Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/q84HinkjA2umD9EOiB1nitNUMbE.roa
File:                     q84HinkjA2umD9EOiB1nitNUMbE.roa (raw, json)
Hash identifier:          2cSZe7vB7FkL2CW4hHagsLoij2XRcHY4YUaQuqkNGXA=
Subject key identifier:   AB:CE:07:8A:79:23:03:6B:A6:0F:D1:0E:88:1D:67:8A:D3:54:31:B1
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018E8E63BE55CAB35C984DBE8AC782ECFF8F
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/q84HinkjA2umD9EOiB1nitNUMbE.roa
Signing time:             Sat 30 Mar 2024 08:04:45 +0000
ROA not before:           Sat 30 Mar 2024 08:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136258
IP address blocks:        92.118.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8e:63:be:55:ca:b3:5c:98:4d:be:8a:c7:82:ec:ff:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Mar 30 08:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abce078a7923036ba60fd10e881d678ad35431b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ea:49:7f:fa:29:40:19:ac:11:b3:cd:20:0a:
                    ee:9f:9a:a6:0d:3c:32:17:4b:b3:b1:87:24:c5:ee:
                    e3:20:ed:98:29:86:af:19:d4:55:80:01:c9:99:de:
                    c5:00:96:75:8f:11:71:7a:9d:0d:bd:16:93:00:62:
                    1a:c4:18:21:d6:e4:1e:4f:b9:c1:67:08:79:e3:33:
                    09:43:30:3e:f0:2a:c7:ea:7e:7e:b4:60:9d:13:55:
                    a6:22:71:38:b3:55:1a:3c:d3:07:be:64:bf:df:fe:
                    7f:47:10:a8:29:38:14:02:9f:15:58:67:6d:75:7a:
                    cd:d7:eb:f1:20:18:a9:4d:04:cd:b1:8a:d0:52:ff:
                    00:38:05:9c:a1:e7:5d:e6:68:29:73:8d:0f:45:e9:
                    6d:06:af:93:26:55:3b:cd:65:20:63:f1:0d:87:aa:
                    cd:0f:5f:4c:67:34:b8:58:cb:22:b0:9e:e0:5d:2d:
                    c0:c2:69:b4:d4:e7:0b:1b:f1:7e:a0:cc:0f:8d:45:
                    ab:d0:e1:bf:60:1d:48:b3:1d:99:85:4d:b9:8c:f6:
                    d0:0f:34:e5:fb:8b:71:17:b3:86:e9:2f:1c:77:70:
                    01:c2:ce:d7:1d:10:35:49:d9:be:ad:80:35:98:32:
                    86:c7:fa:a1:6f:9d:cd:3a:69:ca:15:eb:f7:b1:42:
                    51:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CE:07:8A:79:23:03:6B:A6:0F:D1:0E:88:1D:67:8A:D3:54:31:B1
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/q84HinkjA2umD9EOiB1nitNUMbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:ca:3a:dc:7d:c4:d9:f5:8e:21:fc:69:06:1a:9a:3e:56:df:
         8d:32:7c:18:ee:7f:a8:e0:a3:f8:31:56:68:3f:5a:ad:8d:d6:
         de:e4:cf:3c:89:20:88:63:02:a1:0c:40:69:03:ef:04:71:75:
         71:e3:41:4c:6f:ab:54:79:09:43:c5:68:ae:a0:83:c6:9c:e2:
         b5:a1:37:70:ea:9d:0a:d0:1e:00:ea:18:a8:bf:2b:f5:96:20:
         eb:a1:73:d7:89:df:a6:88:32:f8:cb:cf:7a:15:ad:50:48:91:
         e0:fe:5b:b7:d0:42:10:57:a9:52:f9:ea:d1:a8:53:8d:48:98:
         1d:56:b0:70:2e:da:b5:10:c7:fd:ad:ce:66:db:3a:89:53:a4:
         c9:84:bf:68:23:0b:7f:3f:d2:2b:e3:b9:56:31:b7:5f:81:00:
         a5:a3:e8:25:a4:f8:bc:b8:d4:fb:59:c5:75:b4:a8:e9:a2:1e:
         d9:da:fa:42:70:e4:4d:56:d1:af:e1:55:23:c1:76:b4:2d:81:
         97:58:b2:fb:a0:d6:98:b0:46:0a:17:63:36:3d:55:49:7c:be:
         25:5d:cc:bb:40:2f:cd:b5:09:5a:f7:65:cd:48:c9:8d:73:3c:
         43:d6:d9:2b:c9:0e:1a:90:8f:fb:ec:4f:7b:db:db:84:1a:ad:
         f6:74:b4:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6OY75VyrNcmE2+iseC7P+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMzMwMDgwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmNlMDc4YTc5MjMwMzZiYTYwZmQxMGU4ODFkNjc4YWQzNTQzMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjepJf/opQBmsEbPNIArun5qmDTwy
F0uzsYckxe7jIO2YKYavGdRVgAHJmd7FAJZ1jxFxep0NvRaTAGIaxBgh1uQeT7nB
Zwh54zMJQzA+8CrH6n5+tGCdE1WmInE4s1UaPNMHvmS/3/5/RxCoKTgUAp8VWGdt
dXrN1+vxIBipTQTNsYrQUv8AOAWcoedd5mgpc40PReltBq+TJlU7zWUgY/ENh6rN
D19MZzS4WMsisJ7gXS3Awmm01OcLG/F+oMwPjUWr0OG/YB1Isx2ZhU25jPbQDzTl
+4txF7OG6S8cd3ABws7XHRA1Sdm+rYA1mDKGx/qhb53NOmnKFev3sUJRtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvOB4p5IwNrpg/RDogdZ4rTVDGxMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvcTg0SGlua2pBMnVtRDlFT2lCMW5pdE5VTWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHbNMA0G
CSqGSIb3DQEBCwUAA4IBAQBlyjrcfcTZ9Y4h/GkGGpo+Vt+NMnwY7n+o4KP4MVZo
P1qtjdbe5M88iSCIYwKhDEBpA+8EcXVx40FMb6tUeQlDxWiuoIPGnOK1oTdw6p0K
0B4A6hiovyv1liDroXPXid+miDL4y896Fa1QSJHg/lu30EIQV6lS+erRqFONSJgd
VrBwLtq1EMf9rc5m2zqJU6TJhL9oIwt/P9Ir47lWMbdfgQClo+glpPi8uNT7WcV1
tKjpoh7Z2vpCcORNVtGv4VUjwXa0LYGXWLL7oNaYsEYKF2M2PVVJfL4lXcy7QC/N
tQla92XNSMmNczxD1tkryQ4akI/77E9729uEGq32dLRv
-----END CERTIFICATE-----