Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/T9-PpIO_ENTFow8FT1TF_efBHvE.roa
File:                     T9-PpIO_ENTFow8FT1TF_efBHvE.roa (raw, json)
Hash identifier:          uEHEbQFLMSzx+9dJbHoFtkGCqkqLxNfoGrqiXZtVgaU=
Subject key identifier:   4F:DF:8F:A4:83:BF:10:D4:C5:A3:0F:05:4F:54:C5:FD:E7:C1:1E:F1
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018CC7277440C06E05981E6F616A339E2042
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/T9-PpIO_ENTFow8FT1TF_efBHvE.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205516
IP address blocks:        185.121.83.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.80.0/24 maxlen: 24
                          185.121.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:74:40:c0:6e:05:98:1e:6f:61:6a:33:9e:20:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fdf8fa483bf10d4c5a30f054f54c5fde7c11ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:58:73:82:86:05:68:e7:c2:c5:8e:0e:d7:ab:
                    cd:18:4f:bb:0f:f2:eb:96:36:c2:fc:ad:cb:5a:11:
                    ee:13:40:a1:16:c3:af:58:a4:ec:c8:0d:ac:49:13:
                    e9:f4:37:e2:c4:92:ff:9d:aa:72:e7:d2:dd:cc:cd:
                    65:31:bd:0c:5c:bb:b9:db:ec:06:8c:99:9e:85:ee:
                    25:7a:7c:f2:08:19:16:73:4d:11:1a:81:0f:89:00:
                    80:cd:1b:bf:a4:e3:96:17:71:d6:d9:67:29:95:3b:
                    98:bb:d9:b0:ee:85:3f:10:66:b4:f4:6e:31:4e:94:
                    6e:14:35:93:87:b5:0e:cc:df:83:23:c0:bd:75:5d:
                    ef:03:22:00:fc:a7:99:68:be:e3:d5:15:bd:b2:45:
                    24:a1:ba:22:0e:15:2e:91:27:2f:5f:df:33:ec:f6:
                    bd:8b:d6:e8:07:00:2a:8d:8a:fc:c5:01:e6:b7:73:
                    f0:46:b7:27:28:ae:c0:b1:53:ca:ff:7d:56:51:24:
                    68:fb:d1:27:99:46:82:b7:af:7c:49:64:1d:da:66:
                    fb:72:8c:31:88:80:71:58:ce:6f:a9:3c:cf:10:31:
                    18:73:8c:e7:aa:06:59:ff:a4:f4:5d:e7:fe:c4:8a:
                    18:22:47:76:b0:6e:0d:aa:fe:49:52:25:02:10:6b:
                    b2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:DF:8F:A4:83:BF:10:D4:C5:A3:0F:05:4F:54:C5:FD:E7:C1:1E:F1
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/T9-PpIO_ENTFow8FT1TF_efBHvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:f8:d7:52:ce:f5:e4:3d:e2:ab:e7:e8:9d:e0:17:82:a2:84:
         11:1a:e3:e3:56:48:3b:77:dc:fc:19:ee:e7:07:61:85:d9:77:
         af:85:5c:6f:c0:4e:5e:15:78:6a:11:82:c1:b4:73:f9:8f:44:
         22:60:ce:42:6c:01:aa:0a:f5:42:f7:29:0c:12:88:f0:32:c5:
         1b:e6:07:8f:bf:40:59:6d:47:90:cd:71:86:29:9d:e9:78:b1:
         a0:84:c4:8b:4f:f7:02:11:a1:27:8a:5e:12:4b:16:1f:92:5e:
         f2:89:ef:c1:33:dc:04:29:08:c2:b9:46:16:c2:c5:ba:a9:c6:
         48:9a:48:b5:6b:0c:c7:9a:04:59:22:f3:2a:c0:f6:39:f4:d9:
         85:b4:7f:64:5a:c2:cb:86:ce:f7:0e:0e:d6:8b:73:ca:78:28:
         f5:24:4c:b0:d0:8b:6f:fd:97:bc:b4:15:2a:6a:e7:a7:41:7d:
         f5:1f:d3:8a:09:53:3a:e1:93:1e:47:53:d0:e4:61:cd:f9:e8:
         80:ec:ec:66:de:74:16:04:08:13:f1:48:55:b0:e4:65:9d:1a:
         b7:1f:aa:c1:ad:e3:1c:15:17:0e:c2:88:43:5a:39:b9:79:16:
         3c:2b:a4:6d:55:e9:fe:4b:3d:41:43:a5:56:ba:86:da:02:a9:
         a5:50:a5:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3RAwG4FmB5vYWozniBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmRmOGZhNDgzYmYxMGQ0YzVhMzBmMDU0ZjU0YzVmZGU3YzExZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1hzgoYFaOfCxY4O16vNGE+7D/Lr
ljbC/K3LWhHuE0ChFsOvWKTsyA2sSRPp9DfixJL/napy59LdzM1lMb0MXLu52+wG
jJmehe4lenzyCBkWc00RGoEPiQCAzRu/pOOWF3HW2WcplTuYu9mw7oU/EGa09G4x
TpRuFDWTh7UOzN+DI8C9dV3vAyIA/KeZaL7j1RW9skUkoboiDhUukScvX98z7Pa9
i9boBwAqjYr8xQHmt3PwRrcnKK7AsVPK/31WUSRo+9EnmUaCt698SWQd2mb7cowx
iIBxWM5vqTzPEDEYc4znqgZZ/6T0Xef+xIoYIkd2sG4Nqv5JUiUCEGuyIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/fj6SDvxDUxaMPBU9Uxf3nwR7xMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvVDktUHBJT19FTlRGb3c4RlQxVEZfZWZCSHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXlQMA0G
CSqGSIb3DQEBCwUAA4IBAQCq+NdSzvXkPeKr5+id4BeCooQRGuPjVkg7d9z8Ge7n
B2GF2XevhVxvwE5eFXhqEYLBtHP5j0QiYM5CbAGqCvVC9ykMEojwMsUb5gePv0BZ
bUeQzXGGKZ3peLGghMSLT/cCEaEnil4SSxYfkl7yie/BM9wEKQjCuUYWwsW6qcZI
mki1awzHmgRZIvMqwPY59NmFtH9kWsLLhs73Dg7Wi3PKeCj1JEyw0Itv/Ze8tBUq
auenQX31H9OKCVM64ZMeR1PQ5GHN+eiA7Oxm3nQWBAgT8UhVsORlnRq3H6rBreMc
FRcOwohDWjm5eRY8K6RtVen+Sz1BQ6VWuobaAqmlUKU2
-----END CERTIFICATE-----