Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8izvkYFDSOWONCfNHXcJ313VtsM.roa
File:                     8izvkYFDSOWONCfNHXcJ313VtsM.roa (raw, json)
Hash identifier:          EgORFt4rdkHiYwy2FIi6dDPxT5R/z6IelFcETgv61v4=
Subject key identifier:   F2:2C:EF:91:81:43:48:E5:8E:34:27:CD:1D:77:09:DF:5D:D5:B6:C3
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBC0E4AACB70343D2A374505443522
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8izvkYFDSOWONCfNHXcJ313VtsM.roa
Signing time:             Wed 01 Jan 2025 17:48:31 +0000
ROA not before:           Wed 01 Jan 2025 17:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        85.209.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c0:e4:aa:cb:70:34:3d:2a:37:45:05:44:35:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f22cef91814348e58e3427cd1d7709df5dd5b6c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:10:69:44:03:3f:79:80:07:a6:11:95:f1:bd:
                    b8:77:61:09:45:fa:cd:36:fd:98:aa:69:5b:4a:6a:
                    32:ff:ea:ef:68:84:05:a4:b6:50:11:28:b4:a2:f9:
                    41:4b:57:58:82:27:a4:42:cf:cb:b1:b4:b8:2e:54:
                    19:46:4a:fd:4f:29:b2:4f:13:57:95:f1:46:fc:dd:
                    6e:7f:c0:92:f9:9a:fe:34:ab:64:51:51:e7:d4:79:
                    f0:c0:16:7b:dd:12:57:f1:ac:c8:71:18:84:fb:ff:
                    d2:49:12:ea:8a:4e:12:0d:74:e1:8a:d4:eb:78:a3:
                    5d:e5:88:db:a7:38:fa:e0:03:09:d5:79:a9:09:e6:
                    ac:3f:16:3a:53:73:a5:4c:27:d9:45:b0:4f:51:d6:
                    7b:56:8b:f3:92:02:cf:37:7e:57:7b:91:ca:ce:6c:
                    43:28:d6:76:36:8a:9b:f7:0c:6c:f0:09:9e:ef:1e:
                    11:24:19:2a:6c:9d:e4:0b:e3:00:10:5a:3f:69:cc:
                    09:30:7a:80:ef:3b:f2:08:a8:ce:d1:7f:fd:22:b1:
                    4c:d5:1f:33:84:0c:ab:c6:b6:ae:27:ee:76:8a:9f:
                    ab:3a:38:4c:b8:76:ef:23:76:d0:4a:36:ea:6b:2e:
                    94:e1:e6:9f:ca:89:87:58:3a:d0:d0:63:d3:91:44:
                    a8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:2C:EF:91:81:43:48:E5:8E:34:27:CD:1D:77:09:DF:5D:D5:B6:C3
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/8izvkYFDSOWONCfNHXcJ313VtsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:a1:9f:87:da:2e:66:b0:41:af:7e:c8:39:54:51:02:d0:a3:
         97:ae:17:0c:e9:b6:85:f9:c5:73:03:a4:04:78:e5:0f:01:84:
         5c:2b:da:6d:1f:ad:59:fb:78:f6:d2:db:eb:c1:79:de:69:69:
         1f:7a:dd:15:c5:7f:1c:06:81:70:b8:93:e5:8f:2a:95:ac:03:
         67:7f:b5:40:8c:79:38:c2:59:fa:ea:6a:bb:e5:98:e1:f8:af:
         c5:95:81:77:5c:a2:39:a8:5a:76:fe:54:ba:41:01:29:aa:27:
         bc:70:79:a5:b3:9c:e2:d8:e6:61:8e:29:47:ef:0c:4f:ac:0d:
         28:41:3c:bc:04:a1:1f:1f:c2:7c:d0:01:1c:d6:8a:83:d7:fa:
         cd:6b:d7:49:9c:51:fb:72:90:b4:f3:00:bb:d6:6e:27:a2:b9:
         46:aa:b6:f6:bc:68:48:61:db:84:45:1e:dc:c7:49:52:3b:ce:
         6f:d1:b7:7f:2c:64:53:e0:02:fc:dd:f4:de:3f:90:78:f1:b0:
         e7:fa:1c:b3:db:3e:eb:07:93:ad:4d:91:08:a6:2a:5f:27:8f:
         b3:cb:ee:53:94:9c:08:a4:8d:f6:9e:0c:1e:e6:36:18:66:bd:
         b9:19:45:05:38:ef:fb:c9:60:6d:38:08:1b:37:79:11:70:dc:
         c4:a3:06:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8DkqstwND0qN0UFRDUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjJjZWY5MTgxNDM0OGU1OGUzNDI3Y2QxZDc3MDlkZjVkZDViNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRBpRAM/eYAHphGV8b24d2EJRfrN
Nv2YqmlbSmoy/+rvaIQFpLZQESi0ovlBS1dYgiekQs/LsbS4LlQZRkr9TymyTxNX
lfFG/N1uf8CS+Zr+NKtkUVHn1HnwwBZ73RJX8azIcRiE+//SSRLqik4SDXThitTr
eKNd5Yjbpzj64AMJ1XmpCeasPxY6U3OlTCfZRbBPUdZ7VovzkgLPN35Xe5HKzmxD
KNZ2Noqb9wxs8Ame7x4RJBkqbJ3kC+MAEFo/acwJMHqA7zvyCKjO0X/9IrFM1R8z
hAyrxrauJ+52ip+rOjhMuHbvI3bQSjbqay6U4eafyomHWDrQ0GPTkUSocQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIs75GBQ0jljjQnzR13Cd9d1bbDMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOGl6dmtZRkRTT1dPTkNmTkhYY0ozMTNWdHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdF7MA0G
CSqGSIb3DQEBCwUAA4IBAQC/oZ+H2i5msEGvfsg5VFEC0KOXrhcM6baF+cVzA6QE
eOUPAYRcK9ptH61Z+3j20tvrwXneaWkfet0VxX8cBoFwuJPljyqVrANnf7VAjHk4
wln66mq75Zjh+K/FlYF3XKI5qFp2/lS6QQEpqie8cHmls5zi2OZhjilH7wxPrA0o
QTy8BKEfH8J80AEc1oqD1/rNa9dJnFH7cpC08wC71m4norlGqrb2vGhIYduERR7c
x0lSO85v0bd/LGRT4AL83fTeP5B48bDn+hyz2z7rB5OtTZEIpipfJ4+zy+5TlJwI
pI32ngwe5jYYZr25GUUFOO/7yWBtOAgbN3kRcNzEowbo
-----END CERTIFICATE-----