Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/IUoj14L85V7dFoSNxHQERg8IME0.roa
File:                     IUoj14L85V7dFoSNxHQERg8IME0.roa (raw, json)
Hash identifier:          yLZKOBB3BN8zxQwSxMgLL7kO6gXgb1541/UgXA3XP8c=
Subject key identifier:   21:4A:23:D7:82:FC:E5:5E:DD:16:84:8D:C4:74:04:46:0F:08:30:4D
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C474C7C60CC7B530B2EEDE51E1F87
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/IUoj14L85V7dFoSNxHQERg8IME0.roa
Signing time:             Wed 01 Jan 2025 01:47:54 +0000
ROA not before:           Wed 01 Jan 2025 01:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43005
IP address blocks:        85.9.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:47:4c:7c:60:cc:7b:53:0b:2e:ed:e5:1e:1f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=214a23d782fce55edd16848dc47404460f08304d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:88:a4:dd:e0:be:d4:66:68:63:ab:32:4c:b4:
                    44:61:74:15:26:4d:7f:48:ab:68:18:2f:b9:50:f8:
                    60:af:24:f3:53:9b:2d:d4:cc:6d:62:98:7a:10:14:
                    60:e1:0a:c2:18:be:ae:b5:b0:d1:8c:03:89:cc:f5:
                    03:cb:2d:a8:40:d4:27:95:41:6c:bf:90:7a:06:85:
                    a8:0f:be:90:4d:0f:ee:1a:9e:c6:92:b6:47:97:3a:
                    19:4a:5f:65:99:60:02:32:85:19:18:65:fc:b7:50:
                    58:4e:06:70:9d:4a:4e:2a:46:01:ef:a9:a4:13:b4:
                    03:ac:6f:f3:09:65:59:c0:5c:26:19:6b:ac:f8:7d:
                    de:4c:3c:5e:14:ff:68:54:e5:2a:33:a4:7e:44:30:
                    fd:a4:2c:7c:b3:a8:93:47:6a:c4:4b:dd:1e:25:b8:
                    f3:0c:00:ec:6d:e0:39:5e:4b:53:3d:e2:53:29:98:
                    02:e7:e2:a8:70:6f:4e:43:d1:8b:99:7c:c0:df:22:
                    a8:ed:97:60:d4:af:63:0f:6f:ca:90:eb:42:f8:4b:
                    00:6b:97:74:89:d7:3f:4e:9f:94:98:eb:e0:e0:9f:
                    db:d6:d7:3c:e7:8d:c4:79:e2:fc:d5:56:26:db:7b:
                    ce:de:34:30:12:88:0e:13:9f:e2:38:06:45:ec:49:
                    5a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:4A:23:D7:82:FC:E5:5E:DD:16:84:8D:C4:74:04:46:0F:08:30:4D
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/IUoj14L85V7dFoSNxHQERg8IME0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:09:e3:db:f4:2c:e8:da:c0:d6:7f:24:51:b2:34:6d:79:05:
         d6:b7:79:13:36:35:2c:bd:fc:92:da:3a:26:f7:c1:3a:f6:96:
         5f:c7:07:a9:9d:8c:24:81:7b:d2:41:b9:de:9c:44:01:27:35:
         54:39:cb:a4:4e:29:92:2f:a8:a0:16:a4:47:21:f0:64:8c:c0:
         e1:44:05:34:7e:ca:14:db:9d:81:e6:62:5a:51:24:65:df:e9:
         69:38:42:2d:04:13:f2:d2:84:62:26:64:07:48:7b:9b:17:60:
         fe:79:25:0e:2a:f3:23:3d:57:7f:06:80:ba:12:36:8e:de:43:
         13:17:70:25:ce:91:31:b3:3f:6f:dc:a9:7c:80:87:4d:47:19:
         78:01:9f:e0:57:2a:57:4f:d3:a1:c1:05:ca:5e:ca:ab:a9:b1:
         06:5f:0f:9b:c6:f2:77:64:42:80:1d:d6:5a:41:e7:3e:28:50:
         6d:f3:8f:ba:77:d3:3b:f0:a2:ac:ac:3b:ff:6d:dd:98:5d:37:
         2d:5e:0f:67:87:66:9e:6e:0e:2f:34:0a:bd:7b:ec:fe:80:c3:
         6e:aa:e4:de:53:c7:eb:03:f0:15:eb:83:cc:48:1c:d0:00:f8:
         44:08:bd:6b:16:d8:b7:75:97:87:e1:70:2c:ad:9e:d0:5e:10:
         8c:db:8a:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEdMfGDMe1MLLu3lHh+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTRhMjNkNzgyZmNlNTVlZGQxNjg0OGRjNDc0MDQ0NjBmMDgzMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4ik3eC+1GZoY6syTLREYXQVJk1/
SKtoGC+5UPhgryTzU5st1MxtYph6EBRg4QrCGL6utbDRjAOJzPUDyy2oQNQnlUFs
v5B6BoWoD76QTQ/uGp7GkrZHlzoZSl9lmWACMoUZGGX8t1BYTgZwnUpOKkYB76mk
E7QDrG/zCWVZwFwmGWus+H3eTDxeFP9oVOUqM6R+RDD9pCx8s6iTR2rES90eJbjz
DADsbeA5XktTPeJTKZgC5+KocG9OQ9GLmXzA3yKo7Zdg1K9jD2/KkOtC+EsAa5d0
idc/Tp+UmOvg4J/b1tc8543EeeL81VYm23vO3jQwEogOE5/iOAZF7ElacQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFKI9eC/OVe3RaEjcR0BEYPCDBNMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvSVVvajE0TDg1VjdkRm9TTnhIUUVSZzhJTUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQlSMA0G
CSqGSIb3DQEBCwUAA4IBAQAUCePb9Czo2sDWfyRRsjRteQXWt3kTNjUsvfyS2jom
98E69pZfxwepnYwkgXvSQbnenEQBJzVUOcukTimSL6igFqRHIfBkjMDhRAU0fsoU
252B5mJaUSRl3+lpOEItBBPy0oRiJmQHSHubF2D+eSUOKvMjPVd/BoC6EjaO3kMT
F3AlzpExsz9v3Kl8gIdNRxl4AZ/gVypXT9OhwQXKXsqrqbEGXw+bxvJ3ZEKAHdZa
Qec+KFBt84+6d9M78KKsrDv/bd2YXTctXg9nh2aebg4vNAq9e+z+gMNuquTeU8fr
A/AV64PMSBzQAPhECL1rFti3dZeH4XAsrZ7QXhCM24p5
-----END CERTIFICATE-----