Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/8dc703-1631-40f8-90c5-18a30c30290d/1/DxXlggjGeD8xi5Q7u5q0UdYGeD4.roa
File:                     DxXlggjGeD8xi5Q7u5q0UdYGeD4.roa (raw, json)
Hash identifier:          T/JuFaVlUxyTD3DkVQS50ptpTXr7nkIG3gAXWtJvyy8=
Subject key identifier:   0F:15:E5:82:08:C6:78:3F:31:8B:94:3B:BB:9A:B4:51:D6:06:78:3E
Certificate issuer:       /CN=92510a6871c29bc0292068a9b72dc34ff81b4fc7
Certificate serial:       018CC56EDAEDF7BAD61B3E912095707A19B7
Authority key identifier: 92:51:0A:68:71:C2:9B:C0:29:20:68:A9:B7:2D:C3:4F:F8:1B:4F:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klEKaHHCm8ApIGipty3DT_gbT8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/8dc703-1631-40f8-90c5-18a30c30290d/1/DxXlggjGeD8xi5Q7u5q0UdYGeD4.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44185
IP address blocks:        92.60.48.0/22 maxlen: 24
                          185.91.200.0/22 maxlen: 24
                          2a01:b200::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/8dc703-1631-40f8-90c5-18a30c30290d/1/klEKaHHCm8ApIGipty3DT_gbT8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/8dc703-1631-40f8-90c5-18a30c30290d/1/klEKaHHCm8ApIGipty3DT_gbT8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klEKaHHCm8ApIGipty3DT_gbT8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:da:ed:f7:ba:d6:1b:3e:91:20:95:70:7a:19:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92510a6871c29bc0292068a9b72dc34ff81b4fc7
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f15e58208c6783f318b943bbb9ab451d606783e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:90:a4:0a:f1:c4:f0:61:6b:b3:e3:0f:f3:df:
                    ff:a1:f0:ac:6c:c7:50:2a:88:77:e3:07:94:b9:bc:
                    04:69:97:86:21:9e:a9:4e:d2:b3:2e:3c:80:d4:1d:
                    c4:a7:ad:18:2d:6c:57:bf:59:39:76:de:69:c2:23:
                    0d:64:21:5c:ee:61:32:d5:07:fe:16:d0:2a:9b:a6:
                    3a:e5:f9:59:f3:41:92:bf:42:1f:f4:01:5f:cd:76:
                    9b:27:6c:61:39:fe:05:37:21:7a:c8:96:b9:71:b9:
                    d8:20:33:df:27:95:af:b8:14:34:56:17:96:e6:3e:
                    fe:a5:4d:87:0c:38:12:0e:bd:4d:b3:f3:b8:38:a8:
                    29:3b:a5:6d:c3:49:cb:bb:b9:69:32:c8:c8:e9:9b:
                    64:34:c3:35:f8:69:82:25:99:d1:e3:4c:ca:ed:50:
                    2b:0c:6c:81:7f:c7:da:26:6a:d5:9a:aa:de:22:b0:
                    5f:bf:8c:b7:d3:c9:0f:5c:35:48:5c:24:bc:a4:3c:
                    1a:04:34:76:ac:81:fe:04:8b:ef:60:25:9d:59:70:
                    9e:f0:46:ed:ee:87:80:41:8b:1a:ed:ab:ce:98:3d:
                    b2:5b:ed:11:47:fd:6c:03:3a:dd:14:2e:5e:36:2d:
                    8f:41:30:4a:9e:58:a4:41:28:b2:14:18:aa:52:f4:
                    d1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:15:E5:82:08:C6:78:3F:31:8B:94:3B:BB:9A:B4:51:D6:06:78:3E
            X509v3 Authority Key Identifier:
                keyid:92:51:0A:68:71:C2:9B:C0:29:20:68:A9:B7:2D:C3:4F:F8:1B:4F:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klEKaHHCm8ApIGipty3DT_gbT8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8dc703-1631-40f8-90c5-18a30c30290d/1/DxXlggjGeD8xi5Q7u5q0UdYGeD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/8dc703-1631-40f8-90c5-18a30c30290d/1/klEKaHHCm8ApIGipty3DT_gbT8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.48.0/22
                  185.91.200.0/22
                IPv6:
                  2a01:b200::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:05:4c:f7:b4:38:b3:96:30:ab:2d:86:fe:9b:d1:bb:ce:de:
         7d:17:66:c7:2c:77:72:2b:1e:1a:95:a4:85:45:52:96:24:21:
         f0:61:fc:9b:fb:45:ec:59:d3:4c:1e:a1:0d:ab:b2:7e:37:f5:
         d8:81:d4:2f:ce:9e:79:c6:21:94:e3:a2:0a:ae:bf:a3:c3:9d:
         c4:09:3c:20:4a:39:8f:c7:7e:b8:d1:15:de:8e:2e:bd:12:f5:
         73:23:13:2b:16:ff:b1:21:b6:0c:ec:a2:e1:b8:35:f2:e2:49:
         e5:03:28:f0:bc:e7:38:f6:6f:2d:12:d4:2e:e2:8c:de:48:65:
         7d:e1:d4:74:02:59:12:05:e4:97:38:63:82:57:2f:80:79:a8:
         a9:66:6e:05:45:ac:35:31:1d:c7:e8:08:56:5a:45:cc:59:fd:
         31:a5:50:5d:a4:a6:4c:13:d9:bf:84:a2:57:9a:8b:ec:bf:f6:
         19:65:1d:48:f6:af:d5:e4:5e:74:dd:cb:f0:62:ed:67:9d:53:
         45:f5:08:d8:8a:09:b4:ba:5e:ab:21:8a:79:1e:57:45:b6:04:
         69:0e:fd:3b:44:20:ce:32:1f:fd:83:ab:a1:73:7c:8a:ea:6c:
         d6:da:54:b1:b9:93:97:40:87:26:75:59:69:3f:e3:aa:31:a4:
         1b:9c:f2:58
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbtrt97rWGz6RIJVwehm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTEwYTY4NzFjMjliYzAyOTIwNjhhOWI3MmRjMzRmZjgx
YjRmYzcwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE1ZTU4MjA4YzY3ODNmMzE4Yjk0M2JiYjlhYjQ1MWQ2MDY3ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5CkCvHE8GFrs+MP89//ofCsbMdQ
Koh34weUubwEaZeGIZ6pTtKzLjyA1B3Ep60YLWxXv1k5dt5pwiMNZCFc7mEy1Qf+
FtAqm6Y65flZ80GSv0If9AFfzXabJ2xhOf4FNyF6yJa5cbnYIDPfJ5WvuBQ0VheW
5j7+pU2HDDgSDr1Ns/O4OKgpO6Vtw0nLu7lpMsjI6ZtkNMM1+GmCJZnR40zK7VAr
DGyBf8faJmrVmqreIrBfv4y308kPXDVIXCS8pDwaBDR2rIH+BIvvYCWdWXCe8Ebt
7oeAQYsa7avOmD2yW+0RR/1sAzrdFC5eNi2PQTBKnlikQSiyFBiqUvTRZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA8V5YIIxng/MYuUO7uatFHWBng+MB8GA1UdIwQY
MBaAFJJRCmhxwpvAKSBoqbctw0/4G0/HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xFS2FISENtOEFwSUdpcHR5M0RUX2diVDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni84ZGM3MDMtMTYzMS00MGY4LTkwYzUt
MThhMzBjMzAyOTBkLzEvRHhYbGdnakdlRDh4aTVRN3U1cTBVZFlHZUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni84ZGM3MDMtMTYzMS00MGY4LTkwYzUtMThhMzBjMzAyOTBk
LzEva2xFS2FISENtOEFwSUdpcHR5M0RUX2diVDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCXDwwAwQC
uVvIMA0EAgACMAcDBQAqAbIAMA0GCSqGSIb3DQEBCwUAA4IBAQAnBUz3tDizljCr
LYb+m9G7zt59F2bHLHdyKx4alaSFRVKWJCHwYfyb+0XsWdNMHqENq7J+N/XYgdQv
zp55xiGU46IKrr+jw53ECTwgSjmPx3640RXeji69EvVzIxMrFv+xIbYM7KLhuDXy
4knlAyjwvOc49m8tEtQu4ozeSGV94dR0AlkSBeSXOGOCVy+AeaipZm4FRaw1MR3H
6AhWWkXMWf0xpVBdpKZME9m/hKJXmovsv/YZZR1I9q/V5F503cvwYu1nnVNF9QjY
igm0ul6rIYp5HldFtgRpDv07RCDOMh/9g6uhc3yK6mzW2lSxuZOXQIcmdVlpP+Oq
MaQbnPJY
-----END CERTIFICATE-----