Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/s9CrfLdwyz1HofYuhgTm-G0XcWY.roa
File:                     s9CrfLdwyz1HofYuhgTm-G0XcWY.roa (raw, json)
Hash identifier:          5D2dFiucRImYcNfGCDutgF5vRQIcWGUYkXV/9xTSSbA=
Subject key identifier:   B3:D0:AB:7C:B7:70:CB:3D:47:A1:F6:2E:86:04:E6:F8:6D:17:71:66
Certificate issuer:       /CN=01d50b9807150da396322b9d4dcfc0d2fb2b6520
Certificate serial:       019424B3FB67E39AE1753952DC6AD048294D
Authority key identifier: 01:D5:0B:98:07:15:0D:A3:96:32:2B:9D:4D:CF:C0:D2:FB:2B:65:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/s9CrfLdwyz1HofYuhgTm-G0XcWY.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1241
IP address blocks:        85.209.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fb:67:e3:9a:e1:75:39:52:dc:6a:d0:48:29:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d50b9807150da396322b9d4dcfc0d2fb2b6520
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3d0ab7cb770cb3d47a1f62e8604e6f86d177166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:78:fe:2b:9c:88:fc:4b:44:2b:d1:f8:87:67:
                    e9:ee:11:e3:a3:0c:aa:6b:60:6d:4a:48:6e:5b:9e:
                    ca:3f:b0:b1:7b:f3:60:a3:2f:aa:e3:46:59:24:ac:
                    2a:0e:41:70:a4:b8:dd:6b:a5:8c:50:a7:a6:c8:ed:
                    30:40:4d:2e:39:0d:7a:03:73:aa:d4:0a:90:26:96:
                    f2:e2:51:7f:49:38:b7:10:8e:4c:e5:7d:ac:2c:03:
                    f1:05:58:00:05:79:0b:ac:68:8b:b1:05:bc:ab:5b:
                    bb:b9:6f:1e:66:af:4d:94:15:75:24:70:46:d2:a7:
                    ad:e5:36:b3:d9:76:da:44:40:ab:a1:62:f0:5e:2d:
                    02:e9:f7:69:c2:10:8c:76:f2:51:7b:44:4d:91:28:
                    2f:80:54:0e:c3:16:5f:51:1e:2b:c6:f4:91:7c:a1:
                    c5:a2:30:fc:5f:16:a7:43:48:bf:d6:47:32:34:81:
                    f4:e0:fb:77:e1:00:d6:c2:25:57:09:e9:ec:58:53:
                    f2:08:a7:f7:c0:f0:f2:36:d3:72:81:fb:89:8b:08:
                    bf:e9:67:2e:f7:ce:72:43:81:b6:66:2b:af:a8:09:
                    c3:94:f7:72:f5:9b:c0:fb:21:cc:74:8f:f5:a2:9e:
                    6e:09:17:2b:5a:92:50:db:05:fa:b1:f1:80:62:5e:
                    8a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D0:AB:7C:B7:70:CB:3D:47:A1:F6:2E:86:04:E6:F8:6D:17:71:66
            X509v3 Authority Key Identifier:
                keyid:01:D5:0B:98:07:15:0D:A3:96:32:2B:9D:4D:CF:C0:D2:FB:2B:65:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdULmAcVDaOWMiudTc_A0vsrZSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/s9CrfLdwyz1HofYuhgTm-G0XcWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/ea71a0-6941-4276-9589-8124bd949b0e/1/AdULmAcVDaOWMiudTc_A0vsrZSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:ff:7d:bc:63:13:83:14:81:25:61:e5:96:06:fb:6d:fc:c2:
         b0:5c:62:ac:10:89:f7:0f:de:86:ae:07:5c:d4:29:a3:6d:f0:
         f7:ec:9b:15:ad:c4:21:d2:ea:7c:0d:0a:d4:24:0d:c5:90:48:
         0b:a9:13:2e:4a:07:53:b9:7e:0d:60:d2:21:b1:0e:1e:c0:f1:
         22:b2:b8:1e:b5:22:7e:f7:23:a9:ad:45:41:c0:de:a4:56:63:
         77:09:7a:b5:1d:23:f2:d9:84:b0:6c:77:26:84:6d:78:3b:1c:
         4c:c7:1a:fd:ef:63:c7:31:8f:11:ce:f4:3a:b3:b4:d3:43:fc:
         b0:06:d5:91:a4:ad:b4:03:44:97:0a:5f:f7:99:cc:f2:d2:2b:
         f4:f8:cd:93:22:6f:90:3b:cc:45:63:9e:b6:bd:91:5d:79:4d:
         09:bf:36:42:38:6b:37:e5:86:99:c0:48:ce:65:f5:bc:09:10:
         c7:8d:42:89:c4:24:df:18:98:71:c6:1e:48:4e:40:09:06:51:
         3f:ff:f3:a4:79:49:7f:d2:b4:bd:e7:4f:7f:ed:53:6e:9a:75:
         65:fb:50:fe:d9:9a:ea:7a:59:c4:54:cd:39:f1:5c:47:05:5d:
         5b:b0:b9:15:49:bb:7b:33:f2:1f:47:44:4a:47:fc:78:21:15:
         3c:01:51:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/tn45rhdTlS3GrQSClNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDUwYjk4MDcxNTBkYTM5NjMyMmI5ZDRkY2ZjMGQyZmIy
YjY1MjAwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2QwYWI3Y2I3NzBjYjNkNDdhMWY2MmU4NjA0ZTZmODZkMTc3MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXj+K5yI/EtEK9H4h2fp7hHjowyq
a2BtSkhuW57KP7Cxe/Ngoy+q40ZZJKwqDkFwpLjda6WMUKemyO0wQE0uOQ16A3Oq
1AqQJpby4lF/STi3EI5M5X2sLAPxBVgABXkLrGiLsQW8q1u7uW8eZq9NlBV1JHBG
0qet5Taz2XbaRECroWLwXi0C6fdpwhCMdvJRe0RNkSgvgFQOwxZfUR4rxvSRfKHF
ojD8XxanQ0i/1kcyNIH04Pt34QDWwiVXCensWFPyCKf3wPDyNtNygfuJiwi/6Wcu
985yQ4G2ZiuvqAnDlPdy9ZvA+yHMdI/1op5uCRcrWpJQ2wX6sfGAYl6KYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPQq3y3cMs9R6H2LoYE5vhtF3FmMB8GA1UdIwQY
MBaAFAHVC5gHFQ2jljIrnU3PwNL7K2UgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRVTG1BY1ZEYU9XTWl1ZFRjX0EwdnNyWlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lYTcxYTAtNjk0MS00Mjc2LTk1ODkt
ODEyNGJkOTQ5YjBlLzEvczlDcmZMZHd5ejFIb2ZZdWhnVG0tRzBYY1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lYTcxYTAtNjk0MS00Mjc2LTk1ODktODEyNGJkOTQ5YjBl
LzEvQWRVTG1BY1ZEYU9XTWl1ZFRjX0EwdnNyWlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdHsMA0G
CSqGSIb3DQEBCwUAA4IBAQCM/328YxODFIElYeWWBvtt/MKwXGKsEIn3D96Grgdc
1CmjbfD37JsVrcQh0up8DQrUJA3FkEgLqRMuSgdTuX4NYNIhsQ4ewPEisrgetSJ+
9yOprUVBwN6kVmN3CXq1HSPy2YSwbHcmhG14OxxMxxr972PHMY8RzvQ6s7TTQ/yw
BtWRpK20A0SXCl/3mczy0iv0+M2TIm+QO8xFY562vZFdeU0JvzZCOGs35YaZwEjO
ZfW8CRDHjUKJxCTfGJhxxh5ITkAJBlE///OkeUl/0rS9509/7VNumnVl+1D+2Zrq
elnEVM058VxHBV1bsLkVSbt7M/IfR0RKR/x4IRU8AVEk
-----END CERTIFICATE-----