Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/8Evkhh8hjRldYaGbFvaHlqOX__Y.roa
File:                     8Evkhh8hjRldYaGbFvaHlqOX__Y.roa (raw, json)
Hash identifier:          Q7L9lobbO9dm20JjkB/3oAKRTwDyGuj0xPS8HbGkv9g=
Subject key identifier:   F0:4B:E4:86:1F:21:8D:19:5D:61:A1:9B:16:F6:87:96:A3:97:FF:F6
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BF92CA9DC9B8B5A0E52FF87145087
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/8Evkhh8hjRldYaGbFvaHlqOX__Y.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208807
IP address blocks:        85.31.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f9:2c:a9:dc:9b:8b:5a:0e:52:ff:87:14:50:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f04be4861f218d195d61a19b16f68796a397fff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f5:d5:4b:3d:fe:2d:6e:95:fd:06:b6:fd:6c:
                    20:e4:c2:a1:42:c7:af:87:61:bb:54:2c:49:2d:db:
                    4f:1c:a0:4a:c5:fe:91:27:27:f0:e9:ce:48:15:1c:
                    1b:b2:da:c4:5e:e5:97:c6:c6:a1:3d:c3:06:d2:41:
                    e7:d7:2b:60:7b:34:a6:4c:8b:b0:29:08:d5:2b:91:
                    8f:09:34:5e:18:95:f4:b1:05:0d:ff:c0:81:ac:47:
                    75:68:49:68:c7:7e:85:68:64:e6:4f:fb:87:b5:80:
                    3e:c2:38:02:f4:06:98:c3:f9:a6:d4:96:11:2b:96:
                    f0:56:4e:5d:c7:7e:af:20:34:b2:d1:45:a3:8e:a8:
                    11:5a:6a:fd:c4:02:da:fb:3b:8e:69:35:de:b3:45:
                    28:94:20:2a:6c:c7:36:51:14:3c:c2:66:b7:8c:54:
                    2f:41:c0:c2:2b:08:d2:c7:6e:50:73:68:d1:82:7b:
                    d9:d4:69:f3:ef:7d:9b:bc:81:ed:e0:ae:ef:e4:7a:
                    a9:19:77:29:5f:9b:f9:57:a2:5b:7d:ed:d9:45:ab:
                    cb:0e:e3:a9:51:22:8e:b9:70:8b:cf:30:29:e3:28:
                    55:17:6d:33:30:6a:b4:60:48:48:84:dd:74:a2:7e:
                    79:3e:a6:a3:b3:84:73:b0:58:e7:54:9a:04:81:ce:
                    1e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4B:E4:86:1F:21:8D:19:5D:61:A1:9B:16:F6:87:96:A3:97:FF:F6
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/8Evkhh8hjRldYaGbFvaHlqOX__Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:c1:4b:e5:07:c0:0d:db:2f:71:cf:2b:59:2f:f6:66:48:7d:
         5c:8d:f1:6f:89:cd:64:d7:39:df:6a:d5:25:16:c7:21:5f:8d:
         b5:9f:f6:28:2b:f0:ef:72:de:7a:f3:e6:16:bb:09:f2:06:e6:
         4a:39:4c:cc:bc:77:0c:f4:96:e3:01:cf:39:f1:bf:6b:38:ac:
         9d:5b:f9:39:af:65:03:b8:2d:c9:2a:47:b5:04:c4:77:ab:d2:
         cd:f1:d4:1e:c4:c1:1c:1d:2c:c7:9c:65:c6:eb:b8:79:b4:ff:
         eb:00:3b:99:0b:5f:5c:a2:f3:93:39:10:4d:bc:4c:b0:e2:48:
         74:a4:1f:c4:16:41:93:5a:03:7a:62:26:51:1d:9b:76:c1:64:
         d3:c6:86:c6:a3:6e:8d:0f:b9:6f:7f:09:7c:fb:82:df:7b:25:
         c0:64:1d:c0:71:03:d8:37:7a:76:cb:06:f1:90:ed:bb:ae:79:
         43:66:4a:e1:a6:38:d6:1c:bd:87:0b:88:c0:0f:e4:07:b8:b2:
         7e:23:2e:d3:be:70:91:af:52:de:f1:4b:92:45:49:d9:d8:15:
         44:49:77:f2:32:9f:65:c9:d8:9c:e0:8a:31:4f:9e:be:3e:b1:
         bc:61:6e:8c:f5:55:8f:02:74:c0:12:c2:00:84:f1:7f:a3:ef:
         16:d6:07:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/ksqdybi1oOUv+HFFCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRiZTQ4NjFmMjE4ZDE5NWQ2MWExOWIxNmY2ODc5NmEzOTdmZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vXVSz3+LW6V/Qa2/Wwg5MKhQsev
h2G7VCxJLdtPHKBKxf6RJyfw6c5IFRwbstrEXuWXxsahPcMG0kHn1ytgezSmTIuw
KQjVK5GPCTReGJX0sQUN/8CBrEd1aElox36FaGTmT/uHtYA+wjgC9AaYw/mm1JYR
K5bwVk5dx36vIDSy0UWjjqgRWmr9xALa+zuOaTXes0UolCAqbMc2URQ8wma3jFQv
QcDCKwjSx25Qc2jRgnvZ1Gnz732bvIHt4K7v5HqpGXcpX5v5V6Jbfe3ZRavLDuOp
USKOuXCLzzAp4yhVF20zMGq0YEhIhN10on55Pqajs4RzsFjnVJoEgc4ehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBL5IYfIY0ZXWGhmxb2h5ajl//2MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvOEV2a2hoOGhqUmxkWWFHYkZ2YUhscU9YX19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/2MA0G
CSqGSIb3DQEBCwUAA4IBAQB0wUvlB8AN2y9xzytZL/ZmSH1cjfFvic1k1znfatUl
FschX421n/YoK/Dvct568+YWuwnyBuZKOUzMvHcM9JbjAc858b9rOKydW/k5r2UD
uC3JKke1BMR3q9LN8dQexMEcHSzHnGXG67h5tP/rADuZC19covOTORBNvEyw4kh0
pB/EFkGTWgN6YiZRHZt2wWTTxobGo26ND7lvfwl8+4LfeyXAZB3AcQPYN3p2ywbx
kO27rnlDZkrhpjjWHL2HC4jAD+QHuLJ+Iy7TvnCRr1Le8UuSRUnZ2BVESXfyMp9l
ydic4IoxT56+PrG8YW6M9VWPAnTAEsIAhPF/o+8W1gdN
-----END CERTIFICATE-----