Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/Q9hBY7ccpqa5ZROIdCJ5K9rMy6I.roa
File:                     Q9hBY7ccpqa5ZROIdCJ5K9rMy6I.roa (raw, json)
Hash identifier:          9+eezTNYcVI2Ap3b0jnx37ImfghcuiFu8i4vvjUMbHA=
Subject key identifier:   43:D8:41:63:B7:1C:A6:A6:B9:65:13:88:74:22:79:2B:DA:CC:CB:A2
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       01912C2CB57A89C3B87F1A69A65E7E744168
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/Q9hBY7ccpqa5ZROIdCJ5K9rMy6I.roa
Signing time:             Wed 07 Aug 2024 09:30:13 +0000
ROA not before:           Wed 07 Aug 2024 09:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        85.28.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:2c:b5:7a:89:c3:b8:7f:1a:69:a6:5e:7e:74:41:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Aug  7 09:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43d84163b71ca6a6b96513887422792bdacccba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d3:14:6a:67:ac:d7:41:1c:03:1f:cc:99:73:
                    7f:41:ea:ae:ab:26:67:07:c1:68:bd:26:96:51:35:
                    72:de:66:41:b9:3a:23:85:61:8a:42:4c:0b:09:73:
                    2c:c1:97:70:c9:af:c9:33:a1:7c:67:e3:30:c5:1b:
                    b6:d8:36:d0:4a:6c:99:fa:ec:67:c5:80:bd:ea:b0:
                    d9:17:4e:88:a2:9c:af:4d:9c:c2:73:e1:e1:7f:f9:
                    b4:be:2e:4d:8d:5a:85:57:6e:5c:08:db:d8:ba:0a:
                    3d:23:fe:b3:db:7c:41:32:6a:03:b1:71:bd:b4:b7:
                    2e:43:3b:33:a2:4b:95:d4:a1:83:8c:1b:a9:51:df:
                    a7:02:8d:a1:58:d8:a1:98:13:8f:75:1b:79:ec:c7:
                    5c:48:4a:bd:1e:92:a1:b1:e5:94:3f:94:3e:0f:66:
                    c8:1e:b6:53:95:ed:cd:cf:c7:da:19:b3:fb:8d:97:
                    65:e3:05:0f:9b:13:8f:60:41:6b:a8:e5:44:2a:6b:
                    1c:4a:d9:1a:3b:01:ae:18:72:87:83:32:86:e7:7f:
                    09:49:43:3d:32:5b:31:92:7d:ac:e1:74:a1:56:5d:
                    03:cc:47:d1:40:c5:84:43:3c:a7:24:2b:49:b8:9b:
                    cd:81:6e:af:f2:43:35:e9:ef:2f:cd:83:0e:56:1c:
                    a7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D8:41:63:B7:1C:A6:A6:B9:65:13:88:74:22:79:2B:DA:CC:CB:A2
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/Q9hBY7ccpqa5ZROIdCJ5K9rMy6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:bd:ae:0d:4d:46:34:0e:a5:a6:1c:e4:d4:c3:8e:d5:40:c9:
         a3:db:d2:95:0c:df:40:78:2a:ac:65:0c:25:31:59:7f:8a:91:
         f4:5c:75:c1:c5:d7:75:08:83:d2:8f:c5:84:9f:f0:33:07:0a:
         ee:b6:8a:53:22:89:bd:09:0b:7b:fe:22:e3:ee:ce:30:cb:9a:
         cb:3e:b8:3c:cd:a0:9a:96:88:45:64:9d:73:fb:c0:77:cf:52:
         0b:47:39:5a:f9:8d:22:f1:55:23:f1:fc:dc:f7:20:df:ac:d5:
         6c:c6:7d:d8:9f:fc:92:cc:3b:48:8b:66:79:7d:2f:bd:ef:83:
         da:f3:a8:ed:b2:43:29:22:70:ff:f8:35:ce:75:24:55:d7:7e:
         ae:9b:56:ce:65:f7:69:6d:37:c1:3e:61:09:8c:94:c2:7a:24:
         6f:e9:78:3e:67:63:e9:c9:3e:7d:3c:6c:c2:e0:08:79:de:a3:
         6b:b2:25:bc:f1:54:8d:4f:0a:38:39:a2:3e:ff:97:b8:d0:bc:
         b1:94:47:a3:1e:93:f4:95:97:f0:96:aa:79:19:12:f9:2c:b4:
         7b:64:48:6c:03:aa:e3:d7:17:18:81:0d:26:fb:f3:aa:2f:b0:
         ba:8f:75:ae:9f:40:af:79:59:0d:24:e4:c6:0d:6b:5e:46:7e:
         ce:e0:fb:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEsLLV6icO4fxpppl5+dEFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwODA3MDkzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Q4NDE2M2I3MWNhNmE2Yjk2NTEzODg3NDIyNzkyYmRhY2NjYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9MUames10EcAx/MmXN/QequqyZn
B8FovSaWUTVy3mZBuTojhWGKQkwLCXMswZdwya/JM6F8Z+MwxRu22DbQSmyZ+uxn
xYC96rDZF06IopyvTZzCc+Hhf/m0vi5NjVqFV25cCNvYugo9I/6z23xBMmoDsXG9
tLcuQzszokuV1KGDjBupUd+nAo2hWNihmBOPdRt57MdcSEq9HpKhseWUP5Q+D2bI
HrZTle3Nz8faGbP7jZdl4wUPmxOPYEFrqOVEKmscStkaOwGuGHKHgzKG538JSUM9
Mlsxkn2s4XShVl0DzEfRQMWEQzynJCtJuJvNgW6v8kM16e8vzYMOVhynqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPYQWO3HKamuWUTiHQieSvazMuiMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvUTloQlk3Y2NwcWE1WlJPSWRDSjVLOXJNeTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVRwvMA0G
CSqGSIb3DQEBCwUAA4IBAQC1va4NTUY0DqWmHOTUw47VQMmj29KVDN9AeCqsZQwl
MVl/ipH0XHXBxdd1CIPSj8WEn/AzBwrutopTIom9CQt7/iLj7s4wy5rLPrg8zaCa
lohFZJ1z+8B3z1ILRzla+Y0i8VUj8fzc9yDfrNVsxn3Yn/ySzDtIi2Z5fS+974Pa
86jtskMpInD/+DXOdSRV136um1bOZfdpbTfBPmEJjJTCeiRv6Xg+Z2PpyT59PGzC
4Ah53qNrsiW88VSNTwo4OaI+/5e40LyxlEejHpP0lZfwlqp5GRL5LLR7ZEhsA6rj
1xcYgQ0m+/OqL7C6j3Wun0CveVkNJOTGDWteRn7O4Pui
-----END CERTIFICATE-----