Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1I3r14eWi8whXikK8thT9CcoONo.roa
File:                     1I3r14eWi8whXikK8thT9CcoONo.roa (raw, json)
Hash identifier:          dXuHPX+CiFtynaQ4blRvwT5aMYi7pulbdieYpQUIG6A=
Subject key identifier:   D4:8D:EB:D7:87:96:8B:CC:21:5E:29:0A:F2:D8:53:F4:27:28:38:DA
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBB9BC46E5CD878502F8691B14C204
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1I3r14eWi8whXikK8thT9CcoONo.roa
Signing time:             Wed 01 Jan 2025 17:48:29 +0000
ROA not before:           Wed 01 Jan 2025 17:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202656
IP address blocks:        85.209.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b9:bc:46:e5:cd:87:85:02:f8:69:1b:14:c2:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d48debd787968bcc215e290af2d853f4272838da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5c:be:37:a3:d3:37:5f:d6:57:48:5f:dc:c2:
                    62:68:ba:c4:c5:ed:28:50:c4:99:fe:65:10:cc:38:
                    cf:4b:f4:4f:c8:91:9e:73:d6:2d:ee:fd:36:0a:a8:
                    0f:74:fd:5d:b8:60:b0:e2:b2:29:ad:f0:82:a0:3f:
                    f2:7b:14:eb:4d:a9:8c:6a:65:a3:b4:3b:65:5f:3e:
                    ab:04:82:01:89:80:eb:0e:df:14:71:51:f3:55:f0:
                    fd:ad:4e:d4:85:63:cc:65:0f:47:e7:ab:83:4c:66:
                    a8:43:11:8b:03:73:cf:96:62:97:69:ed:26:1f:e3:
                    de:1e:2d:a9:48:b0:21:65:22:94:b2:ea:21:41:78:
                    fa:d2:d1:80:4f:9c:47:5b:5f:54:79:9b:5f:45:64:
                    14:5a:76:d2:99:62:81:b8:8b:89:40:a6:fa:35:11:
                    b4:42:a5:71:04:dc:9e:76:fd:03:4a:ba:56:83:31:
                    43:7a:d0:da:ea:90:17:ec:bc:47:92:f0:bb:56:b2:
                    ee:91:20:5f:36:30:ed:b2:4c:7f:99:50:e6:8b:8e:
                    bc:68:f3:43:31:d5:f5:32:f6:ee:2a:fe:af:f8:0b:
                    c3:f7:50:b1:15:c9:d6:0e:7b:09:ca:4d:3b:5a:12:
                    b2:d4:24:21:e1:a6:02:99:08:f2:86:d7:00:0e:d5:
                    89:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8D:EB:D7:87:96:8B:CC:21:5E:29:0A:F2:D8:53:F4:27:28:38:DA
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1I3r14eWi8whXikK8thT9CcoONo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:26:54:2a:00:9d:9f:16:11:f1:58:a3:2b:c9:7d:51:55:58:
         45:16:57:6c:1f:9e:27:31:0b:6c:d1:12:38:bb:e8:7a:f6:ad:
         ff:dc:b2:67:70:8c:f0:ba:29:8e:2b:43:d4:ee:0e:d1:bc:62:
         ee:9f:5d:54:40:1d:c9:77:c3:3c:70:ec:d7:7d:8a:98:4c:78:
         7b:0f:ec:20:03:06:ca:43:0b:1a:e8:0d:b2:87:43:42:f8:fe:
         9a:cf:3c:e9:e3:0a:95:07:5e:70:2d:1a:66:6d:64:5e:af:b7:
         30:61:cc:3a:f2:c8:e9:61:a5:3a:50:16:c3:16:74:07:6a:38:
         28:d9:e5:4d:af:fa:73:71:76:74:ce:29:db:c0:5a:07:e0:f3:
         60:7c:5e:9a:ea:ed:b4:ed:92:07:73:1c:7d:8a:f3:6f:f1:03:
         06:c1:5b:1a:56:b7:ae:14:af:c9:f5:4f:b1:88:8b:05:dd:28:
         4b:5f:01:1a:67:73:34:a4:21:2a:fd:a9:d1:d9:12:87:ff:7b:
         64:0d:3f:8c:8a:1d:9f:14:59:21:81:ea:1b:fe:17:21:da:d8:
         9f:6c:90:34:3f:b9:93:ed:2a:2b:c3:0e:10:4f:5a:ec:1e:ad:
         b4:3e:de:2f:25:3b:a7:9e:10:50:8b:e2:c1:1a:ab:0e:c9:e7:
         91:9a:3e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7m8RuXNh4UC+GkbFMIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhkZWJkNzg3OTY4YmNjMjE1ZTI5MGFmMmQ4NTNmNDI3MjgzOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVy+N6PTN1/WV0hf3MJiaLrExe0o
UMSZ/mUQzDjPS/RPyJGec9Yt7v02CqgPdP1duGCw4rIprfCCoD/yexTrTamMamWj
tDtlXz6rBIIBiYDrDt8UcVHzVfD9rU7UhWPMZQ9H56uDTGaoQxGLA3PPlmKXae0m
H+PeHi2pSLAhZSKUsuohQXj60tGAT5xHW19UeZtfRWQUWnbSmWKBuIuJQKb6NRG0
QqVxBNyedv0DSrpWgzFDetDa6pAX7LxHkvC7VrLukSBfNjDtskx/mVDmi468aPND
MdX1MvbuKv6v+AvD91CxFcnWDnsJyk07WhKy1CQh4aYCmQjyhtcADtWJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSN69eHlovMIV4pCvLYU/QnKDjaMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMUkzcjE0ZVdpOHdoWGlrSzh0aFQ5Q2NvT05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdF6MA0G
CSqGSIb3DQEBCwUAA4IBAQA3JlQqAJ2fFhHxWKMryX1RVVhFFldsH54nMQts0RI4
u+h69q3/3LJncIzwuimOK0PU7g7RvGLun11UQB3Jd8M8cOzXfYqYTHh7D+wgAwbK
Qwsa6A2yh0NC+P6azzzp4wqVB15wLRpmbWRer7cwYcw68sjpYaU6UBbDFnQHajgo
2eVNr/pzcXZ0zinbwFoH4PNgfF6a6u207ZIHcxx9ivNv8QMGwVsaVreuFK/J9U+x
iIsF3ShLXwEaZ3M0pCEq/anR2RKH/3tkDT+Mih2fFFkhgeob/hch2tifbJA0P7mT
7Sorww4QT1rsHq20Pt4vJTunnhBQi+LBGqsOyeeRmj6r
-----END CERTIFICATE-----