Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/gj6ujg7n9rszZ97PaMgxAObTMkc.roa
File:                     gj6ujg7n9rszZ97PaMgxAObTMkc.roa (raw, json)
Hash identifier:          +VCA/8+apgrcm47YAa5E2xMKM/rptLNPI6LAR55hHSI=
Subject key identifier:   82:3E:AE:8E:0E:E7:F6:BB:33:67:DE:CF:68:C8:31:00:E6:D3:32:47
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBBE28B3C84E461647246EA1108067
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/gj6ujg7n9rszZ97PaMgxAObTMkc.roa
Signing time:             Wed 01 Jan 2025 17:48:31 +0000
ROA not before:           Wed 01 Jan 2025 17:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209043
IP address blocks:        85.209.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:be:28:b3:c8:4e:46:16:47:24:6e:a1:10:80:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=823eae8e0ee7f6bb3367decf68c83100e6d33247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c3:4b:43:1c:0b:6c:5a:57:a0:42:f9:19:c4:
                    82:3d:18:5b:f4:9a:b1:83:a8:1c:bd:40:fa:2f:9f:
                    6f:3a:2c:94:84:08:7e:70:57:4f:bc:29:a9:3b:ee:
                    9e:56:29:7b:6e:72:3c:73:a7:aa:ae:93:95:98:07:
                    2c:64:5a:4f:44:3a:43:42:19:4a:42:93:63:8f:16:
                    db:a1:4e:b3:de:75:d9:e6:35:92:20:0f:82:30:d9:
                    a5:a5:7f:51:c8:4e:17:e1:d8:35:af:da:0a:e4:f6:
                    ac:76:4a:00:2e:45:65:97:de:ca:3e:62:e8:2b:39:
                    5c:52:11:d5:2a:ae:e1:fa:be:10:b4:18:c4:eb:32:
                    db:2a:e6:dc:1e:d1:41:ba:68:fb:11:fe:a1:e4:ad:
                    78:c3:98:b3:94:e5:ec:a4:48:fd:92:d8:da:47:e0:
                    5f:be:37:18:c5:65:6b:5a:4e:84:d3:e4:e5:f9:56:
                    72:91:74:00:70:1c:3c:24:a3:03:2a:be:35:8f:47:
                    9e:df:21:dc:67:34:6f:58:92:5e:64:64:40:6d:b7:
                    79:6d:b1:ac:86:23:d3:f1:13:fd:5d:a6:cf:7a:47:
                    c3:8e:82:17:63:97:41:70:9c:50:55:02:c3:07:73:
                    27:7e:c5:36:6d:48:80:d7:b9:cd:28:b0:9f:56:03:
                    d5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:3E:AE:8E:0E:E7:F6:BB:33:67:DE:CF:68:C8:31:00:E6:D3:32:47
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/gj6ujg7n9rszZ97PaMgxAObTMkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:6e:41:42:86:b9:e4:ec:91:68:b7:6b:f0:63:f6:0b:aa:60:
         be:60:95:71:0f:71:24:7a:6d:c5:bf:9f:3b:0c:49:4e:61:8e:
         c7:a3:d1:3e:b7:df:ea:88:a3:9a:66:f3:7a:c9:00:8e:66:53:
         30:b4:14:63:0f:08:1e:08:11:df:bf:55:07:af:93:6c:52:e5:
         7e:f1:af:49:e2:9c:f1:ef:ad:eb:17:03:7c:ca:6d:f4:21:b6:
         c0:d2:a4:bd:02:4d:ea:a4:17:3d:5a:46:be:43:2f:b2:c6:ce:
         9a:63:de:72:12:98:c6:29:f8:1c:6d:34:03:f8:81:2b:b3:1e:
         6c:a3:66:cf:ca:35:12:54:a8:b1:21:d6:da:cd:58:86:03:33:
         cd:bd:82:3e:c0:bb:7e:79:9e:f7:11:9a:ac:61:4b:0f:5e:20:
         d0:e5:1a:47:a6:ef:5d:3d:c6:bf:3d:40:29:b8:1b:f5:b5:bc:
         bb:6e:c2:0b:28:95:94:c4:7c:5e:06:e2:5a:e9:6e:c2:5b:14:
         02:f1:81:da:93:ad:69:15:64:9c:c9:e0:1c:b6:3f:2c:94:cd:
         ff:d7:00:47:05:72:79:de:be:e2:eb:31:a6:34:28:d2:2a:70:
         da:31:28:97:e2:ed:15:3e:df:c7:56:6d:a5:c4:c8:bc:dc:e1:
         aa:5b:de:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+74os8hORhZHJG6hEIBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjNlYWU4ZTBlZTdmNmJiMzM2N2RlY2Y2OGM4MzEwMGU2ZDMzMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcNLQxwLbFpXoEL5GcSCPRhb9Jqx
g6gcvUD6L59vOiyUhAh+cFdPvCmpO+6eVil7bnI8c6eqrpOVmAcsZFpPRDpDQhlK
QpNjjxbboU6z3nXZ5jWSIA+CMNmlpX9RyE4X4dg1r9oK5PasdkoALkVll97KPmLo
KzlcUhHVKq7h+r4QtBjE6zLbKubcHtFBumj7Ef6h5K14w5izlOXspEj9ktjaR+Bf
vjcYxWVrWk6E0+Tl+VZykXQAcBw8JKMDKr41j0ee3yHcZzRvWJJeZGRAbbd5bbGs
hiPT8RP9XabPekfDjoIXY5dBcJxQVQLDB3MnfsU2bUiA17nNKLCfVgPVywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFII+ro4O5/a7M2fez2jIMQDm0zJHMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZ2o2dWpnN245cnN6Wjk3UGFNZ3hBT2JUTWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdF5MA0G
CSqGSIb3DQEBCwUAA4IBAQCObkFChrnk7JFot2vwY/YLqmC+YJVxD3Ekem3Fv587
DElOYY7Ho9E+t9/qiKOaZvN6yQCOZlMwtBRjDwgeCBHfv1UHr5NsUuV+8a9J4pzx
763rFwN8ym30IbbA0qS9Ak3qpBc9Wka+Qy+yxs6aY95yEpjGKfgcbTQD+IErsx5s
o2bPyjUSVKixIdbazViGAzPNvYI+wLt+eZ73EZqsYUsPXiDQ5RpHpu9dPca/PUAp
uBv1tby7bsILKJWUxHxeBuJa6W7CWxQC8YHak61pFWScyeActj8slM3/1wBHBXJ5
3r7i6zGmNCjSKnDaMSiX4u0VPt/HVm2lxMi83OGqW94N
-----END CERTIFICATE-----