Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/x0hIBPJb1n3RB_em921UVOCHb1o.roa
File:                     x0hIBPJb1n3RB_em921UVOCHb1o.roa (raw, json)
Hash identifier:          TkGGM6sYARovwoB32ZeQXfp6eW1FiRfAy7LiGNJaDa8=
Subject key identifier:   C7:48:48:04:F2:5B:D6:7D:D1:07:F7:A6:F7:6D:54:54:E0:87:6F:5A
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019228F92324F7C29F30C1189A0A1BFDB6BD
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/x0hIBPJb1n3RB_em921UVOCHb1o.roa
Signing time:             Wed 25 Sep 2024 11:37:49 +0000
ROA not before:           Wed 25 Sep 2024 11:37:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215796
IP address blocks:        85.209.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:28:f9:23:24:f7:c2:9f:30:c1:18:9a:0a:1b:fd:b6:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Sep 25 11:37:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7484804f25bd67dd107f7a6f76d5454e0876f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:44:a9:48:3f:66:b1:da:5e:c7:b1:41:36:89:
                    fb:17:27:4c:0c:92:e6:50:de:3d:d9:23:48:0a:1d:
                    e9:e1:62:93:8c:4d:81:36:8b:a0:4f:b3:92:51:90:
                    da:3f:93:0e:b7:4a:83:8d:50:84:67:51:f4:5c:4f:
                    ec:64:b8:8b:44:8d:ca:09:bb:95:bb:56:aa:1a:b2:
                    c6:d4:84:e7:bb:3c:88:a5:52:ac:9f:b7:c9:de:bf:
                    e1:50:ac:a1:2f:9b:bc:53:81:e3:23:62:50:5d:d8:
                    1e:8e:39:ee:75:5f:cb:a1:ac:88:ff:c8:62:96:9b:
                    d3:a1:1a:48:8c:29:49:9b:14:66:8e:aa:bc:ba:ca:
                    9e:ef:33:a7:16:e8:d5:c5:5c:db:1e:24:14:53:e9:
                    96:d1:68:6b:3c:e0:25:67:97:00:91:4f:1a:6b:2a:
                    47:89:d6:f7:2a:6b:58:89:8c:4f:90:3d:22:97:7b:
                    dc:b7:40:1b:a0:9a:4f:2d:2c:29:b5:c5:4b:ae:08:
                    c4:bf:34:95:10:00:31:45:02:dc:af:c7:04:39:91:
                    f3:a3:62:e8:b5:0b:57:19:8b:03:2d:75:bd:0e:0b:
                    b6:87:19:e6:44:07:de:2c:ef:93:64:1b:53:8b:82:
                    6d:bb:c1:7d:2b:0b:45:95:87:1f:4c:ae:97:6f:f6:
                    7f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:48:48:04:F2:5B:D6:7D:D1:07:F7:A6:F7:6D:54:54:E0:87:6F:5A
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/x0hIBPJb1n3RB_em921UVOCHb1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:59:f5:68:54:20:d4:e6:f2:f0:11:c2:c1:cc:72:1c:bb:0c:
         a3:73:c6:a0:1d:86:c4:f3:82:40:86:97:1a:e0:0b:e2:49:88:
         38:72:5e:31:f7:aa:c4:23:25:9b:12:d6:6b:62:6d:ca:28:4c:
         f3:60:6b:a8:36:4e:08:a7:7c:3d:04:85:07:04:86:2e:2a:3f:
         58:66:ef:75:d2:73:85:90:bb:07:43:c7:2a:43:74:54:26:2d:
         fa:d4:ac:ff:c0:ab:51:ea:b8:0b:18:c1:84:32:a6:06:ca:c9:
         6c:8f:bb:7f:7c:c7:b3:e0:38:fd:3e:87:42:0c:71:88:a8:10:
         3f:a7:36:18:78:0e:7c:62:a5:ec:cf:ae:81:5d:ff:90:00:43:
         e7:44:0c:b8:a1:01:64:30:5f:52:96:a4:8b:d5:71:5d:34:fd:
         8b:38:67:59:2a:dd:f2:45:45:97:4d:ef:02:d2:a0:e6:3a:a8:
         7f:da:a5:d0:4a:7c:f3:ca:4f:15:84:06:d9:7c:f0:9e:2a:9e:
         8b:b4:66:a6:21:07:76:bf:d3:69:7c:3d:e1:c8:cf:76:6d:51:
         8e:47:6a:f4:87:4d:7a:8e:d9:44:54:b4:0d:ae:24:28:9b:60:
         5f:10:e6:6b:28:43:f5:09:11:09:e4:85:31:5f:4d:ea:e0:a7:
         d1:51:a2:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIo+SMk98KfMMEYmgob/ba9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwOTI1MTEzNzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQ4NDgwNGYyNWJkNjdkZDEwN2Y3YTZmNzZkNTQ1NGUwODc2ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukSpSD9msdpex7FBNon7FydMDJLm
UN492SNICh3p4WKTjE2BNougT7OSUZDaP5MOt0qDjVCEZ1H0XE/sZLiLRI3KCbuV
u1aqGrLG1ITnuzyIpVKsn7fJ3r/hUKyhL5u8U4HjI2JQXdgejjnudV/LoayI/8hi
lpvToRpIjClJmxRmjqq8usqe7zOnFujVxVzbHiQUU+mW0WhrPOAlZ5cAkU8aaypH
idb3KmtYiYxPkD0il3vct0AboJpPLSwptcVLrgjEvzSVEAAxRQLcr8cEOZHzo2Lo
tQtXGYsDLXW9Dgu2hxnmRAfeLO+TZBtTi4Jtu8F9KwtFlYcfTK6Xb/Z/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdISATyW9Z90Qf3pvdtVFTgh29aMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEveDBoSUJQSmIxbjNSQl9lbTkyMVVWT0NIYjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdEIMA0G
CSqGSIb3DQEBCwUAA4IBAQCkWfVoVCDU5vLwEcLBzHIcuwyjc8agHYbE84JAhpca
4AviSYg4cl4x96rEIyWbEtZrYm3KKEzzYGuoNk4Ip3w9BIUHBIYuKj9YZu910nOF
kLsHQ8cqQ3RUJi361Kz/wKtR6rgLGMGEMqYGyslsj7t/fMez4Dj9PodCDHGIqBA/
pzYYeA58YqXsz66BXf+QAEPnRAy4oQFkMF9SlqSL1XFdNP2LOGdZKt3yRUWXTe8C
0qDmOqh/2qXQSnzzyk8VhAbZfPCeKp6LtGamIQd2v9NpfD3hyM92bVGOR2r0h016
jtlEVLQNriQom2BfEOZrKEP1CREJ5IUxX03q4KfRUaL3
-----END CERTIFICATE-----