Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/9I89I2OFN8DXrP_AzaensQuo3FY.roa
File:                     9I89I2OFN8DXrP_AzaensQuo3FY.roa (raw, json)
Hash identifier:          pcD6eyKJUAbZDSbI8cwZTz8SVCp+Fp1lCc23F64WqTI=
Subject key identifier:   F4:8F:3D:23:63:85:37:C0:D7:AC:FF:C0:CD:A7:A7:B1:0B:A8:DC:56
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       018CC50054DCA14AF3C9AA5BD8B89DCB2728
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/9I89I2OFN8DXrP_AzaensQuo3FY.roa
Signing time:             Mon 01 Jan 2024 12:29:42 +0000
ROA not before:           Mon 01 Jan 2024 12:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203523
IP address blocks:        185.122.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:54:dc:a1:4a:f3:c9:aa:5b:d8:b8:9d:cb:27:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Jan  1 12:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f48f3d23638537c0d7acffc0cda7a7b10ba8dc56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:55:6b:a8:ae:2b:54:ef:7b:de:2e:58:97:2c:
                    4f:d6:96:67:b7:f7:05:9d:3d:d6:69:9d:96:90:31:
                    8e:2c:9d:fa:5b:80:20:9f:64:35:21:d3:f5:3a:c8:
                    f1:40:8c:47:b2:b9:53:c3:0a:de:68:81:19:8b:c3:
                    99:af:ca:1e:bb:55:f1:ea:df:ea:9b:9d:8c:85:1d:
                    0e:27:a2:58:bc:40:b6:ce:3d:80:66:d4:02:b3:6d:
                    b7:5f:da:8d:e8:76:ea:70:54:dc:00:41:0c:5c:3b:
                    9f:7b:7e:58:f7:5b:b6:e3:2a:71:11:95:c2:ae:cf:
                    36:22:ec:2a:e5:0f:4b:02:a9:95:14:6f:36:77:88:
                    a7:45:70:dc:a6:d4:85:7d:47:35:50:d4:e5:6a:a6:
                    2d:de:b8:2f:e0:76:2e:a4:58:35:7a:fe:68:e6:18:
                    00:a2:39:3b:78:d7:63:c2:c9:32:e0:af:91:74:48:
                    a5:d7:54:63:31:64:ee:e9:17:45:ed:e3:36:7e:94:
                    95:7a:05:ad:f8:d8:e4:b4:07:15:1c:32:c9:7c:d0:
                    95:a3:06:65:b7:f9:84:ac:6c:0a:47:4b:6c:52:eb:
                    75:9c:a2:bb:21:b1:19:21:cb:b4:a1:9d:40:4b:c7:
                    d8:35:34:f5:70:38:f8:8f:9d:32:21:3d:ef:90:67:
                    4c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8F:3D:23:63:85:37:C0:D7:AC:FF:C0:CD:A7:A7:B1:0B:A8:DC:56
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/9I89I2OFN8DXrP_AzaensQuo3FY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:60:dc:b8:f9:6c:e6:74:82:c5:1d:34:dc:05:aa:d9:2c:05:
         45:93:71:87:7f:96:9a:3e:3d:d1:52:ae:06:07:74:ce:3e:74:
         dd:94:82:6a:3a:77:53:9e:43:1e:2a:fc:b3:08:53:29:c7:0b:
         fb:5d:4e:a7:49:18:7a:da:83:60:95:f5:6e:31:41:40:4f:58:
         99:e8:8b:1b:84:8c:1e:5c:50:40:3a:ce:cb:2f:86:da:a1:84:
         88:c6:7f:4b:f1:1f:c9:2d:8a:e2:4e:9e:b2:ff:55:43:1f:35:
         61:1e:2d:b6:4b:bd:18:b5:6e:94:02:29:e3:bd:59:73:8b:7c:
         5a:53:40:df:64:16:1a:43:98:d0:40:dc:e8:d8:53:dd:41:7d:
         55:1f:c3:9c:f9:b3:19:c3:59:33:40:3c:b7:d2:8b:34:ac:6f:
         9e:c3:26:c6:fa:4f:3a:dd:fe:9b:d2:11:f8:53:fb:cb:6f:90:
         14:ab:d3:78:7c:ff:09:40:0d:a8:a6:7d:ef:1a:81:ad:98:1d:
         14:56:42:cd:7e:7d:ee:db:62:2b:a9:a3:fd:50:45:6e:33:16:
         19:3d:30:ab:5a:2a:02:52:58:27:99:ca:d8:04:0e:4d:66:a3:
         0c:60:b7:0f:d6:86:10:ab:7d:eb:6d:21:10:d3:c6:50:9a:03:
         0e:0d:a4:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFTcoUrzyapb2LidyycoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjQwMTAxMTIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhmM2QyMzYzODUzN2MwZDdhY2ZmYzBjZGE3YTdiMTBiYThkYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1VrqK4rVO973i5YlyxP1pZnt/cF
nT3WaZ2WkDGOLJ36W4Agn2Q1IdP1OsjxQIxHsrlTwwreaIEZi8OZr8oeu1Xx6t/q
m52MhR0OJ6JYvEC2zj2AZtQCs223X9qN6HbqcFTcAEEMXDufe35Y91u24ypxEZXC
rs82Iuwq5Q9LAqmVFG82d4inRXDcptSFfUc1UNTlaqYt3rgv4HYupFg1ev5o5hgA
ojk7eNdjwsky4K+RdEil11RjMWTu6RdF7eM2fpSVegWt+NjktAcVHDLJfNCVowZl
t/mErGwKR0tsUut1nKK7IbEZIcu0oZ1AS8fYNTT1cDj4j50yIT3vkGdMMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSPPSNjhTfA16z/wM2np7ELqNxWMB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEvOUk4OUkyT0ZOOERYclBfQXphZW5zUXVvM0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXrcMA0G
CSqGSIb3DQEBCwUAA4IBAQCLYNy4+WzmdILFHTTcBarZLAVFk3GHf5aaPj3RUq4G
B3TOPnTdlIJqOndTnkMeKvyzCFMpxwv7XU6nSRh62oNglfVuMUFAT1iZ6IsbhIwe
XFBAOs7LL4baoYSIxn9L8R/JLYriTp6y/1VDHzVhHi22S70YtW6UAinjvVlzi3xa
U0DfZBYaQ5jQQNzo2FPdQX1VH8Oc+bMZw1kzQDy30os0rG+ewybG+k863f6b0hH4
U/vLb5AUq9N4fP8JQA2opn3vGoGtmB0UVkLNfn3u22IrqaP9UEVuMxYZPTCrWioC
UlgnmcrYBA5NZqMMYLcP1oYQq33rbSEQ08ZQmgMODaSA
-----END CERTIFICATE-----