Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/y8NDI14HxyF-6rv1YjKt09P-Roc.roa
File:                     y8NDI14HxyF-6rv1YjKt09P-Roc.roa (raw, json)
Hash identifier:          l1fpSyMFygSSYc0EHcLTs74x1sQc5SsGK8k68YrXGNc=
Subject key identifier:   CB:C3:43:23:5E:07:C7:21:7E:EA:BB:F5:62:32:AD:D3:D3:FE:46:87
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018D3C3179621F18CE6EA83D8C06D2D1BC85
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/y8NDI14HxyF-6rv1YjKt09P-Roc.roa
Signing time:             Wed 24 Jan 2024 15:58:11 +0000
ROA not before:           Wed 24 Jan 2024 15:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        85.209.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:31:79:62:1f:18:ce:6e:a8:3d:8c:06:d2:d1:bc:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 24 15:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbc343235e07c7217eeabbf56232add3d3fe4687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:37:ea:55:4e:f7:49:3b:a9:ff:db:e7:d3:5c:
                    12:a4:b1:45:f2:25:cc:64:b1:cf:b9:5a:17:58:1d:
                    aa:a1:e0:f4:b5:02:82:d2:10:d4:6d:9b:c7:03:39:
                    4b:ea:d0:51:fd:95:83:05:9e:17:05:ed:16:cf:99:
                    d5:cb:00:94:1c:13:4b:e2:d2:dd:b1:d6:08:9c:7f:
                    0a:90:f4:c1:41:c3:2a:66:a5:33:20:ad:a9:10:3d:
                    2b:78:34:90:d2:f8:39:3d:ee:98:e0:60:dd:09:ab:
                    e9:8b:99:8b:2b:40:27:50:e5:8e:82:46:d9:89:f1:
                    c2:b7:f4:44:8f:d9:96:78:8a:27:ec:bb:21:01:15:
                    d3:d0:b9:ea:34:89:7a:df:62:2c:a8:dd:df:24:49:
                    2e:82:95:f6:5b:b3:7c:2b:10:fd:b4:0a:6f:2c:b1:
                    04:f9:d4:23:59:ed:dc:f1:fd:bf:d1:b6:81:73:2d:
                    a2:87:c0:5d:f1:5d:8c:eb:06:98:7d:99:5d:ff:af:
                    29:e3:fd:f5:93:18:60:e7:c4:1e:cb:c1:7b:f3:21:
                    f8:58:9a:ad:38:e9:99:b0:00:76:af:1f:12:a6:90:
                    f4:5b:47:ec:7b:48:0d:c4:3c:d7:72:5e:b8:98:a8:
                    ad:ec:61:f3:42:7a:83:d8:27:5f:80:5b:5a:95:df:
                    1a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C3:43:23:5E:07:C7:21:7E:EA:BB:F5:62:32:AD:D3:D3:FE:46:87
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/y8NDI14HxyF-6rv1YjKt09P-Roc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ff:6f:3d:3a:35:fb:c7:43:e4:4a:76:34:cf:b9:fd:7f:29:
         52:c4:c6:77:9f:03:0c:96:e9:87:43:6d:50:bc:83:d5:77:ef:
         9c:ea:bd:d5:94:fd:01:86:66:12:aa:cf:b3:23:be:7f:41:a5:
         e6:88:ad:c0:a8:a5:7e:2a:f2:a4:f7:e4:fc:d7:84:2f:c5:eb:
         cd:88:39:e3:37:23:4c:3f:e5:ad:c0:4e:60:90:28:22:0f:d7:
         3b:85:40:71:f6:57:5f:40:9e:18:8f:38:b6:16:43:a2:36:f9:
         41:17:01:19:9f:c3:f9:6f:a3:d0:b8:fd:fe:fd:99:cb:b0:7e:
         d7:88:6e:ce:c6:4f:f3:84:86:37:a6:64:79:70:4e:03:25:fd:
         38:2c:33:e8:3c:31:7d:96:90:ad:77:a2:4e:f2:bb:6a:28:42:
         31:d6:6a:e9:27:43:b2:46:3d:b9:55:b6:98:2a:b0:3f:0a:b0:
         6e:69:5e:18:4d:c5:fa:b0:f1:cd:bb:18:ce:3a:c8:c4:ba:f6:
         d6:f9:e4:f9:98:ef:ae:34:24:97:83:4d:19:c2:4d:8f:48:d5:
         f7:97:13:d4:e1:c0:e9:df:a6:16:18:db:65:1a:de:77:1f:cc:
         1a:02:01:2b:29:ab:56:94:ca:30:5c:cf:59:f8:23:fd:07:53:
         3c:48:30:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY08MXliHxjObqg9jAbS0byFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTI0MTU1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmMzNDMyMzVlMDdjNzIxN2VlYWJiZjU2MjMyYWRkM2QzZmU0Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzfqVU73STup/9vn01wSpLFF8iXM
ZLHPuVoXWB2qoeD0tQKC0hDUbZvHAzlL6tBR/ZWDBZ4XBe0Wz5nVywCUHBNL4tLd
sdYInH8KkPTBQcMqZqUzIK2pED0reDSQ0vg5Pe6Y4GDdCavpi5mLK0AnUOWOgkbZ
ifHCt/REj9mWeIon7LshARXT0LnqNIl632IsqN3fJEkugpX2W7N8KxD9tApvLLEE
+dQjWe3c8f2/0baBcy2ih8Bd8V2M6waYfZld/68p4/31kxhg58Qey8F78yH4WJqt
OOmZsAB2rx8SppD0W0fse0gNxDzXcl64mKit7GHzQnqD2CdfgFtald8aeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvDQyNeB8chfuq79WIyrdPT/kaHMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEveThOREkxNEh4eUYtNnJ2MVlqS3QwOVAtUm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdF5MA0G
CSqGSIb3DQEBCwUAA4IBAQBr/289OjX7x0PkSnY0z7n9fylSxMZ3nwMMlumHQ21Q
vIPVd++c6r3VlP0BhmYSqs+zI75/QaXmiK3AqKV+KvKk9+T814QvxevNiDnjNyNM
P+WtwE5gkCgiD9c7hUBx9ldfQJ4Yjzi2FkOiNvlBFwEZn8P5b6PQuP3+/ZnLsH7X
iG7Oxk/zhIY3pmR5cE4DJf04LDPoPDF9lpCtd6JO8rtqKEIx1mrpJ0OyRj25VbaY
KrA/CrBuaV4YTcX6sPHNuxjOOsjEuvbW+eT5mO+uNCSXg00Zwk2PSNX3lxPU4cDp
36YWGNtlGt53H8waAgErKatWlMowXM9Z+CP9B1M8SDBd
-----END CERTIFICATE-----