Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/F89K3Q0XwdNsBMWEF-9n8HX8seQ.roa
File:                     F89K3Q0XwdNsBMWEF-9n8HX8seQ.roa (raw, json)
Hash identifier:          k36l/8lxtcKwAJTjrdDRO46ly7DD3aRm+mH7GwvYLjg=
Subject key identifier:   17:CF:4A:DD:0D:17:C1:D3:6C:04:C5:84:17:EF:67:F0:75:FC:B1:E4
Certificate issuer:       /CN=29128d9d4f1a56e970f8746d6827ac1120f92667
Certificate serial:       019652F6C7D858B9F440A9ADFA1DBF0081D4
Authority key identifier: 29:12:8D:9D:4F:1A:56:E9:70:F8:74:6D:68:27:AC:11:20:F9:26:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KRKNnU8aVulw-HRtaCesESD5Jmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/F89K3Q0XwdNsBMWEF-9n8HX8seQ.roa
Signing time:             Sun 20 Apr 2025 11:30:26 +0000
ROA not before:           Sun 20 Apr 2025 11:30:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        185.249.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/KRKNnU8aVulw-HRtaCesESD5Jmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/KRKNnU8aVulw-HRtaCesESD5Jmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KRKNnU8aVulw-HRtaCesESD5Jmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:52:f6:c7:d8:58:b9:f4:40:a9:ad:fa:1d:bf:00:81:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29128d9d4f1a56e970f8746d6827ac1120f92667
        Validity
            Not Before: Apr 20 11:30:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17cf4add0d17c1d36c04c58417ef67f075fcb1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:02:cd:32:f2:4b:d7:a2:f7:45:69:35:b9:e3:
                    8f:56:48:c1:a2:76:71:33:9c:ef:e3:d3:8c:9d:94:
                    c8:03:45:6f:cc:c0:ee:3c:60:4a:c3:99:99:28:41:
                    20:0b:08:e4:ae:ad:da:86:89:8b:a2:ad:e0:f5:e9:
                    db:0a:cb:d7:5f:49:6d:52:d0:f7:77:95:c1:1d:83:
                    7d:2a:02:9d:e7:d4:5d:0a:b9:69:4b:73:81:8c:37:
                    6f:9e:77:d7:31:f7:df:db:bd:0a:67:15:72:40:3a:
                    71:9e:1e:98:0c:9e:60:0d:07:f2:c9:ef:d8:b1:55:
                    85:05:22:94:b5:c9:cf:7d:37:11:69:29:a9:88:fb:
                    5a:6f:1a:80:c4:9f:e5:d7:b7:96:ba:4d:ad:0e:4b:
                    dc:1b:1f:bd:a8:11:07:5e:9f:04:19:67:0d:fa:eb:
                    b1:83:25:65:29:3b:85:03:57:6c:63:ba:67:89:83:
                    c7:9a:08:24:e0:52:21:b8:bb:86:fd:48:f0:ba:25:
                    9d:8d:de:12:9f:fd:19:4a:67:02:f5:5b:9b:2e:5a:
                    6d:1c:38:c9:d7:8c:1b:e6:11:d1:a9:8a:91:48:d7:
                    cc:6f:d6:fd:0f:c0:31:d1:c5:7f:7d:d1:65:ae:9c:
                    52:80:c1:30:b4:51:30:ba:fc:db:40:c5:ce:e2:3d:
                    0a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:CF:4A:DD:0D:17:C1:D3:6C:04:C5:84:17:EF:67:F0:75:FC:B1:E4
            X509v3 Authority Key Identifier:
                keyid:29:12:8D:9D:4F:1A:56:E9:70:F8:74:6D:68:27:AC:11:20:F9:26:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KRKNnU8aVulw-HRtaCesESD5Jmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/F89K3Q0XwdNsBMWEF-9n8HX8seQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/11477c-8452-4abb-9147-f0b09c0c90c7/1/KRKNnU8aVulw-HRtaCesESD5Jmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:0c:d2:c5:5c:87:eb:34:37:8a:f4:03:d8:0c:50:b9:33:18:
         55:ad:ec:54:ac:78:37:c8:97:07:89:6c:a1:bf:26:c6:03:a5:
         77:d7:a2:63:e6:a9:52:8a:2f:38:3b:78:1c:c6:67:30:09:53:
         e8:3f:e6:87:91:6e:4d:aa:b3:1a:e3:13:b9:3f:3b:83:bb:e4:
         25:9b:da:aa:e8:c5:8d:e3:a0:5e:b9:ab:d1:50:ce:18:ef:2b:
         6f:f4:20:f2:9e:5f:ae:4f:8c:66:1d:bc:91:10:83:2e:ce:db:
         57:9e:01:b7:9c:e9:00:90:48:f5:9a:a7:92:74:2d:44:eb:24:
         9c:9a:de:09:78:f2:af:ea:02:bb:c2:e3:79:49:2e:82:8c:b9:
         b0:ab:b3:78:ee:c2:8d:84:f5:15:cb:b2:71:a0:09:2b:ab:17:
         48:86:00:0b:ca:60:a9:f1:81:76:47:bd:26:0c:c4:b9:ce:4b:
         7a:70:ef:cb:88:03:61:c2:71:18:2b:ac:55:c8:39:83:5c:b3:
         9f:f3:42:ae:80:3a:01:2a:ed:44:3d:98:f9:ac:fb:1d:cb:30:
         6c:e9:a5:1f:de:b8:c4:7d:48:6c:c8:9f:a5:c6:cb:5f:78:bb:
         0a:9a:fc:ce:87:01:90:5c:f1:73:70:66:46:9d:75:fe:77:16:
         89:74:85:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZS9sfYWLn0QKmt+h2/AIHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MTI4ZDlkNGYxYTU2ZTk3MGY4NzQ2ZDY4MjdhYzExMjBm
OTI2NjcwHhcNMjUwNDIwMTEzMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2NmNGFkZDBkMTdjMWQzNmMwNGM1ODQxN2VmNjdmMDc1ZmNiMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgLNMvJL16L3RWk1ueOPVkjBonZx
M5zv49OMnZTIA0VvzMDuPGBKw5mZKEEgCwjkrq3ahomLoq3g9enbCsvXX0ltUtD3
d5XBHYN9KgKd59RdCrlpS3OBjDdvnnfXMfff270KZxVyQDpxnh6YDJ5gDQfyye/Y
sVWFBSKUtcnPfTcRaSmpiPtabxqAxJ/l17eWuk2tDkvcGx+9qBEHXp8EGWcN+uux
gyVlKTuFA1dsY7pniYPHmggk4FIhuLuG/UjwuiWdjd4Sn/0ZSmcC9VubLlptHDjJ
14wb5hHRqYqRSNfMb9b9D8Ax0cV/fdFlrpxSgMEwtFEwuvzbQMXO4j0KtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfPSt0NF8HTbATFhBfvZ/B1/LHkMB8GA1UdIwQY
MBaAFCkSjZ1PGlbpcPh0bWgnrBEg+SZnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1JLTm5VOGFWdWx3LUhSdGFDZXNFU0Q1Sm1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8xMTQ3N2MtODQ1Mi00YWJiLTkxNDct
ZjBiMDljMGM5MGM3LzEvRjg5SzNRMFh3ZE5zQk1XRUYtOW44SFg4c2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8xMTQ3N2MtODQ1Mi00YWJiLTkxNDctZjBiMDljMGM5MGM3
LzEvS1JLTm5VOGFWdWx3LUhSdGFDZXNFU0Q1Sm1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufkJMA0G
CSqGSIb3DQEBCwUAA4IBAQBYDNLFXIfrNDeK9APYDFC5MxhVrexUrHg3yJcHiWyh
vybGA6V316Jj5qlSii84O3gcxmcwCVPoP+aHkW5NqrMa4xO5PzuDu+Qlm9qq6MWN
46BeuavRUM4Y7ytv9CDynl+uT4xmHbyREIMuzttXngG3nOkAkEj1mqeSdC1E6ySc
mt4JePKv6gK7wuN5SS6CjLmwq7N47sKNhPUVy7JxoAkrqxdIhgALymCp8YF2R70m
DMS5zkt6cO/LiANhwnEYK6xVyDmDXLOf80KugDoBKu1EPZj5rPsdyzBs6aUf3rjE
fUhsyJ+lxstfeLsKmvzOhwGQXPFzcGZGnXX+dxaJdIVQ
-----END CERTIFICATE-----