Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9PhaxTDPCpkrkSXxDAKGcvdFWPM.roa
File:                     9PhaxTDPCpkrkSXxDAKGcvdFWPM.roa (raw, json)
Hash identifier:          KRM9Up5uqDdPAI8beH0w3/pTtxHSdbwkOPW1yhnrK80=
Subject key identifier:   F4:F8:5A:C5:30:CF:0A:99:2B:91:25:F1:0C:02:86:72:F7:45:58:F3
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A59D117CD7B3DFD81A1F5F5329E9A
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9PhaxTDPCpkrkSXxDAKGcvdFWPM.roa
Signing time:             Wed 01 Jan 2025 19:49:19 +0000
ROA not before:           Wed 01 Jan 2025 19:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397268
IP address blocks:        185.207.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:59:d1:17:cd:7b:3d:fd:81:a1:f5:f5:32:9e:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4f85ac530cf0a992b9125f10c028672f74558f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:40:20:f4:4d:87:a8:42:1c:e1:3e:3b:da:f5:
                    93:48:7c:d7:92:cf:65:9d:c5:86:68:dc:7f:3c:54:
                    6c:53:5c:7a:c4:6d:75:52:5d:83:88:e8:e6:a9:55:
                    f6:f3:f6:a4:c0:a1:fa:8a:37:d7:a3:00:1e:5e:9b:
                    d5:e5:ca:4d:69:46:4e:5d:40:a1:fd:63:a4:34:b4:
                    64:65:b6:e4:e6:9d:8e:65:84:37:0f:00:6c:51:62:
                    79:1e:6f:cf:44:fc:21:4b:36:c5:37:f3:9c:a7:f3:
                    47:0d:94:ca:c0:0a:98:50:cd:e7:1a:7a:00:dd:07:
                    14:d1:fe:cf:21:6f:26:e9:98:b4:37:45:32:c3:72:
                    e1:85:0b:10:e8:6c:0a:ca:ce:17:48:8e:b3:6e:bd:
                    7d:41:35:b2:14:05:69:69:2a:74:aa:e8:69:7f:3f:
                    77:9d:53:bc:16:e8:22:45:f9:ca:44:bb:71:ff:b7:
                    3f:d9:75:4d:0e:25:d9:f7:b2:bd:cf:dc:bf:2e:ce:
                    98:1d:6c:6e:77:43:fb:70:e3:27:da:41:b0:5c:d3:
                    31:53:8e:33:ce:a8:06:15:65:3f:f1:fa:3e:72:02:
                    8f:7a:82:ea:6f:e5:4f:54:78:c1:7a:78:88:03:16:
                    02:01:cc:4e:52:dd:c0:75:fc:c1:58:9d:54:c9:24:
                    ab:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F8:5A:C5:30:CF:0A:99:2B:91:25:F1:0C:02:86:72:F7:45:58:F3
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9PhaxTDPCpkrkSXxDAKGcvdFWPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:d5:28:4d:2b:2f:1e:d0:4f:0c:69:7b:dd:b6:cd:78:96:83:
         05:9d:5e:2d:c3:8c:50:c7:fc:be:ca:28:10:57:c5:46:6b:85:
         71:64:d8:9d:d8:ac:c2:5f:26:a4:d2:9d:d8:92:6c:70:60:a7:
         e2:6f:24:07:83:95:54:b8:67:51:67:f6:7f:de:ab:4c:eb:74:
         2d:f1:26:8a:c0:5e:2f:bb:37:4b:1b:78:9e:cf:75:e2:de:03:
         15:c9:c9:e7:09:67:e7:d3:47:b4:ff:05:7d:48:d2:bb:42:67:
         d2:67:c6:1d:e5:08:c5:43:ab:b2:01:39:51:09:28:2f:be:e9:
         1a:ec:5e:84:dc:b4:7f:6d:14:04:3b:73:3c:82:5c:b8:df:35:
         7a:a8:50:92:7d:0a:fb:d8:7d:eb:17:84:e0:a3:44:10:2b:09:
         c6:cf:5e:f8:52:a7:c2:94:21:a2:df:05:0f:d0:5c:a1:8d:25:
         55:99:81:a3:c3:3c:fe:61:ca:b1:3f:b9:fa:65:8c:41:a2:42:
         0e:6d:b7:02:6f:92:9f:88:d0:e5:f9:52:7a:61:1a:b8:73:24:
         d5:65:44:67:33:7c:95:94:2f:b6:22:90:e6:6c:40:30:78:0d:
         5e:c8:05:ed:78:e2:d8:d5:b1:b7:5d:4b:e2:af:a0:cb:2d:70:
         48:26:95:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalnRF817Pf2BofX1Mp6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGY4NWFjNTMwY2YwYTk5MmI5MTI1ZjEwYzAyODY3MmY3NDU1OGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkAg9E2HqEIc4T472vWTSHzXks9l
ncWGaNx/PFRsU1x6xG11Ul2DiOjmqVX28/akwKH6ijfXowAeXpvV5cpNaUZOXUCh
/WOkNLRkZbbk5p2OZYQ3DwBsUWJ5Hm/PRPwhSzbFN/Ocp/NHDZTKwAqYUM3nGnoA
3QcU0f7PIW8m6Zi0N0Uyw3LhhQsQ6GwKys4XSI6zbr19QTWyFAVpaSp0quhpfz93
nVO8FugiRfnKRLtx/7c/2XVNDiXZ97K9z9y/Ls6YHWxud0P7cOMn2kGwXNMxU44z
zqgGFWU/8fo+cgKPeoLqb+VPVHjBeniIAxYCAcxOUt3AdfzBWJ1UySSrdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPT4WsUwzwqZK5El8QwChnL3RVjzMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvOVBoYXhURFBDcGtya1NYeERBS0djdmRGV1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc+zMA0G
CSqGSIb3DQEBCwUAA4IBAQBg1ShNKy8e0E8MaXvdts14loMFnV4tw4xQx/y+yigQ
V8VGa4VxZNid2KzCXyak0p3YkmxwYKfibyQHg5VUuGdRZ/Z/3qtM63Qt8SaKwF4v
uzdLG3iez3Xi3gMVycnnCWfn00e0/wV9SNK7QmfSZ8Yd5QjFQ6uyATlRCSgvvuka
7F6E3LR/bRQEO3M8gly43zV6qFCSfQr72H3rF4Tgo0QQKwnGz174UqfClCGi3wUP
0FyhjSVVmYGjwzz+YcqxP7n6ZYxBokIObbcCb5KfiNDl+VJ6YRq4cyTVZURnM3yV
lC+2IpDmbEAweA1eyAXteOLY1bG3XUvir6DLLXBIJpWG
-----END CERTIFICATE-----