Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HA3DJF2OMc1DEtSdu5NdfvHwvTw.roa
File:                     HA3DJF2OMc1DEtSdu5NdfvHwvTw.roa (raw, json)
Hash identifier:          f7j4Hf0JiazrqtzwvSS5U/s8UBRDp496e96xzYLxFj8=
Subject key identifier:   1C:0D:C3:24:5D:8E:31:CD:43:12:D4:9D:BB:93:5D:7E:F1:F0:BD:3C
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019221006BFBD11C3DD13F0C1AD3CE92828B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HA3DJF2OMc1DEtSdu5NdfvHwvTw.roa
Signing time:             Mon 23 Sep 2024 22:28:48 +0000
ROA not before:           Mon 23 Sep 2024 22:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        85.209.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:21:00:6b:fb:d1:1c:3d:d1:3f:0c:1a:d3:ce:92:82:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep 23 22:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c0dc3245d8e31cd4312d49dbb935d7ef1f0bd3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:68:98:12:3e:6b:b7:34:28:d9:1a:ba:26:cd:
                    a1:00:01:7a:2e:d9:43:4c:36:12:a0:26:be:63:26:
                    d9:2b:61:97:b5:59:97:8e:0e:1b:0c:8a:de:9b:40:
                    84:2b:4e:c7:11:58:5a:a5:c4:f5:9d:93:07:15:9c:
                    40:10:e2:2d:78:d8:bb:7c:af:1d:07:b7:55:7c:f6:
                    30:0e:15:f3:c2:be:a4:30:82:70:15:21:22:89:fb:
                    41:55:61:81:a0:4c:d3:90:f3:b0:5b:7b:01:a9:c6:
                    f0:fc:75:fd:48:1d:54:33:3a:c7:d4:28:69:90:07:
                    22:c8:31:25:09:3d:52:ef:4e:ed:f9:3d:69:f8:f3:
                    13:d5:d8:1c:d2:a8:a9:b5:b4:3e:28:a4:c2:8c:5f:
                    c7:92:34:dc:1b:97:60:fb:97:59:ff:b0:b2:ee:bc:
                    4b:c8:7e:26:98:3c:8e:d3:60:33:02:de:e9:0c:22:
                    8c:bc:45:e1:4e:16:2d:1f:01:c3:12:62:3b:f4:4b:
                    df:cf:e9:cf:14:de:19:9b:56:da:45:e3:29:1d:aa:
                    6c:63:98:1e:68:7c:e5:1e:94:1b:74:53:c4:fd:a6:
                    0c:51:fc:50:b8:23:49:ff:75:d3:7c:2f:61:27:a4:
                    10:2e:e6:21:5c:65:15:35:0d:ec:14:22:98:65:38:
                    dc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:0D:C3:24:5D:8E:31:CD:43:12:D4:9D:BB:93:5D:7E:F1:F0:BD:3C
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/HA3DJF2OMc1DEtSdu5NdfvHwvTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:31:d1:21:24:39:5f:92:71:c7:b2:6b:35:cb:36:06:3f:5b:
         c0:89:46:35:c8:55:77:22:2e:eb:c9:f1:be:86:c8:12:9b:c1:
         f8:8c:d0:10:fe:99:6e:c3:8b:8e:1c:98:fe:56:f9:4e:cf:19:
         99:af:58:ed:25:b6:d9:66:ca:f1:cb:85:fc:6f:40:e6:98:a9:
         05:4c:f3:7f:d0:78:af:6b:aa:c9:2a:55:4c:4c:b0:12:b8:aa:
         32:f3:7b:7a:fe:1e:35:84:a4:3f:a0:f8:ff:1e:5d:2a:58:2c:
         51:ce:31:0e:2e:ed:9c:da:70:1b:8e:68:c7:4f:14:1e:4b:81:
         5d:a6:4e:c0:2c:dc:0f:57:67:f0:d6:82:1f:62:c6:01:d8:22:
         2e:cb:bd:51:7d:09:6a:7c:28:8e:dc:a9:05:39:2f:fe:24:d2:
         32:25:49:24:fd:3a:51:3c:8f:62:ff:4e:af:94:dc:a6:e9:12:
         7f:29:de:c8:8d:18:fd:ee:bd:f5:0d:0b:75:34:fa:2b:f4:5e:
         fc:fd:20:be:a9:5d:fb:1c:3c:dd:02:d8:47:d3:c2:0e:40:0c:
         e0:f2:fb:5d:2b:d6:80:0a:22:66:c7:93:c7:0b:34:ee:f6:ca:
         ca:99:3d:86:5d:06:db:08:be:da:87:84:a0:bf:08:25:c2:7e:
         26:64:17:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIhAGv70Rw90T8MGtPOkoKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwOTIzMjIyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzBkYzMyNDVkOGUzMWNkNDMxMmQ0OWRiYjkzNWQ3ZWYxZjBiZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymiYEj5rtzQo2Rq6Js2hAAF6LtlD
TDYSoCa+YybZK2GXtVmXjg4bDIrem0CEK07HEVhapcT1nZMHFZxAEOIteNi7fK8d
B7dVfPYwDhXzwr6kMIJwFSEiiftBVWGBoEzTkPOwW3sBqcbw/HX9SB1UMzrH1Chp
kAciyDElCT1S707t+T1p+PMT1dgc0qiptbQ+KKTCjF/HkjTcG5dg+5dZ/7Cy7rxL
yH4mmDyO02AzAt7pDCKMvEXhThYtHwHDEmI79Evfz+nPFN4Zm1baReMpHapsY5ge
aHzlHpQbdFPE/aYMUfxQuCNJ/3XTfC9hJ6QQLuYhXGUVNQ3sFCKYZTjcmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwNwyRdjjHNQxLUnbuTXX7x8L08MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSEEzREpGMk9NYzFERXRTZHU1TmRmdkh3dlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdF6MA0G
CSqGSIb3DQEBCwUAA4IBAQBIMdEhJDlfknHHsms1yzYGP1vAiUY1yFV3Ii7ryfG+
hsgSm8H4jNAQ/pluw4uOHJj+VvlOzxmZr1jtJbbZZsrxy4X8b0DmmKkFTPN/0Hiv
a6rJKlVMTLASuKoy83t6/h41hKQ/oPj/Hl0qWCxRzjEOLu2c2nAbjmjHTxQeS4Fd
pk7ALNwPV2fw1oIfYsYB2CIuy71RfQlqfCiO3KkFOS/+JNIyJUkk/TpRPI9i/06v
lNym6RJ/Kd7IjRj97r31DQt1NPor9F78/SC+qV37HDzdAthH08IOQAzg8vtdK9aA
CiJmx5PHCzTu9srKmT2GXQbbCL7ah4Sgvwglwn4mZBdS
-----END CERTIFICATE-----