Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/x_n8t7M8D_Bv99KviCzCearCTfY.roa
File:                     x_n8t7M8D_Bv99KviCzCearCTfY.roa (raw, json)
Hash identifier:          6UUSvMuuFuiYjyRFMf2UhzrLvu7QDsz9ziOkSElPsPE=
Subject key identifier:   C7:F9:FC:B7:B3:3C:0F:F0:6F:F7:D2:AF:88:2C:C2:79:AA:C2:4D:F6
Certificate issuer:       /CN=8d9f4e82dba8023999efbdad34b271a1f4892e9e
Certificate serial:       01941FFA16AA365129D269F6D341A7D31526
Authority key identifier: 8D:9F:4E:82:DB:A8:02:39:99:EF:BD:AD:34:B2:71:A1:F4:89:2E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jZ9OgtuoAjmZ772tNLJxofSJLp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/x_n8t7M8D_Bv99KviCzCearCTfY.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35299
IP address blocks:        85.31.136.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/jZ9OgtuoAjmZ772tNLJxofSJLp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/jZ9OgtuoAjmZ772tNLJxofSJLp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jZ9OgtuoAjmZ772tNLJxofSJLp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:16:aa:36:51:29:d2:69:f6:d3:41:a7:d3:15:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d9f4e82dba8023999efbdad34b271a1f4892e9e
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7f9fcb7b33c0ff06ff7d2af882cc279aac24df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:93:1e:de:7b:64:67:97:8f:5c:73:1a:93:29:
                    f3:d2:6b:9d:19:55:4f:20:b6:6c:c1:d0:d1:a4:e1:
                    03:82:34:91:32:71:eb:42:32:84:56:0f:dd:eb:60:
                    0e:05:df:05:d4:b3:c8:fa:7d:6f:c5:ba:e1:de:45:
                    a0:d3:40:a5:c3:aa:0e:5b:9e:4c:1a:ab:2c:14:6e:
                    1c:c2:6a:85:40:78:8b:f0:33:df:df:42:cf:95:33:
                    91:92:c3:a2:77:c1:7d:0a:50:29:13:fe:6a:d4:cc:
                    03:5b:65:9a:c1:39:ef:d2:bf:85:1f:84:6a:79:6f:
                    9f:b3:c7:b8:24:3d:9f:52:f8:37:c7:6e:5d:6b:ed:
                    69:6a:cc:e4:b1:06:fa:71:25:53:da:f3:02:32:ef:
                    da:cb:28:63:6d:0a:16:f2:3d:67:30:2a:95:a9:53:
                    87:5c:f7:bd:e8:2a:47:5f:98:98:53:58:44:3d:c5:
                    dd:30:b4:39:97:74:9f:84:5f:78:88:a3:3e:65:22:
                    6b:c6:c6:fa:91:a2:ad:fb:f0:6c:af:fc:7a:7d:b4:
                    3b:1e:7e:e6:41:f9:47:e3:42:75:31:a5:42:b4:97:
                    94:55:b2:18:03:86:32:da:a5:2a:b7:0e:ca:f8:d4:
                    31:a7:e5:d0:34:68:ac:35:a2:45:53:ef:b1:65:0a:
                    3b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F9:FC:B7:B3:3C:0F:F0:6F:F7:D2:AF:88:2C:C2:79:AA:C2:4D:F6
            X509v3 Authority Key Identifier:
                keyid:8D:9F:4E:82:DB:A8:02:39:99:EF:BD:AD:34:B2:71:A1:F4:89:2E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jZ9OgtuoAjmZ772tNLJxofSJLp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/x_n8t7M8D_Bv99KviCzCearCTfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a66491-ffb0-4a42-ba13-fbd9feb0f13c/1/jZ9OgtuoAjmZ772tNLJxofSJLp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:eb:ca:22:53:3e:76:88:3a:68:38:8d:fe:e7:34:05:fb:46:
         0c:38:4b:35:4a:1b:eb:0a:0c:94:5e:de:21:6c:d0:f4:a7:3b:
         89:54:33:4e:e7:ae:9f:9b:56:98:73:f9:97:b5:ad:ca:52:fb:
         35:1e:44:e1:74:b1:95:8a:cb:6f:0d:c6:c7:d3:86:ff:fd:e5:
         3a:c7:77:51:fd:68:2b:49:61:89:d0:28:53:2d:d0:f2:f0:0b:
         91:55:87:83:6e:67:a8:30:b8:e9:4e:47:01:c7:e8:7e:c6:8d:
         8a:8f:1e:58:5b:33:6d:06:89:8a:a6:91:f6:23:1c:41:d6:e5:
         6f:b4:f5:de:d0:0d:70:4f:e8:7a:37:62:cf:23:f7:0a:dc:59:
         99:a1:b3:5c:c9:96:32:00:55:38:14:ee:35:7a:c9:90:6b:10:
         57:67:f6:28:5f:0b:dc:52:fa:5f:8b:c5:66:2c:25:d9:84:04:
         45:1b:0a:8c:89:9e:14:96:b8:6d:55:f3:58:46:f9:01:14:4b:
         9d:e8:bb:75:dc:14:ad:75:42:49:59:1a:fb:62:c5:c9:0c:b4:
         2c:31:3c:89:90:50:40:13:83:17:d7:5e:dd:43:48:47:be:fa:
         18:29:6c:e9:91:63:4b:bc:f2:4a:29:39:88:1d:5d:d0:0e:d1:
         b7:e1:f1:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+haqNlEp0mn200Gn0xUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkOWY0ZTgyZGJhODAyMzk5OWVmYmRhZDM0YjI3MWExZjQ4
OTJlOWUwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y5ZmNiN2IzM2MwZmYwNmZmN2QyYWY4ODJjYzI3OWFhYzI0ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpMe3ntkZ5ePXHMakynz0mudGVVP
ILZswdDRpOEDgjSRMnHrQjKEVg/d62AOBd8F1LPI+n1vxbrh3kWg00Clw6oOW55M
GqssFG4cwmqFQHiL8DPf30LPlTORksOid8F9ClApE/5q1MwDW2WawTnv0r+FH4Rq
eW+fs8e4JD2fUvg3x25da+1paszksQb6cSVT2vMCMu/ayyhjbQoW8j1nMCqVqVOH
XPe96CpHX5iYU1hEPcXdMLQ5l3SfhF94iKM+ZSJrxsb6kaKt+/Bsr/x6fbQ7Hn7m
QflH40J1MaVCtJeUVbIYA4Yy2qUqtw7K+NQxp+XQNGisNaJFU++xZQo7IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf5/LezPA/wb/fSr4gswnmqwk32MB8GA1UdIwQY
MBaAFI2fToLbqAI5me+9rTSycaH0iS6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalo5T2d0dW9Bam1aNzcydE5MSnhvZlNKTHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hNjY0OTEtZmZiMC00YTQyLWJhMTMt
ZmJkOWZlYjBmMTNjLzEveF9uOHQ3TThEX0J2OTlLdmlDekNlYXJDVGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hNjY0OTEtZmZiMC00YTQyLWJhMTMtZmJkOWZlYjBmMTNj
LzEvalo5T2d0dW9Bam1aNzcydE5MSnhvZlNKTHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVR+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBh68oiUz52iDpoOI3+5zQF+0YMOEs1ShvrCgyUXt4h
bND0pzuJVDNO566fm1aYc/mXta3KUvs1HkThdLGVistvDcbH04b//eU6x3dR/Wgr
SWGJ0ChTLdDy8AuRVYeDbmeoMLjpTkcBx+h+xo2Kjx5YWzNtBomKppH2IxxB1uVv
tPXe0A1wT+h6N2LPI/cK3FmZobNcyZYyAFU4FO41esmQaxBXZ/YoXwvcUvpfi8Vm
LCXZhARFGwqMiZ4UlrhtVfNYRvkBFEud6Lt13BStdUJJWRr7YsXJDLQsMTyJkFBA
E4MX117dQ0hHvvoYKWzpkWNLvPJKKTmIHV3QDtG34fHI
-----END CERTIFICATE-----