Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/9S8GYL_yFgy6SNOCWbKCBCKwxZQ.roa
File:                     9S8GYL_yFgy6SNOCWbKCBCKwxZQ.roa (raw, json)
Hash identifier:          lKTcm+yAWil2FIyk6dqKrToacWvPZRMmQqI4XBQAqo0=
Subject key identifier:   F5:2F:06:60:BF:F2:16:0C:BA:48:D3:82:59:B2:82:04:22:B0:C5:94
Certificate issuer:       /CN=3816e19b24a7e8cff189fabac28852cd8748a380
Certificate serial:       0194266C34673F48A1100C929056B92B89A4
Authority key identifier: 38:16:E1:9B:24:A7:E8:CF:F1:89:FA:BA:C2:88:52:CD:87:48:A3:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OBbhmySn6M_xifq6wohSzYdIo4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/9S8GYL_yFgy6SNOCWbKCBCKwxZQ.roa
Signing time:             Thu 02 Jan 2025 09:50:13 +0000
ROA not before:           Thu 02 Jan 2025 09:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50597
IP address blocks:        85.194.248.0/22 maxlen: 22
                          85.194.248.0/24 maxlen: 24
                          85.194.249.0/24 maxlen: 24
                          85.194.250.0/24 maxlen: 24
                          85.194.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/OBbhmySn6M_xifq6wohSzYdIo4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/OBbhmySn6M_xifq6wohSzYdIo4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OBbhmySn6M_xifq6wohSzYdIo4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:34:67:3f:48:a1:10:0c:92:90:56:b9:2b:89:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3816e19b24a7e8cff189fabac28852cd8748a380
        Validity
            Not Before: Jan  2 09:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f52f0660bff2160cba48d38259b2820422b0c594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:01:d1:14:90:1c:20:c3:e5:b8:df:96:18:f9:
                    74:1b:65:85:dd:60:eb:40:9f:93:a6:be:fd:aa:7e:
                    ae:e3:e9:df:5c:21:74:38:68:3d:c3:50:d3:78:f0:
                    15:3e:7f:e8:cb:28:95:86:0f:86:35:57:9f:e6:7c:
                    dd:8a:3c:38:3f:83:68:6a:77:68:24:ec:b2:d1:ad:
                    9c:6a:7b:f7:9c:c7:c9:67:d3:83:f9:3a:f9:67:29:
                    75:6f:00:9b:5f:80:b2:b0:cc:16:9e:de:ac:21:e1:
                    73:a6:ef:28:94:58:1e:32:2c:3e:90:7f:e4:53:3d:
                    37:eb:20:98:82:41:fe:54:b6:14:40:39:a9:37:7a:
                    2c:62:c5:3a:cd:5f:35:71:97:7d:22:a4:cd:0f:3f:
                    fc:63:56:0b:63:3c:8e:56:e1:1e:85:07:1b:e8:0c:
                    f6:ab:90:0d:9b:ae:d5:0d:83:0c:a5:4e:f2:76:07:
                    16:20:4f:96:78:a0:71:ae:29:cb:52:75:8d:af:37:
                    bc:ce:4e:84:3d:37:e1:d3:64:12:e1:42:53:e9:fe:
                    4a:dd:59:3e:69:f7:5d:31:92:5c:a7:4f:ee:55:9e:
                    aa:11:b3:11:f9:4d:c8:5d:4e:f3:bd:b2:67:46:e6:
                    66:c5:07:72:a5:06:e3:ca:3a:58:81:0a:0b:ba:e8:
                    08:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2F:06:60:BF:F2:16:0C:BA:48:D3:82:59:B2:82:04:22:B0:C5:94
            X509v3 Authority Key Identifier:
                keyid:38:16:E1:9B:24:A7:E8:CF:F1:89:FA:BA:C2:88:52:CD:87:48:A3:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OBbhmySn6M_xifq6wohSzYdIo4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/9S8GYL_yFgy6SNOCWbKCBCKwxZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d61275-e00a-4bfb-be8a-16b36d0801e9/1/OBbhmySn6M_xifq6wohSzYdIo4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:62:31:56:a6:f3:73:c4:76:7e:51:5f:fa:65:19:20:cd:11:
         39:01:99:ca:ba:da:7e:e2:b3:4f:4c:98:f2:42:69:64:20:bf:
         42:47:ac:09:d2:1a:e0:be:4a:ab:f2:87:69:47:68:c6:e4:55:
         4c:3b:ff:f6:f9:9e:f7:0a:c2:bd:41:99:99:12:6e:1e:af:6f:
         01:6b:5a:d0:8f:66:a2:8d:83:b4:1f:5e:59:32:a9:cd:9b:34:
         a9:55:71:c9:11:3d:17:eb:65:c1:9c:c1:28:1f:21:a5:5d:14:
         70:21:35:a0:af:9d:88:cc:91:5a:0a:1e:af:66:3d:5f:aa:43:
         23:3e:b0:f0:1e:c9:9d:68:5c:b6:d6:5c:81:58:2b:c1:a2:f9:
         4c:c6:ac:94:03:4c:1d:cc:6c:f1:60:a8:d7:eb:7b:a8:ab:dc:
         1e:ca:b1:3c:47:60:0e:d4:65:d8:6c:11:84:f7:3c:cc:79:ba:
         37:b6:c6:d9:75:54:c5:d6:0a:e1:c5:d3:32:24:64:f3:80:a5:
         9f:5a:2d:12:71:46:53:45:5e:ee:c7:ba:c5:dc:51:f9:cb:f9:
         39:f5:3f:19:74:7e:61:af:3f:30:6f:9a:ad:66:6a:8b:f7:2f:
         15:70:fb:b6:95:e0:26:1f:9a:d6:6d:87:ad:b6:8a:11:63:9d:
         83:6a:f6:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbDRnP0ihEAySkFa5K4mkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MTZlMTliMjRhN2U4Y2ZmMTg5ZmFiYWMyODg1MmNkODc0
OGEzODAwHhcNMjUwMTAyMDk1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJmMDY2MGJmZjIxNjBjYmE0OGQzODI1OWIyODIwNDIyYjBjNTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7gHRFJAcIMPluN+WGPl0G2WF3WDr
QJ+Tpr79qn6u4+nfXCF0OGg9w1DTePAVPn/oyyiVhg+GNVef5nzdijw4P4Noando
JOyy0a2canv3nMfJZ9OD+Tr5Zyl1bwCbX4CysMwWnt6sIeFzpu8olFgeMiw+kH/k
Uz036yCYgkH+VLYUQDmpN3osYsU6zV81cZd9IqTNDz/8Y1YLYzyOVuEehQcb6Az2
q5ANm67VDYMMpU7ydgcWIE+WeKBxrinLUnWNrze8zk6EPTfh02QS4UJT6f5K3Vk+
afddMZJcp0/uVZ6qEbMR+U3IXU7zvbJnRuZmxQdypQbjyjpYgQoLuugICwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUvBmC/8hYMukjTglmyggQisMWUMB8GA1UdIwQY
MBaAFDgW4Zskp+jP8Yn6usKIUs2HSKOAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0JiaG15U242TV94aWZxNndvaFN6WWRJbzRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9kNjEyNzUtZTAwYS00YmZiLWJlOGEt
MTZiMzZkMDgwMWU5LzEvOVM4R1lMX3lGZ3k2U05PQ1diS0NCQ0t3eFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9kNjEyNzUtZTAwYS00YmZiLWJlOGEtMTZiMzZkMDgwMWU5
LzEvT0JiaG15U242TV94aWZxNndvaFN6WWRJbzRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcL4MA0G
CSqGSIb3DQEBCwUAA4IBAQA6YjFWpvNzxHZ+UV/6ZRkgzRE5AZnKutp+4rNPTJjy
QmlkIL9CR6wJ0hrgvkqr8odpR2jG5FVMO//2+Z73CsK9QZmZEm4er28Ba1rQj2ai
jYO0H15ZMqnNmzSpVXHJET0X62XBnMEoHyGlXRRwITWgr52IzJFaCh6vZj1fqkMj
PrDwHsmdaFy21lyBWCvBovlMxqyUA0wdzGzxYKjX63uoq9weyrE8R2AO1GXYbBGE
9zzMebo3tsbZdVTF1grhxdMyJGTzgKWfWi0ScUZTRV7ux7rF3FH5y/k59T8ZdH5h
rz8wb5qtZmqL9y8VcPu2leAmH5rWbYettooRY52DavY0
-----END CERTIFICATE-----