Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/B9UIkt298XY49-IO-UmLT3aN3x0.roa
File:                     B9UIkt298XY49-IO-UmLT3aN3x0.roa (raw, json)
Hash identifier:          weN9IFex6TnFupDlKVWRK7osVES7bmht7fUGFpkI0Xg=
Subject key identifier:   07:D5:08:92:DD:BD:F1:76:38:F7:E2:0E:F9:49:8B:4F:76:8D:DF:1D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E148360B0F3AAB3E4D2AD8CA9F6D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/B9UIkt298XY49-IO-UmLT3aN3x0.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        85.202.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e1:48:36:0b:0f:3a:ab:3e:4d:2a:d8:ca:9f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07d50892ddbdf17638f7e20ef9498b4f768ddf1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d8:2a:e2:c0:a7:b7:95:7e:12:07:77:6c:d3:
                    16:3e:c6:ea:da:dd:4c:80:8e:8c:1e:2a:6a:a7:98:
                    75:e6:84:dc:b9:3b:1c:c7:a4:2c:9c:5b:4f:bf:aa:
                    19:fa:9e:dd:ca:d5:66:89:ca:7d:0e:9e:00:17:5d:
                    5e:34:a7:26:9b:22:71:3b:46:49:f4:40:2b:11:17:
                    21:49:3b:9a:b6:e4:4d:6c:71:6a:0a:a4:ab:a8:86:
                    1e:9d:4b:b1:2e:f6:85:af:3c:f1:72:da:f5:01:e4:
                    a2:86:d0:58:8e:ce:98:c5:f2:1f:a8:76:64:b1:7f:
                    8f:70:76:d2:40:74:82:00:9c:8a:b1:bd:8d:80:a0:
                    24:b0:fe:a4:40:62:b1:69:1e:ac:1f:5e:1a:ae:23:
                    75:79:33:4a:3c:7d:a7:74:a6:a8:dc:0e:0c:69:d1:
                    09:7d:67:75:d9:82:a9:7b:48:14:35:b0:56:da:8f:
                    94:76:a1:ed:94:41:98:1f:cc:da:62:b9:6a:c8:0d:
                    0c:6b:f1:e8:ed:23:f0:9a:d4:ee:06:78:01:e8:37:
                    c5:b7:35:79:6d:9c:13:40:93:d1:e3:b5:f2:ad:d5:
                    13:ef:1e:ba:11:3d:a5:50:30:4f:89:c8:b8:eb:bb:
                    6d:8e:df:21:16:12:67:e8:41:80:aa:c4:39:7d:34:
                    0f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D5:08:92:DD:BD:F1:76:38:F7:E2:0E:F9:49:8B:4F:76:8D:DF:1D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/B9UIkt298XY49-IO-UmLT3aN3x0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:1a:e0:86:9a:29:26:e3:1f:8a:41:d8:c7:f3:f4:d9:8e:81:
         61:7c:e9:b8:9a:9f:fe:cb:77:ac:03:c6:9f:f7:a4:d3:ae:07:
         fc:5b:87:5e:f5:d2:6c:41:46:8a:11:3b:c5:62:d4:49:4a:22:
         3e:28:87:19:0c:6b:fe:b2:58:cb:2e:07:e8:08:14:62:98:50:
         07:93:d5:b2:5e:46:ae:38:51:5a:e3:12:f1:3c:55:cd:b5:89:
         fb:75:2f:7e:39:56:68:87:05:e4:91:94:fa:a0:4b:3f:f9:0d:
         36:c1:dc:d9:a3:c4:bc:f1:4f:96:3e:3c:5a:57:d4:9c:5b:a7:
         4a:a5:82:40:ce:f7:21:4c:90:b8:a7:8d:97:a6:f0:75:a9:bd:
         3e:e5:67:04:29:5d:fa:9f:4e:d2:44:3a:6d:7c:c9:db:79:df:
         cf:ee:2d:f0:c3:77:ce:7c:86:31:c6:11:d7:78:5d:7e:21:ac:
         31:6e:2e:84:73:c1:3e:4e:de:ed:1b:5d:1f:7f:79:db:f3:80:
         2a:39:c1:51:55:68:cd:b8:26:7c:df:e0:d1:bb:eb:50:43:a0:
         a2:1e:47:3f:27:26:df:cf:8d:54:49:81:0b:c1:1d:1e:c7:37:
         4c:95:9e:36:e0:48:32:a9:8c:13:cb:3d:a8:8b:da:5d:ee:24:
         af:1d:50:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+FINgsPOqs+TSrYyp9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Q1MDg5MmRkYmRmMTc2MzhmN2UyMGVmOTQ5OGI0Zjc2OGRkZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dgq4sCnt5V+Egd3bNMWPsbq2t1M
gI6MHipqp5h15oTcuTscx6QsnFtPv6oZ+p7dytVmicp9Dp4AF11eNKcmmyJxO0ZJ
9EArERchSTuatuRNbHFqCqSrqIYenUuxLvaFrzzxctr1AeSihtBYjs6YxfIfqHZk
sX+PcHbSQHSCAJyKsb2NgKAksP6kQGKxaR6sH14ariN1eTNKPH2ndKao3A4MadEJ
fWd12YKpe0gUNbBW2o+UdqHtlEGYH8zaYrlqyA0Ma/Ho7SPwmtTuBngB6DfFtzV5
bZwTQJPR47XyrdUT7x66ET2lUDBPici467ttjt8hFhJn6EGAqsQ5fTQPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfVCJLdvfF2OPfiDvlJi092jd8dMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvQjlVSWt0Mjk4WFk0OS1JTy1VbUxUM2FOM3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcqjMA0G
CSqGSIb3DQEBCwUAA4IBAQCDGuCGmikm4x+KQdjH8/TZjoFhfOm4mp/+y3esA8af
96TTrgf8W4de9dJsQUaKETvFYtRJSiI+KIcZDGv+sljLLgfoCBRimFAHk9WyXkau
OFFa4xLxPFXNtYn7dS9+OVZohwXkkZT6oEs/+Q02wdzZo8S88U+WPjxaV9ScW6dK
pYJAzvchTJC4p42XpvB1qb0+5WcEKV36n07SRDptfMnbed/P7i3ww3fOfIYxxhHX
eF1+Iawxbi6Ec8E+Tt7tG10ff3nb84AqOcFRVWjNuCZ83+DRu+tQQ6CiHkc/Jybf
z41USYELwR0exzdMlZ424EgyqYwTyz2oi9pd7iSvHVBW
-----END CERTIFICATE-----