Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/I9PPHzCZLC3KRf5pPW4mcpNhTV8.roa
File:                     I9PPHzCZLC3KRf5pPW4mcpNhTV8.roa (raw, json)
Hash identifier:          5VGGGh+D7rGqED1Cty/ds9a2QEhu4eIqlF+8kjtmXGs=
Subject key identifier:   23:D3:CF:1F:30:99:2C:2D:CA:45:FE:69:3D:6E:26:72:93:61:4D:5F
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CBF6568D61BE32F974FCF044E893D
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/I9PPHzCZLC3KRf5pPW4mcpNhTV8.roa
Signing time:             Wed 01 Jan 2025 01:48:25 +0000
ROA not before:           Wed 01 Jan 2025 01:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205759
IP address blocks:        185.207.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:bf:65:68:d6:1b:e3:2f:97:4f:cf:04:4e:89:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23d3cf1f30992c2dca45fe693d6e267293614d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b3:1d:81:08:91:f4:78:2f:34:55:a4:6a:dc:
                    16:7d:e0:bf:04:55:dc:ef:dc:eb:e5:e2:41:8c:2f:
                    5b:9d:cc:61:d9:56:64:94:79:41:eb:bb:c4:08:5e:
                    4c:60:7d:1c:85:a8:8e:6c:9e:de:65:a3:14:5c:73:
                    4f:96:8b:56:d2:c5:4f:b6:88:8c:6d:2b:d9:c1:18:
                    5f:5c:ce:f8:fc:21:eb:6b:67:e9:88:e3:87:2a:06:
                    34:c0:10:26:a5:6f:d3:ce:78:5b:8d:ee:8f:f4:81:
                    fe:4c:0f:29:02:07:48:cd:df:ca:4e:1b:a9:e2:c7:
                    6f:e4:97:a4:cf:20:d1:6e:2a:b1:87:92:d2:e2:6e:
                    02:a2:48:8c:5b:fb:ff:ae:b9:b9:ea:eb:3b:44:c3:
                    ed:45:94:56:92:f3:92:0b:49:81:07:66:7b:ff:04:
                    c9:65:f7:51:8f:02:17:65:44:ac:a8:c9:87:25:38:
                    41:14:ab:b2:eb:92:77:17:22:13:72:6b:86:88:e2:
                    89:9a:74:72:70:d4:94:67:3f:c0:71:f5:95:a6:4a:
                    0d:2a:a8:77:81:98:11:29:79:ca:5a:53:ff:fc:17:
                    5f:2b:44:52:85:83:55:cd:f0:bf:84:67:e7:87:33:
                    2b:a9:5c:41:01:3d:e0:06:91:68:f9:40:67:41:59:
                    e2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D3:CF:1F:30:99:2C:2D:CA:45:FE:69:3D:6E:26:72:93:61:4D:5F
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/I9PPHzCZLC3KRf5pPW4mcpNhTV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:21:02:99:bd:e5:90:f0:b7:9f:49:e0:f8:69:cf:96:de:58:
         d3:58:0a:7a:c6:78:e5:66:12:e4:b2:9d:79:73:2e:41:1a:0f:
         46:95:71:04:ac:81:98:d6:bb:c2:4c:fb:90:99:36:5d:f7:fd:
         12:92:92:e3:2c:24:7f:d8:86:46:90:08:e5:71:82:54:ae:6d:
         92:f3:0b:50:17:ab:00:f0:6e:22:56:49:a1:e7:8b:55:e4:45:
         36:9d:79:db:7b:3d:92:8c:3e:9a:04:ee:14:c3:86:3c:d8:6d:
         5c:cc:9c:5a:e7:05:b0:f3:3a:4a:90:93:9b:a0:02:a7:4a:ed:
         fc:b6:ea:0a:2e:87:de:57:6d:66:b9:7c:bc:55:8d:a7:00:e8:
         20:07:95:ba:3f:af:81:9f:29:a4:d4:d3:05:97:d6:7a:fd:0b:
         44:f4:dc:e3:f9:7d:c4:42:39:06:20:7f:1f:d3:07:af:b1:6f:
         cb:b8:b4:48:02:4a:68:82:29:26:ad:b9:e2:79:3c:60:71:ab:
         a1:e5:23:be:ee:86:71:0d:7e:fa:27:5f:4d:38:ac:f0:74:a3:
         83:96:01:86:0c:ff:2d:a9:82:51:09:eb:03:d0:eb:bf:2d:9f:
         41:7c:7c:8b:28:5c:a4:2e:60:a9:af:20:17:9f:0e:f0:53:60:
         21:34:04:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjL9laNYb4y+XT88ETok9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2QzY2YxZjMwOTkyYzJkY2E0NWZlNjkzZDZlMjY3MjkzNjE0ZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7MdgQiR9HgvNFWkatwWfeC/BFXc
79zr5eJBjC9bncxh2VZklHlB67vECF5MYH0chaiObJ7eZaMUXHNPlotW0sVPtoiM
bSvZwRhfXM74/CHra2fpiOOHKgY0wBAmpW/Tznhbje6P9IH+TA8pAgdIzd/KThup
4sdv5JekzyDRbiqxh5LS4m4CokiMW/v/rrm56us7RMPtRZRWkvOSC0mBB2Z7/wTJ
ZfdRjwIXZUSsqMmHJThBFKuy65J3FyITcmuGiOKJmnRycNSUZz/AcfWVpkoNKqh3
gZgRKXnKWlP//BdfK0RShYNVzfC/hGfnhzMrqVxBAT3gBpFo+UBnQVniPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPTzx8wmSwtykX+aT1uJnKTYU1fMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvSTlQUEh6Q1pMQzNLUmY1cFBXNG1jcE5oVFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBaIQKZveWQ8LefSeD4ac+W3ljTWAp6xnjlZhLksp15
cy5BGg9GlXEErIGY1rvCTPuQmTZd9/0SkpLjLCR/2IZGkAjlcYJUrm2S8wtQF6sA
8G4iVkmh54tV5EU2nXnbez2SjD6aBO4Uw4Y82G1czJxa5wWw8zpKkJOboAKnSu38
tuoKLofeV21muXy8VY2nAOggB5W6P6+Bnymk1NMFl9Z6/QtE9Nzj+X3EQjkGIH8f
0wevsW/LuLRIAkpogikmrbnieTxgcauh5SO+7oZxDX76J19NOKzwdKODlgGGDP8t
qYJRCesD0Ou/LZ9BfHyLKFykLmCpryAXnw7wU2AhNAQX
-----END CERTIFICATE-----