Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/hfZ9JmRYsdrX_WsZKnGJG03yjoY.roa
File:                     hfZ9JmRYsdrX_WsZKnGJG03yjoY.roa (raw, json)
Hash identifier:          KsXjtR8VJ0gF1kTfS5RfLRCRZJ2gEjdzhxwY2pQ41Hg=
Subject key identifier:   85:F6:7D:26:64:58:B1:DA:D7:FD:6B:19:2A:71:89:1B:4D:F2:8E:86
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       01948D572687C3E968CD5682842B429C5101
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/hfZ9JmRYsdrX_WsZKnGJG03yjoY.roa
Signing time:             Wed 22 Jan 2025 09:28:06 +0000
ROA not before:           Wed 22 Jan 2025 09:28:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48767
IP address blocks:        92.42.97.0/24 maxlen: 24
                          2a07:1a80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8d:57:26:87:c3:e9:68:cd:56:82:84:2b:42:9c:51:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Jan 22 09:28:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85f67d266458b1dad7fd6b192a71891b4df28e86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5d:ae:64:72:44:80:d3:4c:20:52:cf:81:ec:
                    a3:0e:d4:97:6b:f0:32:db:34:3c:e4:5e:6b:12:ae:
                    41:05:8f:f2:4a:13:f9:27:be:b5:45:16:9b:b2:42:
                    18:fd:a9:c0:13:d2:83:68:0c:bb:97:fa:32:d2:30:
                    e2:eb:6d:0f:ca:ad:6e:8b:8e:e1:71:da:e1:95:5d:
                    82:d4:e7:03:b7:05:cd:fc:83:1f:e1:96:c6:76:c2:
                    91:32:f5:4b:ec:94:7a:c6:b4:a5:a3:3f:2b:11:e1:
                    2e:64:fe:09:5c:c9:e4:72:49:64:40:c5:b9:6d:1d:
                    d3:dc:bd:19:a3:2a:86:eb:15:bd:85:c2:73:94:4b:
                    fd:6f:d9:39:e6:0d:6c:e3:61:09:75:59:21:cc:e9:
                    48:f9:e7:99:b4:91:0f:36:8c:8b:27:f4:5e:37:84:
                    6a:6c:f0:09:0c:0f:d4:71:4f:23:80:6f:8f:8f:4f:
                    53:3c:33:fd:84:97:07:a7:3f:b5:85:7b:fd:22:c2:
                    3f:3d:1f:2c:d3:ca:be:d0:97:84:8f:2f:31:25:e0:
                    da:7a:28:d8:81:b3:89:36:08:74:c9:6b:04:d5:b5:
                    7e:1b:37:da:4c:39:ba:98:f0:b8:ed:30:af:b3:8b:
                    1e:a1:a5:9f:44:3a:f7:2f:f1:11:99:6f:55:12:da:
                    de:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F6:7D:26:64:58:B1:DA:D7:FD:6B:19:2A:71:89:1B:4D:F2:8E:86
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/hfZ9JmRYsdrX_WsZKnGJG03yjoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.97.0/24
                IPv6:
                  2a07:1a80::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:20:4e:15:74:fc:40:d9:5e:da:84:1b:1a:f8:e3:92:f9:41:
         5a:a5:fc:5e:f7:ce:12:f9:7e:c3:d0:5d:00:13:89:fb:26:fb:
         28:05:58:cf:ed:29:3f:b4:01:49:91:7d:3e:d5:d5:b9:5e:cb:
         e6:7d:8a:8f:e3:91:18:10:44:f0:5d:06:c5:89:a7:b8:45:f0:
         22:42:1b:00:18:41:9e:cf:16:98:72:69:3b:49:b4:e1:c4:ff:
         97:69:5d:36:86:3a:d4:a0:81:e1:a5:5d:0d:2b:db:16:2c:9f:
         0e:7e:1e:c1:7a:db:ca:be:21:e1:42:a3:40:16:2a:c8:58:11:
         22:3c:26:0c:f0:ea:d5:c8:01:12:fa:4d:8a:9d:7b:8d:31:59:
         7a:18:5a:cd:81:0f:2b:02:ec:14:5c:3a:10:b5:7d:63:e4:5d:
         e1:95:7f:56:8f:7f:f3:6e:84:fc:5f:89:e6:0d:87:e8:05:9f:
         22:40:ed:5a:c3:56:9e:28:b7:2a:53:22:40:73:1c:6a:2f:33:
         e3:23:29:6b:83:90:f2:78:29:07:a7:df:e7:3b:c4:aa:b6:cb:
         d8:96:99:8d:61:54:5a:d3:98:3b:a9:50:a8:26:4a:71:c2:7a:
         6a:10:60:34:50:13:a5:c3:d8:0d:a2:ec:e8:3d:3f:e3:7b:a8:
         db:6e:f9:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZSNVyaHw+lozVaChCtCnFEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjUwMTIyMDkyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWY2N2QyNjY0NThiMWRhZDdmZDZiMTkyYTcxODkxYjRkZjI4ZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsV2uZHJEgNNMIFLPgeyjDtSXa/Ay
2zQ85F5rEq5BBY/yShP5J761RRabskIY/anAE9KDaAy7l/oy0jDi620Pyq1ui47h
cdrhlV2C1OcDtwXN/IMf4ZbGdsKRMvVL7JR6xrSloz8rEeEuZP4JXMnkcklkQMW5
bR3T3L0ZoyqG6xW9hcJzlEv9b9k55g1s42EJdVkhzOlI+eeZtJEPNoyLJ/ReN4Rq
bPAJDA/UcU8jgG+Pj09TPDP9hJcHpz+1hXv9IsI/PR8s08q+0JeEjy8xJeDaeijY
gbOJNgh0yWsE1bV+GzfaTDm6mPC47TCvs4seoaWfRDr3L/ERmW9VEtrejwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIX2fSZkWLHa1/1rGSpxiRtN8o6GMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvaGZaOUptUllzZHJYX1dzWktuR0pHMDN5am9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXCphMA8E
AgACMAkDBwAqBxqAAAAwDQYJKoZIhvcNAQELBQADggEBAIcgThV0/EDZXtqEGxr4
45L5QVql/F73zhL5fsPQXQATifsm+ygFWM/tKT+0AUmRfT7V1bley+Z9io/jkRgQ
RPBdBsWJp7hF8CJCGwAYQZ7PFphyaTtJtOHE/5dpXTaGOtSggeGlXQ0r2xYsnw5+
HsF628q+IeFCo0AWKshYESI8Jgzw6tXIARL6TYqde40xWXoYWs2BDysC7BRcOhC1
fWPkXeGVf1aPf/NuhPxfieYNh+gFnyJA7VrDVp4otypTIkBzHGovM+MjKWuDkPJ4
KQen3+c7xKq2y9iWmY1hVFrTmDupUKgmSnHCemoQYDRQE6XD2A2i7Og9P+N7qNtu
+fg=
-----END CERTIFICATE-----