Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8fcbe9-9b9b-4987-95be-25904ba9a355/1/1-f9PBVCsqBgm5V29oKXRRYWkevY.roa
File:                     1-f9PBVCsqBgm5V29oKXRRYWkevY.roa (raw, json)
Hash identifier:          7Ql3JH1RgsBJ7ZK4VNDw9mOs8UhnRqnrPre6nqQT+h0=
Subject key identifier:   F9:FF:4F:05:50:AC:A8:18:26:E5:5D:BD:A0:A5:D1:45:85:A4:7A:F6
Certificate issuer:       /CN=c0f69d2f474474dbb57f6bec8c2d65d5e0c29661
Certificate serial:       019425FDD919FB4E7C0E61B6FE39C1452202
Authority key identifier: C0:F6:9D:2F:47:44:74:DB:B5:7F:6B:EC:8C:2D:65:D5:E0:C2:96:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPadL0dEdNu1f2vsjC1l1eDClmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8fcbe9-9b9b-4987-95be-25904ba9a355/1/1-f9PBVCsqBgm5V29oKXRRYWkevY.roa
Signing time:             Thu 02 Jan 2025 07:49:40 +0000
ROA not before:           Thu 02 Jan 2025 07:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25285
IP address blocks:        81.89.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8fcbe9-9b9b-4987-95be-25904ba9a355/1/wPadL0dEdNu1f2vsjC1l1eDClmE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8fcbe9-9b9b-4987-95be-25904ba9a355/1/wPadL0dEdNu1f2vsjC1l1eDClmE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wPadL0dEdNu1f2vsjC1l1eDClmE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d9:19:fb:4e:7c:0e:61:b6:fe:39:c1:45:22:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0f69d2f474474dbb57f6bec8c2d65d5e0c29661
        Validity
            Not Before: Jan  2 07:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9ff4f0550aca81826e55dbda0a5d14585a47af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:06:31:9a:73:33:00:15:0f:40:e7:4b:85:c9:
                    a6:89:56:12:10:e3:4a:4b:c8:49:6a:93:c6:04:11:
                    45:95:25:1a:fa:1f:9b:5c:0b:d1:1f:cd:9c:cf:7f:
                    b4:36:73:d7:ba:ec:6f:3e:49:84:df:d6:7e:23:21:
                    6d:87:05:b8:2a:00:6b:13:69:4e:80:ce:9d:92:ba:
                    5b:9b:53:45:c5:b3:90:c5:55:7e:e7:a5:3d:b3:6d:
                    25:7f:34:3e:fa:e9:cb:cc:76:f2:06:29:f4:3a:f4:
                    f5:ad:aa:99:0d:ec:8c:43:bc:fc:92:01:0c:80:71:
                    4a:a5:b7:f6:51:e2:a1:3e:78:7d:d5:24:75:40:04:
                    84:36:21:9e:57:57:ee:a4:78:be:68:26:36:06:5e:
                    b5:a6:72:03:e8:a9:4a:56:df:3e:af:a6:01:3c:99:
                    94:8b:0a:9d:36:25:50:99:48:54:d6:f0:37:03:c4:
                    ba:26:27:5c:fb:94:b1:29:0c:be:b5:5b:50:b9:fc:
                    cc:a6:1e:c6:24:21:40:f6:af:1e:2c:c0:fd:27:fe:
                    3c:16:86:7c:81:d0:b2:c0:a2:df:e0:b2:5f:e0:03:
                    ff:b2:8a:87:ce:8d:5a:2d:9a:cc:75:e1:22:1a:04:
                    be:f9:00:c6:33:2e:33:4c:aa:83:98:6f:35:15:78:
                    4c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FF:4F:05:50:AC:A8:18:26:E5:5D:BD:A0:A5:D1:45:85:A4:7A:F6
            X509v3 Authority Key Identifier:
                keyid:C0:F6:9D:2F:47:44:74:DB:B5:7F:6B:EC:8C:2D:65:D5:E0:C2:96:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPadL0dEdNu1f2vsjC1l1eDClmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8fcbe9-9b9b-4987-95be-25904ba9a355/1/1-f9PBVCsqBgm5V29oKXRRYWkevY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8fcbe9-9b9b-4987-95be-25904ba9a355/1/wPadL0dEdNu1f2vsjC1l1eDClmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2b:c4:b8:ca:68:f3:60:fa:37:85:16:4d:2c:da:f5:9b:d9:85:
         cc:ad:2c:08:7a:89:f5:e0:d4:20:a2:bc:44:82:dc:87:6d:fa:
         52:18:90:cc:bc:57:47:27:37:30:70:a3:51:e2:e8:30:4b:9e:
         06:87:fc:52:83:0b:5c:0b:85:83:ed:79:4e:21:32:30:3c:f0:
         61:96:8e:9e:d0:a4:c1:ed:cf:54:84:fb:3e:b4:e9:a6:41:f6:
         a0:b7:a7:89:af:1a:7e:a2:e6:74:f9:e9:8c:f9:6d:65:90:66:
         88:72:a7:f8:73:e7:f6:e9:b2:c1:af:33:f6:ff:75:c6:5b:46:
         93:af:0a:ee:06:f2:00:3b:20:23:7a:6b:0c:76:8b:9f:97:fb:
         68:37:d9:c7:34:5b:11:e3:f9:bc:cf:ea:a4:a9:4a:8d:e8:53:
         9e:49:04:5f:35:40:17:4b:78:a9:7e:ac:f1:b6:54:b9:65:dd:
         01:39:0c:37:ac:bf:11:03:4d:97:87:a8:c2:4b:8b:22:ee:ba:
         05:8e:5a:c5:33:fa:3f:f5:cd:92:dd:d3:1a:6c:92:d1:9a:65:
         e0:fb:59:e6:3b:b9:d4:a4:24:7a:49:02:ec:36:00:3e:30:cb:
         64:ef:4d:41:f2:ae:26:fc:8b:15:78:66:9e:14:c9:d1:4f:2d:
         4d:67:4c:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/dkZ+058DmG2/jnBRSICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZjY5ZDJmNDc0NDc0ZGJiNTdmNmJlYzhjMmQ2NWQ1ZTBj
Mjk2NjEwHhcNMjUwMTAyMDc0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZmNGYwNTUwYWNhODE4MjZlNTVkYmRhMGE1ZDE0NTg1YTQ3YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugYxmnMzABUPQOdLhcmmiVYSEONK
S8hJapPGBBFFlSUa+h+bXAvRH82cz3+0NnPXuuxvPkmE39Z+IyFthwW4KgBrE2lO
gM6dkrpbm1NFxbOQxVV+56U9s20lfzQ++unLzHbyBin0OvT1raqZDeyMQ7z8kgEM
gHFKpbf2UeKhPnh91SR1QASENiGeV1fupHi+aCY2Bl61pnID6KlKVt8+r6YBPJmU
iwqdNiVQmUhU1vA3A8S6Jidc+5SxKQy+tVtQufzMph7GJCFA9q8eLMD9J/48FoZ8
gdCywKLf4LJf4AP/soqHzo1aLZrMdeEiGgS++QDGMy4zTKqDmG81FXhMiwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn/TwVQrKgYJuVdvaCl0UWFpHr2MB8GA1UdIwQY
MBaAFMD2nS9HRHTbtX9r7IwtZdXgwpZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1BhZEwwZEVkTnUxZjJ2c2pDMWwxZURDbG1FLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ZmNiZTktOWI5Yi00OTg3LTk1YmUt
MjU5MDRiYTlhMzU1LzEvMS1mOVBCVkNzcUJnbTVWMjlvS1hSUllXa2V2WS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTcvOGZjYmU5LTliOWItNDk4Ny05NWJlLTI1OTA0YmE5YTM1
NS8xL3dQYWRMMGRFZE51MWYydnNqQzFsMWVEQ2xtRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBFFZIDAN
BgkqhkiG9w0BAQsFAAOCAQEAK8S4ymjzYPo3hRZNLNr1m9mFzK0sCHqJ9eDUIKK8
RILch236UhiQzLxXRyc3MHCjUeLoMEueBof8UoMLXAuFg+15TiEyMDzwYZaOntCk
we3PVIT7PrTppkH2oLenia8afqLmdPnpjPltZZBmiHKn+HPn9umywa8z9v91xltG
k68K7gbyADsgI3prDHaLn5f7aDfZxzRbEeP5vM/qpKlKjehTnkkEXzVAF0t4qX6s
8bZUuWXdATkMN6y/EQNNl4eowkuLIu66BY5axTP6P/XNkt3TGmyS0Zpl4PtZ5ju5
1KQkekkC7DYAPjDLZO9NQfKuJvyLFXhmnhTJ0U8tTWdMuQ==
-----END CERTIFICATE-----