b4:da:f4:d0:31:ec:a1:96:88:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  2 13:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbbda2a19f6f729ec3a86598f2b572071bbbdbcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0a:f5:5c:a5:2c:31:a7:14:f9:c3:55:ab:91:
                    55:ac:e6:02:95:40:b4:f9:20:83:73:a3:e6:a6:ac:
                    d8:21:3f:96:4d:75:fa:58:ed:c3:ba:d6:1c:da:27:
                    ab:b1:69:ba:e8:2c:b4:8d:18:d8:e4:10:3d:08:bc:
                    ed:b3:40:28:62:32:e6:ff:f0:f7:7c:5c:00:27:48:
                    ea:11:da:a4:cc:ff:47:8c:18:38:d7:85:e8:57:c9:
                    0c:d1:26:01:ac:80:2d:f1:15:32:27:b5:70:d6:2f:
                    cd:8a:db:d7:49:ba:21:0f:6d:3e:7e:71:83:bc:12:
                    9d:9c:89:82:13:74:94:3a:05:56:63:3b:44:fc:47:
                    29:f0:c8:82:07:49:88:8d:13:de:cc:40:fa:b8:d4:
                    86:b2:3a:1e:7a:0a:aa:fe:59:e2:d2:f4:61:42:4d:
                    b4:a0:1d:1b:17:75:f1:ac:cf:13:cf:ee:cc:7a:a1:
                    6d:a1:c8:2f:e0:38:fe:ad:83:c0:6b:1e:08:c9:2e:
                    e7:4d:40:9e:9c:72:f2:04:de:ad:31:a6:f8:eb:e6:
                    47:b1:d7:4d:59:49:4b:af:fd:3e:5d:a0:b2:2b:89:
                    b1:72:89:46:cf:1b:1e:aa:bb:2c:df:cf:2d:4e:1f:
                    2c:34:1d:73:41:51:f8:e8:2d:47:7b:c1:7b:db:aa:
                    68:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:BD:A2:A1:9F:6F:72:9E:C3:A8:65:98:F2:B5:72:07:1B:BB:DB:CB
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/y72ioZ9vcp7DqGWY8rVyBxu728s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:60:52:d1:99:0b:de:83:4d:83:78:2e:55:f6:2f:c5:b9:0e:
         b8:4f:57:8c:f6:02:0e:84:6f:c5:a7:07:d6:51:ad:f2:95:43:
         6d:28:fb:e6:da:fa:8a:00:2c:af:48:71:9c:5e:ac:62:ca:7d:
         73:99:fc:8d:3e:94:bc:96:4c:70:68:7c:bb:ba:be:ea:5f:51:
         f4:d6:ac:32:87:be:77:13:9b:36:75:6e:b1:19:66:6c:12:53:
         17:54:89:af:e3:c0:c8:f4:31:35:3a:27:7f:2f:71:8f:f6:f1:
         f6:d2:22:2a:4c:21:bc:68:dd:1d:fa:0c:19:a3:26:ca:ca:b7:
         3a:83:f3:eb:49:d9:f0:b2:5d:b7:21:81:01:79:ea:ba:bb:49:
         2d:cf:f1:49:dd:9a:45:7f:9e:57:30:e8:e7:b7:41:b4:0e:16:
         d8:9a:83:69:80:0a:99:80:8f:1a:18:50:34:73:92:a9:c0:9f:
         40:74:d8:47:bd:da:e9:c1:61:a3:3c:f2:e1:07:00:97:ba:69:
         03:d7:8c:47:7b:3b:8b:7a:14:f8:f0:e1:33:33:d1:71:50:f5:
         04:96:49:32:6d:bb:93:9a:b8:39:31:5d:2f:e9:45:59:ee:4f:
         4b:75:eb:92:26:95:bf:30:48:01:da:18:ba:69:52:7a:32:38:
         be:e6:1b:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+SvC0W02vTQMeyhlohjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjUwMTAyMTM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmJkYTJhMTlmNmY3MjllYzNhODY1OThmMmI1NzIwNzFiYmJkYmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAr1XKUsMacU+cNVq5FVrOYClUC0
+SCDc6PmpqzYIT+WTXX6WO3DutYc2iersWm66Cy0jRjY5BA9CLzts0AoYjLm//D3
fFwAJ0jqEdqkzP9HjBg414XoV8kM0SYBrIAt8RUyJ7Vw1i/NitvXSbohD20+fnGD
vBKdnImCE3SUOgVWYztE/Ecp8MiCB0mIjRPezED6uNSGsjoeegqq/lni0vRhQk20
oB0bF3XxrM8Tz+7MeqFtocgv4Dj+rYPAax4IyS7nTUCenHLyBN6tMab46+ZHsddN
WUlLr/0+XaCyK4mxcolGzxseqrss388tTh8sNB1zQVH46C1He8F726po4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMu9oqGfb3Kew6hlmPK1cgcbu9vLMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEveTcyaW9aOXZjcDdEcUdXWThyVnlCeHU3MjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVRwvMA0G
CSqGSIb3DQEBCwUAA4IBAQCTYFLRmQveg02DeC5V9i/FuQ64T1eM9gIOhG/FpwfW
Ua3ylUNtKPvm2vqKACyvSHGcXqxiyn1zmfyNPpS8lkxwaHy7ur7qX1H01qwyh753
E5s2dW6xGWZsElMXVImv48DI9DE1Oid/L3GP9vH20iIqTCG8aN0d+gwZoybKyrc6
g/PrSdnwsl23IYEBeeq6u0ktz/FJ3ZpFf55XMOjnt0G0DhbYmoNpgAqZgI8aGFA0
c5KpwJ9AdNhHvdrpwWGjPPLhBwCXumkD14xHezuLehT48OEzM9FxUPUElkkybbuT
mrg5MV0v6UVZ7k9LdeuSJpW/MEgB2hi6aVJ6Mji+5huA
-----END CERTIFICATE-----