Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/9Z1sCQpBleEbCQwV7Co-zrNAbIA.roa
File:                     9Z1sCQpBleEbCQwV7Co-zrNAbIA.roa (raw, json)
Hash identifier:          UfoLlGB79TbdkVvIYtNBTfRWCjH/DZmE1KFaR5zePYY=
Subject key identifier:   F5:9D:6C:09:0A:41:95:E1:1B:09:0C:15:EC:2A:3E:CE:B3:40:6C:80
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BEAC947EF0C98D34F2BCD0C2B2E4D
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/9Z1sCQpBleEbCQwV7Co-zrNAbIA.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200670
IP address blocks:        85.31.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ea:c9:47:ef:0c:98:d3:4f:2b:cd:0c:2b:2e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f59d6c090a4195e11b090c15ec2a3eceb3406c80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e3:cc:9e:bb:da:3d:63:71:47:fa:c5:51:10:
                    f2:c1:d0:58:b0:26:60:dc:c0:b8:f2:fa:2e:be:41:
                    26:f8:ea:91:d3:a9:c5:1a:bd:18:be:66:33:92:8e:
                    8c:b8:47:ff:b0:7b:45:9d:78:e1:27:8b:f4:d5:1f:
                    ed:39:a6:5c:97:08:2d:ad:85:c9:a8:5b:b2:72:ae:
                    51:4b:aa:2d:47:33:0f:5e:67:d1:c6:f9:50:91:70:
                    8d:51:8e:00:23:3a:2a:2d:17:a5:2d:11:d4:8f:31:
                    69:4f:04:9a:09:2f:ea:52:fb:73:78:e3:3c:b8:ff:
                    03:ba:43:35:38:3b:7a:08:22:72:43:07:40:de:fc:
                    ac:0a:a6:f0:36:24:c3:95:67:98:cc:cc:0f:53:49:
                    cb:73:11:7a:7f:8e:21:a4:a3:16:89:ef:62:a5:1f:
                    82:0c:70:d1:ac:77:9c:8b:8e:e0:2b:22:f1:24:af:
                    43:af:5a:cf:b6:3a:f0:a5:db:54:76:59:42:3d:64:
                    3a:9c:46:85:fa:6a:83:5c:16:a2:42:f5:d0:f9:82:
                    c1:c4:a9:00:41:d5:39:4c:8f:78:16:b6:cc:c3:d0:
                    28:5e:10:94:dc:9d:53:68:01:ca:3d:28:3d:e5:fb:
                    df:bc:5b:2c:a4:0a:e3:01:11:71:dd:d7:cc:e3:81:
                    b8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9D:6C:09:0A:41:95:E1:1B:09:0C:15:EC:2A:3E:CE:B3:40:6C:80
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/9Z1sCQpBleEbCQwV7Co-zrNAbIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:b0:ef:1c:60:20:6e:0f:83:3f:b6:84:25:1c:3d:95:3e:8f:
         78:8a:ed:11:95:c1:fc:8c:ad:e7:14:fb:fe:a0:f3:ea:ed:a5:
         38:7c:29:1b:dc:1b:85:ce:5d:99:7c:62:1e:6b:53:5a:16:54:
         ce:96:25:1d:38:b1:ab:6e:03:6c:14:9c:95:59:fb:b6:bb:83:
         43:a7:56:aa:2b:fe:77:7e:30:5c:d4:2c:39:87:79:76:75:e8:
         91:39:80:2d:0d:ef:8a:71:dd:ad:e7:63:69:cd:1b:9a:57:ea:
         52:b8:d4:31:dd:0d:57:55:e0:90:c6:8d:33:90:18:8c:d5:d7:
         e7:dd:c7:57:1c:07:94:09:e2:67:7e:59:6a:9b:60:2a:f0:10:
         06:01:b5:8c:58:56:0b:36:cc:35:c3:ee:e2:78:42:15:36:e5:
         d6:11:b9:45:16:56:8e:63:94:a8:01:56:c6:a2:64:19:31:5e:
         93:fb:0f:f0:b3:de:af:6a:52:06:ee:b5:b5:40:d7:9a:07:24:
         3f:c3:f1:1d:4c:b1:45:2f:be:d5:00:f0:2f:83:dc:2e:83:5d:
         04:0c:ed:47:5d:8d:9e:fc:5b:17:43:57:8c:38:91:f7:13:a5:
         aa:08:3e:f9:6b:b3:4f:db:73:47:b4:4d:bb:53:29:13:b4:2f:
         a1:3f:08:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+rJR+8MmNNPK80MKy5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTlkNmMwOTBhNDE5NWUxMWIwOTBjMTVlYzJhM2VjZWIzNDA2YzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+PMnrvaPWNxR/rFURDywdBYsCZg
3MC48vouvkEm+OqR06nFGr0YvmYzko6MuEf/sHtFnXjhJ4v01R/tOaZclwgtrYXJ
qFuycq5RS6otRzMPXmfRxvlQkXCNUY4AIzoqLRelLRHUjzFpTwSaCS/qUvtzeOM8
uP8DukM1ODt6CCJyQwdA3vysCqbwNiTDlWeYzMwPU0nLcxF6f44hpKMWie9ipR+C
DHDRrHeci47gKyLxJK9Dr1rPtjrwpdtUdllCPWQ6nEaF+mqDXBaiQvXQ+YLBxKkA
QdU5TI94FrbMw9AoXhCU3J1TaAHKPSg95fvfvFsspArjARFx3dfM44G4vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWdbAkKQZXhGwkMFewqPs6zQGyAMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvOVoxc0NRcEJsZUViQ1F3VjdDby16ck5BYklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/zMA0G
CSqGSIb3DQEBCwUAA4IBAQCIsO8cYCBuD4M/toQlHD2VPo94iu0RlcH8jK3nFPv+
oPPq7aU4fCkb3BuFzl2ZfGIea1NaFlTOliUdOLGrbgNsFJyVWfu2u4NDp1aqK/53
fjBc1Cw5h3l2deiROYAtDe+Kcd2t52NpzRuaV+pSuNQx3Q1XVeCQxo0zkBiM1dfn
3cdXHAeUCeJnfllqm2Aq8BAGAbWMWFYLNsw1w+7ieEIVNuXWEblFFlaOY5SoAVbG
omQZMV6T+w/ws96valIG7rW1QNeaByQ/w/EdTLFFL77VAPAvg9wug10EDO1HXY2e
/FsXQ1eMOJH3E6WqCD75a7NP23NHtE27UykTtC+hPwig
-----END CERTIFICATE-----