Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/9TOpmOFT85FoIQt7VW00tnNSDyc.roa
File:                     9TOpmOFT85FoIQt7VW00tnNSDyc.roa (raw, json)
Hash identifier:          SCLGJPJrvLPHM3t4jGt50TpAdXlieT/PBKVM3GuTOz8=
Subject key identifier:   F5:33:A9:98:E1:53:F3:91:68:21:0B:7B:55:6D:34:B6:73:52:0F:27
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       01942747987A86899695F2B843853726CB9E
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/9TOpmOFT85FoIQt7VW00tnNSDyc.roa
Signing time:             Thu 02 Jan 2025 13:49:50 +0000
ROA not before:           Thu 02 Jan 2025 13:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5822
IP address blocks:        85.185.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 22:36:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:98:7a:86:89:96:95:f2:b8:43:85:37:26:cb:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 13:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f533a998e153f39168210b7b556d34b673520f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:14:16:03:ca:50:78:2e:24:85:69:83:5a:eb:
                    dc:3d:66:ad:20:61:f6:8d:b4:77:7c:bd:51:c9:db:
                    b5:1f:8e:dd:0a:a7:04:dd:29:5b:28:26:cb:3a:d4:
                    77:dc:6f:b2:3b:91:c9:dd:0c:60:f4:68:18:4a:a2:
                    3a:73:3c:33:c1:a8:4d:81:9c:db:9e:3d:ac:d8:ea:
                    14:54:b8:25:6c:42:ed:bd:94:8e:78:e3:48:e0:05:
                    51:86:67:df:4b:92:fa:3a:de:73:7d:1d:11:2a:7d:
                    5f:ce:d8:dc:a2:a5:ed:57:ba:88:46:24:06:f2:73:
                    d1:38:72:53:9c:65:df:8b:14:fa:af:7f:66:a4:ee:
                    94:37:8d:76:4c:ed:65:1e:af:84:5c:08:b5:7a:0c:
                    b2:1a:a0:bd:0f:cd:30:29:b9:c7:56:a1:c0:b0:56:
                    fd:ae:1b:e9:85:a2:3a:b1:0e:d1:76:e6:81:dd:cb:
                    5d:42:82:b3:3d:c9:af:76:a5:e8:6b:02:3b:37:1b:
                    25:d2:8f:92:36:76:cb:4d:30:c3:f9:85:10:b1:f6:
                    2d:ac:42:2a:b8:26:24:6e:d0:30:c8:f4:f6:26:af:
                    3d:5c:fb:83:52:a6:a4:77:08:9e:a8:66:59:57:b1:
                    e6:45:6f:58:35:42:aa:26:6f:14:20:28:32:47:b1:
                    43:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:33:A9:98:E1:53:F3:91:68:21:0B:7B:55:6D:34:B6:73:52:0F:27
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/9TOpmOFT85FoIQt7VW00tnNSDyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.185.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5d:5f:86:23:6c:43:17:db:24:f5:9e:49:63:3c:c3:53:8e:a0:
         a2:71:ca:09:6d:88:b2:a7:c0:60:d8:ce:10:02:c6:c5:d2:4d:
         9f:63:f2:fc:20:b3:c0:7c:a0:c4:0c:aa:72:a9:48:eb:2f:12:
         09:4e:81:e3:a2:3c:3d:ed:8a:df:89:29:c8:9c:bb:f6:f7:2f:
         cc:0e:d6:19:51:6a:20:ff:4f:b1:ca:8c:31:c6:a8:67:d5:eb:
         f2:2a:f2:1c:08:ae:9c:0e:b2:df:33:ec:ce:5d:04:83:ef:6e:
         54:8c:0c:8e:a8:8a:d0:86:11:bb:08:a9:2c:0a:1e:1c:46:b4:
         89:27:23:8f:51:73:e6:03:19:1f:a2:71:4e:21:5c:13:fb:79:
         84:72:ba:13:08:5e:22:66:a2:7b:34:7e:6e:0f:c9:39:7c:c2:
         97:29:3c:ff:cf:f7:73:28:9f:9e:99:b1:f4:94:0a:d9:8d:32:
         f3:73:3d:f7:f8:05:9c:2b:83:fb:1b:2a:96:51:cb:f2:96:79:
         9c:d2:51:9c:20:33:a4:1e:8b:4a:ba:a7:6d:c4:a9:37:3d:54:
         a2:e5:ef:53:2f:16:80:6b:ce:dc:9d:c4:bb:bf:87:6a:1c:79:
         c3:16:12:51:5f:96:4e:14:63:5a:11:3d:be:20:72:c3:eb:71:
         b6:3b:53:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5h6homWlfK4Q4U3JsueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTMzYTk5OGUxNTNmMzkxNjgyMTBiN2I1NTZkMzRiNjczNTIwZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhQWA8pQeC4khWmDWuvcPWatIGH2
jbR3fL1Rydu1H47dCqcE3SlbKCbLOtR33G+yO5HJ3Qxg9GgYSqI6czwzwahNgZzb
nj2s2OoUVLglbELtvZSOeONI4AVRhmffS5L6Ot5zfR0RKn1fztjcoqXtV7qIRiQG
8nPROHJTnGXfixT6r39mpO6UN412TO1lHq+EXAi1egyyGqC9D80wKbnHVqHAsFb9
rhvphaI6sQ7RduaB3ctdQoKzPcmvdqXoawI7Nxsl0o+SNnbLTTDD+YUQsfYtrEIq
uCYkbtAwyPT2Jq89XPuDUqakdwieqGZZV7HmRW9YNUKqJm8UICgyR7FDNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUzqZjhU/ORaCELe1VtNLZzUg8nMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvOVRPcG1PRlQ4NUZvSVF0N1ZXMDB0bk5TRHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVbkwMA0G
CSqGSIb3DQEBCwUAA4IBAQBdX4YjbEMX2yT1nkljPMNTjqCiccoJbYiyp8Bg2M4Q
AsbF0k2fY/L8ILPAfKDEDKpyqUjrLxIJToHjojw97YrfiSnInLv29y/MDtYZUWog
/0+xyowxxqhn1evyKvIcCK6cDrLfM+zOXQSD725UjAyOqIrQhhG7CKksCh4cRrSJ
JyOPUXPmAxkfonFOIVwT+3mEcroTCF4iZqJ7NH5uD8k5fMKXKTz/z/dzKJ+embH0
lArZjTLzcz33+AWcK4P7GyqWUcvylnmc0lGcIDOkHotKuqdtxKk3PVSi5e9TLxaA
a87cncS7v4dqHHnDFhJRX5ZOFGNaET2+IHLD63G2O1N0
-----END CERTIFICATE-----