Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/_H04-tv1ooHj1KmhXwO0mYV3IF8.roa
File:                     _H04-tv1ooHj1KmhXwO0mYV3IF8.roa (raw, json)
Hash identifier:          apIZOTa7xK/4gGTnIysPO6fJUe7VmPIEc4W1/L0W+Ps=
Subject key identifier:   FC:7D:38:FA:DB:F5:A2:81:E3:D4:A9:A1:5F:03:B4:99:85:77:20:5F
Certificate issuer:       /CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
Certificate serial:       019425FDCEF1D671E2636E8E22B15FBD8833
Authority key identifier: B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/_H04-tv1ooHj1KmhXwO0mYV3IF8.roa
Signing time:             Thu 02 Jan 2025 07:49:37 +0000
ROA not before:           Thu 02 Jan 2025 07:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50607
IP address blocks:        185.48.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ce:f1:d6:71:e2:63:6e:8e:22:b1:5f:bd:88:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
        Validity
            Not Before: Jan  2 07:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc7d38fadbf5a281e3d4a9a15f03b4998577205f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ab:e9:18:1f:1f:90:fa:3f:71:45:c3:c8:ab:
                    1b:fa:ac:86:e3:8a:8c:d0:d0:51:88:a8:9a:8a:87:
                    3a:19:cc:52:9a:16:be:e4:ce:20:ee:e4:53:5a:d1:
                    9a:c5:41:0d:81:c0:c3:44:87:b7:07:e0:8b:11:20:
                    f5:57:29:2a:67:a1:b0:6c:06:b4:b3:5d:74:b1:d8:
                    d6:d2:5e:6d:52:7a:2e:a9:d7:21:9b:e7:96:4e:da:
                    13:d6:e2:f6:da:1f:ec:03:66:af:62:f9:7a:d8:92:
                    45:b7:b6:c0:0f:08:95:5d:9d:76:27:d3:7c:6b:99:
                    87:7e:8b:a6:1f:d5:4d:10:c0:9e:ab:88:a3:5e:17:
                    28:5b:65:4a:7b:77:b8:f1:e5:77:41:28:49:c4:ee:
                    ab:63:9b:97:83:43:27:98:a9:fc:0c:e7:fc:b0:5b:
                    eb:c4:67:9b:d1:e2:b8:99:7b:98:81:fa:fa:72:4a:
                    4a:63:85:8f:da:29:35:b5:4b:06:79:2f:a8:82:e8:
                    7a:99:1b:56:42:50:16:71:b6:ca:d0:40:82:a8:e3:
                    9e:11:ca:22:85:6f:9d:ec:be:d2:1d:94:61:46:a1:
                    1b:c5:69:12:12:0c:90:c8:a6:26:f0:ee:49:3e:49:
                    44:64:ca:be:24:57:9a:bd:aa:6d:ad:2d:47:f3:8d:
                    31:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:7D:38:FA:DB:F5:A2:81:E3:D4:A9:A1:5F:03:B4:99:85:77:20:5F
            X509v3 Authority Key Identifier:
                keyid:B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/_H04-tv1ooHj1KmhXwO0mYV3IF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:46:70:75:73:20:fb:3e:94:16:10:aa:68:25:6b:b6:1f:91:
         78:84:21:49:32:a2:1b:e7:5a:cf:9c:77:8e:2c:2b:9c:7f:ec:
         c1:59:41:97:23:10:81:c9:73:43:45:df:05:a7:c0:84:83:7e:
         9b:d3:ae:30:b8:9f:ac:60:02:e2:c3:9b:db:03:61:25:05:54:
         32:3a:2c:52:46:60:5a:f9:cc:e0:3d:15:3b:39:b1:a1:e5:8d:
         7e:5c:ef:94:64:b1:b7:df:f1:8d:06:95:4a:01:07:98:1b:5a:
         a1:2b:11:38:15:a6:a4:d7:e7:24:3b:8d:08:dd:fe:23:a3:66:
         b9:9c:18:36:15:5b:6d:e1:ef:ce:90:ef:55:91:ad:b5:53:13:
         2d:1c:fd:ad:84:34:93:9f:af:47:35:8b:94:a4:38:71:0f:90:
         c9:aa:4e:dc:43:af:5a:88:56:60:a3:7b:7c:5d:6f:d9:3a:c8:
         2f:07:43:d6:91:1f:f2:9a:88:21:c9:ce:5d:b3:97:f6:84:30:
         b7:18:cb:73:6e:3d:4a:ad:a5:31:fc:f5:70:17:1e:00:90:43:
         6c:98:9e:07:c5:94:d4:ed:e8:1c:bf:c0:bf:2b:cc:6c:77:3a:
         e4:ea:20:01:cb:f3:b3:e8:c2:39:ee:a1:ae:85:3e:c0:6c:8d:
         6c:83:64:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/c7x1nHiY26OIrFfvYgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Yjg3YjNiMDljY2I2OWE2ZGUyMDQ2OGU5MGVjYmIxOGY1
ZWNiYjYwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzdkMzhmYWRiZjVhMjgxZTNkNGE5YTE1ZjAzYjQ5OTg1NzcyMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKvpGB8fkPo/cUXDyKsb+qyG44qM
0NBRiKiaioc6GcxSmha+5M4g7uRTWtGaxUENgcDDRIe3B+CLESD1VykqZ6GwbAa0
s110sdjW0l5tUnouqdchm+eWTtoT1uL22h/sA2avYvl62JJFt7bADwiVXZ12J9N8
a5mHfoumH9VNEMCeq4ijXhcoW2VKe3e48eV3QShJxO6rY5uXg0MnmKn8DOf8sFvr
xGeb0eK4mXuYgfr6ckpKY4WP2ik1tUsGeS+oguh6mRtWQlAWcbbK0ECCqOOeEcoi
hW+d7L7SHZRhRqEbxWkSEgyQyKYm8O5JPklEZMq+JFeavaptrS1H840xGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPx9OPrb9aKB49SpoV8DtJmFdyBfMB8GA1UdIwQY
MBaAFLm4ezsJzLaabeIEaOkOy7GPXsu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYt
M2I0Y2I5NzVhOWJjLzEvX0gwNC10djFvb0hqMUttaFh3TzBtWVYzSUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYtM2I0Y2I5NzVhOWJj
LzEvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTAJMA0G
CSqGSIb3DQEBCwUAA4IBAQBMRnB1cyD7PpQWEKpoJWu2H5F4hCFJMqIb51rPnHeO
LCucf+zBWUGXIxCByXNDRd8Fp8CEg36b064wuJ+sYALiw5vbA2ElBVQyOixSRmBa
+czgPRU7ObGh5Y1+XO+UZLG33/GNBpVKAQeYG1qhKxE4Faak1+ckO40I3f4jo2a5
nBg2FVtt4e/OkO9Vka21UxMtHP2thDSTn69HNYuUpDhxD5DJqk7cQ69aiFZgo3t8
XW/ZOsgvB0PWkR/ymoghyc5ds5f2hDC3GMtzbj1KraUx/PVwFx4AkENsmJ4HxZTU
7egcv8C/K8xsdzrk6iABy/Oz6MI57qGuhT7AbI1sg2Ry
-----END CERTIFICATE-----