Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/af4ObNKlTAQY3WJ6Z9MSMi9goec.roa
File:                     af4ObNKlTAQY3WJ6Z9MSMi9goec.roa (raw, json)
Hash identifier:          5yMEUCv4NX9QrdRcocOQ4y/BXPnbWhjlvU3aM23dUo8=
Subject key identifier:   69:FE:0E:6C:D2:A5:4C:04:18:DD:62:7A:67:D3:12:32:2F:60:A1:E7
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019421B23832A43946EE84E06D8EE5FE8547
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/af4ObNKlTAQY3WJ6Z9MSMi9goec.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57707
IP address blocks:        92.119.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:38:32:a4:39:46:ee:84:e0:6d:8e:e5:fe:85:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69fe0e6cd2a54c0418dd627a67d312322f60a1e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:98:a6:d4:cb:58:8a:37:e3:35:a6:73:6a:fb:
                    90:1b:82:ad:c7:24:bc:94:ff:65:0e:41:cc:6d:3e:
                    85:7e:79:49:69:a5:00:60:d3:0d:37:30:0e:6e:25:
                    ce:7f:fe:9b:90:39:5a:43:d4:7c:42:c2:4a:f2:dd:
                    ea:81:0b:c5:05:49:16:12:25:7c:c0:be:6c:9e:4d:
                    af:fe:29:d3:c2:98:7a:18:f5:13:99:6a:4a:cc:3c:
                    dd:51:7b:67:a4:69:3b:11:e8:af:8f:0f:ca:fb:82:
                    2d:fe:ff:f6:87:16:b1:f8:c6:16:bd:f6:a4:b3:71:
                    d6:df:9e:4c:a6:af:2c:fd:f6:20:ae:9b:bb:6f:59:
                    64:aa:68:3d:a3:21:b7:99:6f:3f:b3:7a:2e:22:98:
                    96:bc:a5:a3:57:f4:fb:83:0b:fd:64:ac:88:f0:bb:
                    cb:5c:34:da:6d:ab:5a:75:4f:7c:aa:8e:81:0f:e1:
                    ac:b5:43:2c:b3:5a:04:71:e0:18:3a:32:3f:6b:b3:
                    56:a6:c1:8d:71:34:45:60:60:e9:7d:ce:25:6a:7c:
                    7d:f7:73:5a:14:4c:6e:52:6d:ef:b2:05:70:ff:c6:
                    20:ac:85:2f:28:6d:98:77:d0:ca:de:49:4a:62:be:
                    c0:94:d0:53:ab:4a:4d:97:43:95:82:32:78:5f:a8:
                    5d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FE:0E:6C:D2:A5:4C:04:18:DD:62:7A:67:D3:12:32:2F:60:A1:E7
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/af4ObNKlTAQY3WJ6Z9MSMi9goec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:6d:4c:9d:27:25:a4:7b:a7:1b:4f:44:a7:3c:b6:84:9d:4e:
         95:fe:89:96:9a:9a:aa:df:f5:be:f6:91:3c:f4:02:1d:e8:83:
         b8:ab:b3:96:01:1d:77:dd:6f:ae:b7:a1:09:c0:1e:5e:86:bf:
         bc:02:66:5e:0f:23:71:ae:2b:d5:f8:a6:94:0c:d2:75:25:9d:
         7a:61:a3:66:cf:84:c3:1d:a8:16:0a:0b:77:1a:b8:58:9d:b7:
         71:e3:6a:46:8f:ab:fa:d4:ac:4c:c9:c5:c5:be:6b:3f:40:4a:
         d3:4f:48:89:76:d6:66:7e:1d:96:45:93:d3:0a:13:eb:7b:b2:
         c3:14:33:5b:fa:c1:00:fa:ae:f8:14:9a:99:96:2f:b0:30:45:
         d9:a6:56:f0:74:2e:90:9b:e5:30:93:ee:c8:bf:d9:d6:13:06:
         64:5d:98:ff:e6:0b:37:a3:b3:92:01:31:f8:8d:e7:94:9d:e2:
         b9:54:39:05:a2:3a:1d:12:dd:a6:15:c9:f7:d5:60:77:68:14:
         87:00:a0:f3:5b:57:35:ab:34:95:d8:6e:ce:9a:e4:6a:83:03:
         8c:b4:07:66:31:30:a6:09:bf:ca:fe:6a:37:f3:77:b1:44:0c:
         5a:1b:e2:41:15:34:c5:2a:f1:de:6b:c8:45:05:11:b8:ef:e8:
         ce:01:2a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjgypDlG7oTgbY7l/oVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWZlMGU2Y2QyYTU0YzA0MThkZDYyN2E2N2QzMTIzMjJmNjBhMWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpim1MtYijfjNaZzavuQG4KtxyS8
lP9lDkHMbT6FfnlJaaUAYNMNNzAObiXOf/6bkDlaQ9R8QsJK8t3qgQvFBUkWEiV8
wL5snk2v/inTwph6GPUTmWpKzDzdUXtnpGk7Eeivjw/K+4It/v/2hxax+MYWvfak
s3HW355Mpq8s/fYgrpu7b1lkqmg9oyG3mW8/s3ouIpiWvKWjV/T7gwv9ZKyI8LvL
XDTabatadU98qo6BD+GstUMss1oEceAYOjI/a7NWpsGNcTRFYGDpfc4lanx993Na
FExuUm3vsgVw/8YgrIUvKG2Yd9DK3klKYr7AlNBTq0pNl0OVgjJ4X6hdfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGn+DmzSpUwEGN1iemfTEjIvYKHnMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvYWY0T2JOS2xUQVFZM1dKNlo5TVNNaTlnb2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHe4MA0G
CSqGSIb3DQEBCwUAA4IBAQCPbUydJyWke6cbT0SnPLaEnU6V/omWmpqq3/W+9pE8
9AId6IO4q7OWAR133W+ut6EJwB5ehr+8AmZeDyNxrivV+KaUDNJ1JZ16YaNmz4TD
HagWCgt3GrhYnbdx42pGj6v61KxMycXFvms/QErTT0iJdtZmfh2WRZPTChPre7LD
FDNb+sEA+q74FJqZli+wMEXZplbwdC6Qm+Uwk+7Iv9nWEwZkXZj/5gs3o7OSATH4
jeeUneK5VDkFojodEt2mFcn31WB3aBSHAKDzW1c1qzSV2G7OmuRqgwOMtAdmMTCm
Cb/K/mo383exRAxaG+JBFTTFKvHea8hFBRG47+jOASqF
-----END CERTIFICATE-----