Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/B9xdpXPKaKD7kATBDRUYPDrfJHM.roa
File:                     B9xdpXPKaKD7kATBDRUYPDrfJHM.roa (raw, json)
Hash identifier:          xUpn/6yW+QKWLSXqnG2abjnoqVCxULjYMRU+slTa5PQ=
Subject key identifier:   07:DC:5D:A5:73:CA:68:A0:FB:90:04:C1:0D:15:18:3C:3A:DF:24:73
Certificate issuer:       /CN=f90379f3afd94c0f26b67fffa34d6e946c29d624
Certificate serial:       019420D62D732A8B859235E4A025FCC7EDEB
Authority key identifier: F9:03:79:F3:AF:D9:4C:0F:26:B6:7F:FF:A3:4D:6E:94:6C:29:D6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/B9xdpXPKaKD7kATBDRUYPDrfJHM.roa
Signing time:             Wed 01 Jan 2025 07:48:14 +0000
ROA not before:           Wed 01 Jan 2025 07:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204865
IP address blocks:        185.237.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2d:73:2a:8b:85:92:35:e4:a0:25:fc:c7:ed:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f90379f3afd94c0f26b67fffa34d6e946c29d624
        Validity
            Not Before: Jan  1 07:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07dc5da573ca68a0fb9004c10d15183c3adf2473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:39:dd:81:c5:c1:98:81:33:c3:f0:f0:aa:73:
                    87:53:08:38:6a:9a:77:42:1e:98:a4:3f:0a:8b:83:
                    40:84:57:4c:b0:15:9d:a9:09:82:ee:3b:c7:c6:45:
                    69:6a:61:6a:ab:6c:ba:3b:6f:c9:74:8d:72:7a:1a:
                    bd:5e:31:52:35:85:6c:f0:bb:ed:8f:de:8a:6a:1e:
                    bb:ed:94:b6:56:be:7e:b3:c9:61:70:0c:9c:ca:29:
                    ca:60:68:f9:5d:f2:63:a7:a1:6b:af:f3:3c:d3:61:
                    d7:2a:5b:40:3e:14:bb:e7:09:2b:96:33:0c:74:5d:
                    08:85:fa:f6:9a:3f:12:c8:47:e4:2e:24:35:92:21:
                    8c:80:0d:ad:3b:ae:a9:2a:a9:32:97:56:3a:db:b5:
                    fb:4e:39:77:b3:40:28:bf:c8:27:0e:f7:0c:a3:b6:
                    5c:0c:ce:1c:a3:5f:41:20:1c:74:55:f6:04:48:58:
                    4f:31:07:5e:d6:3f:1e:b3:2d:16:2b:45:71:e8:a7:
                    72:4d:94:29:49:07:68:6a:19:d7:2d:29:ea:3a:bd:
                    30:31:14:1c:9d:ff:27:77:0f:c9:f6:8d:ff:c2:3b:
                    97:3e:7b:5f:98:f3:9e:36:d2:1f:30:07:24:48:0c:
                    eb:c1:3d:d7:72:61:74:1a:17:4c:3d:fa:db:3f:b3:
                    34:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DC:5D:A5:73:CA:68:A0:FB:90:04:C1:0D:15:18:3C:3A:DF:24:73
            X509v3 Authority Key Identifier:
                keyid:F9:03:79:F3:AF:D9:4C:0F:26:B6:7F:FF:A3:4D:6E:94:6C:29:D6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-QN586_ZTA8mtn__o01ulGwp1iQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/B9xdpXPKaKD7kATBDRUYPDrfJHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/de7ef6-bdae-4717-b061-6f207951c4b2/1/1-QN586_ZTA8mtn__o01ulGwp1iQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:9b:09:af:66:67:35:92:55:a5:6e:88:8c:07:d6:36:71:64:
         9b:1d:d0:45:8a:37:0b:10:6c:b8:31:d6:bd:75:09:c0:d8:30:
         71:2a:14:80:86:09:cb:9d:1d:2a:71:1e:d4:15:75:71:6a:83:
         cf:9e:f4:82:77:0d:40:ca:fc:18:4e:fe:bb:5a:61:58:5e:e4:
         da:2e:69:8d:2d:f9:0a:65:59:dd:0c:52:d4:49:54:dd:63:91:
         2f:b5:ae:c3:a4:62:05:cb:8c:8c:eb:d5:35:f3:b0:de:69:e5:
         fe:29:17:63:4f:50:f1:1d:ea:19:31:88:f3:d9:45:e2:42:76:
         40:52:86:4a:7c:a0:46:98:d3:ab:bf:ce:04:98:a4:46:cb:84:
         e2:94:27:2b:54:b3:fe:13:56:a7:e9:e9:4a:93:40:a7:99:96:
         2c:dc:43:d5:bc:43:70:c1:ff:02:f5:3e:37:f2:06:f5:f1:fd:
         ad:b3:d1:c4:b4:a6:28:08:8f:a9:dc:d9:bd:b3:3f:b5:24:9d:
         dd:20:be:da:69:72:23:ef:6e:0c:63:f3:a1:28:04:62:1e:6a:
         7f:ab:d4:f1:1f:72:97:83:33:8a:ce:fe:b2:f2:55:a0:81:a8:
         d6:7b:9e:7f:18:ba:a1:95:48:d8:ad:c2:8d:d6:8a:08:e1:ee:
         1f:aa:17:d9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQg1i1zKouFkjXkoCX8x+3rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MDM3OWYzYWZkOTRjMGYyNmI2N2ZmZmEzNGQ2ZTk0NmMy
OWQ2MjQwHhcNMjUwMTAxMDc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RjNWRhNTczY2E2OGEwZmI5MDA0YzEwZDE1MTgzYzNhZGYyNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DndgcXBmIEzw/DwqnOHUwg4app3
Qh6YpD8Ki4NAhFdMsBWdqQmC7jvHxkVpamFqq2y6O2/JdI1yehq9XjFSNYVs8Lvt
j96Kah677ZS2Vr5+s8lhcAycyinKYGj5XfJjp6Frr/M802HXKltAPhS75wkrljMM
dF0Ihfr2mj8SyEfkLiQ1kiGMgA2tO66pKqkyl1Y627X7Tjl3s0Aov8gnDvcMo7Zc
DM4co19BIBx0VfYESFhPMQde1j8esy0WK0Vx6KdyTZQpSQdoahnXLSnqOr0wMRQc
nf8ndw/J9o3/wjuXPntfmPOeNtIfMAckSAzrwT3XcmF0GhdMPfrbP7M0WwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAfcXaVzymig+5AEwQ0VGDw63yRzMB8GA1UdIwQY
MBaAFPkDefOv2UwPJrZ//6NNbpRsKdYkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1RTjU4Nl9aVEE4bXRuX19vMDF1bEd3cDFpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvZGU3ZWY2LWJkYWUtNDcxNy1iMDYx
LTZmMjA3OTUxYzRiMi8xL0I5eGRwWFBLYUtEN2tBVEJEUlVZUERyZkpITS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDYvZGU3ZWY2LWJkYWUtNDcxNy1iMDYxLTZmMjA3OTUxYzRi
Mi8xLzEtUU41ODZfWlRBOG10bl9fbzAxdWxHd3AxaVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC57VUw
DQYJKoZIhvcNAQELBQADggEBAGWbCa9mZzWSVaVuiIwH1jZxZJsd0EWKNwsQbLgx
1r11CcDYMHEqFICGCcudHSpxHtQVdXFqg8+e9IJ3DUDK/BhO/rtaYVhe5NouaY0t
+QplWd0MUtRJVN1jkS+1rsOkYgXLjIzr1TXzsN5p5f4pF2NPUPEd6hkxiPPZReJC
dkBShkp8oEaY06u/zgSYpEbLhOKUJytUs/4TVqfp6UqTQKeZlizcQ9W8Q3DB/wL1
PjfyBvXx/a2z0cS0pigIj6nc2b2zP7Uknd0gvtppciPvbgxj86EoBGIean+r1PEf
cpeDM4rO/rLyVaCBqNZ7nn8YuqGVSNitwo3Wigjh7h+qF9k=
-----END CERTIFICATE-----