Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/z_xjUJTiEKv8bjMjchy_X7D7OCQ.roa
File:                     z_xjUJTiEKv8bjMjchy_X7D7OCQ.roa (raw, json)
Hash identifier:          BG1R3SjDVfF87nLXGEYo43+Amx8QhcAgHlV3s9chlbE=
Subject key identifier:   CF:FC:63:50:94:E2:10:AB:FC:6E:33:23:72:1C:BF:5F:B0:FB:38:24
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       0194221F94C9843057EE47C6A1BB5211891D
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/z_xjUJTiEKv8bjMjchy_X7D7OCQ.roa
Signing time:             Wed 01 Jan 2025 13:48:02 +0000
ROA not before:           Wed 01 Jan 2025 13:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62020
IP address blocks:        185.9.0.0/24 maxlen: 24
                          185.9.2.0/24 maxlen: 24
                          2a03:4440::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:94:c9:84:30:57:ee:47:c6:a1:bb:52:11:89:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Jan  1 13:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cffc635094e210abfc6e3323721cbf5fb0fb3824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:79:78:a4:31:0c:85:36:ec:7e:44:4a:98:94:
                    b0:a8:5d:05:cf:c2:2b:2b:03:69:cf:64:25:f7:c0:
                    a0:41:de:6a:69:53:c4:9a:a1:fc:74:ca:63:a6:31:
                    bd:4f:fa:49:fc:f7:bd:75:69:22:87:92:22:f5:a9:
                    43:cd:e7:7a:92:aa:1f:d6:4f:e8:1e:c0:6a:a7:02:
                    c7:af:49:95:ac:95:e1:58:49:aa:71:23:e2:3c:76:
                    da:74:92:27:df:95:f5:a7:6e:3a:cb:5b:e4:17:3e:
                    2b:46:df:6e:2d:fd:28:b4:63:da:89:14:fe:dd:59:
                    15:d7:36:ef:4e:21:8b:a6:eb:36:be:93:70:4b:ac:
                    0a:72:6e:8e:15:39:c5:8c:22:00:09:6f:69:be:50:
                    a3:73:be:cb:26:04:ef:a6:30:2b:76:c5:b3:88:9b:
                    d5:e8:19:fc:ce:d6:8b:bf:56:e7:56:69:88:25:81:
                    10:b1:3f:f9:e6:1a:dc:73:ec:c3:3a:45:a9:ff:33:
                    22:d5:63:70:b9:42:f7:ed:c5:cf:b7:f0:cf:5a:ed:
                    9a:5e:69:ac:97:e3:a6:05:4f:ba:04:bd:92:28:0c:
                    3e:6f:b8:4d:f4:4d:a2:f0:bc:02:14:30:a2:fd:f5:
                    c1:40:99:65:7a:94:63:38:93:f2:c6:77:37:3c:05:
                    e8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FC:63:50:94:E2:10:AB:FC:6E:33:23:72:1C:BF:5F:B0:FB:38:24
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/z_xjUJTiEKv8bjMjchy_X7D7OCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.0.0/24
                  185.9.2.0/24
                IPv6:
                  2a03:4440::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:c7:37:05:b8:44:33:a7:82:10:7e:7e:98:2d:b0:da:2a:b8:
         be:74:f3:63:c7:f0:17:08:0f:a3:81:00:f1:60:04:65:ed:fd:
         be:19:0b:7d:77:50:47:fb:b0:4e:80:64:40:43:30:52:65:6c:
         4a:60:6a:c4:fd:de:15:01:8e:a7:2b:96:77:02:09:6a:2a:90:
         3d:1b:ac:29:43:47:e3:9a:1a:95:c5:c4:4e:41:c0:e3:bf:dc:
         bb:7f:39:f9:89:7c:32:f7:81:85:b0:72:20:89:22:03:99:1c:
         c6:27:e4:64:52:01:85:39:23:e3:64:ad:03:88:ad:f8:4e:ff:
         6a:5c:71:2f:ef:66:d8:33:d5:e5:98:1b:c3:66:eb:a9:e7:40:
         60:de:c6:a3:ef:1e:84:6d:d4:0b:7a:0d:df:6e:bf:a2:c7:6c:
         c3:63:d8:82:77:e2:3e:9f:03:f9:28:f6:66:b5:b0:e1:ca:6c:
         0f:b0:cf:ca:60:9a:75:a5:05:96:b5:ea:d5:72:8c:0a:17:5d:
         18:0d:08:fc:c4:f0:01:ce:02:f4:2b:53:6d:98:15:23:9d:83:
         dc:f8:8b:a6:03:29:23:3e:7a:a4:28:77:1a:3c:dc:74:28:f0:
         05:2e:7a:25:0d:4b:48:6f:04:0d:85:3c:8e:c5:b0:3d:d0:5f:
         1b:1c:97:e1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiH5TJhDBX7kfGobtSEYkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjUwMTAxMTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZjNjM1MDk0ZTIxMGFiZmM2ZTMzMjM3MjFjYmY1ZmIwZmIzODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHl4pDEMhTbsfkRKmJSwqF0Fz8Ir
KwNpz2Ql98CgQd5qaVPEmqH8dMpjpjG9T/pJ/Pe9dWkih5Ii9alDzed6kqof1k/o
HsBqpwLHr0mVrJXhWEmqcSPiPHbadJIn35X1p246y1vkFz4rRt9uLf0otGPaiRT+
3VkV1zbvTiGLpus2vpNwS6wKcm6OFTnFjCIACW9pvlCjc77LJgTvpjArdsWziJvV
6Bn8ztaLv1bnVmmIJYEQsT/55hrcc+zDOkWp/zMi1WNwuUL37cXPt/DPWu2aXmms
l+OmBU+6BL2SKAw+b7hN9E2i8LwCFDCi/fXBQJllepRjOJPyxnc3PAXonQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM/8Y1CU4hCr/G4zI3Icv1+w+zgkMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvel94alVKVGlFS3Y4YmpNamNoeV9YN0Q3T0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuQkAAwQA
uQkCMA0EAgACMAcDBQAqA0RAMA0GCSqGSIb3DQEBCwUAA4IBAQCQxzcFuEQzp4IQ
fn6YLbDaKri+dPNjx/AXCA+jgQDxYARl7f2+GQt9d1BH+7BOgGRAQzBSZWxKYGrE
/d4VAY6nK5Z3AglqKpA9G6wpQ0fjmhqVxcROQcDjv9y7fzn5iXwy94GFsHIgiSID
mRzGJ+RkUgGFOSPjZK0DiK34Tv9qXHEv72bYM9XlmBvDZuup50Bg3saj7x6EbdQL
eg3fbr+ix2zDY9iCd+I+nwP5KPZmtbDhymwPsM/KYJp1pQWWterVcowKF10YDQj8
xPABzgL0K1NtmBUjnYPc+IumAykjPnqkKHcaPNx0KPAFLnolDUtIbwQNhTyOxbA9
0F8bHJfh
-----END CERTIFICATE-----