Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/rFCa92sZ57rbSlpDFnJkYc6lQas.roa
File:                     rFCa92sZ57rbSlpDFnJkYc6lQas.roa (raw, json)
Hash identifier:          F4iKR691e2AK34cFxmtOhRMANb+mE4me/fLCv0E4c8M=
Subject key identifier:   AC:50:9A:F7:6B:19:E7:BA:DB:4A:5A:43:16:72:64:61:CE:A5:41:AB
Certificate issuer:       /CN=aab78616f3b39ed4820d04ce098ea7c20655314b
Certificate serial:       0194258F5086D9843A7803A79131EFA61B5A
Authority key identifier: AA:B7:86:16:F3:B3:9E:D4:82:0D:04:CE:09:8E:A7:C2:06:55:31:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qreGFvOzntSCDQTOCY6nwgZVMUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/rFCa92sZ57rbSlpDFnJkYc6lQas.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202682
IP address blocks:        92.119.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/qreGFvOzntSCDQTOCY6nwgZVMUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/qreGFvOzntSCDQTOCY6nwgZVMUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qreGFvOzntSCDQTOCY6nwgZVMUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 11:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:50:86:d9:84:3a:78:03:a7:91:31:ef:a6:1b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aab78616f3b39ed4820d04ce098ea7c20655314b
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac509af76b19e7badb4a5a4316726461cea541ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8a:73:1a:c2:cb:c5:e9:7c:ca:6c:08:fc:3a:
                    6a:7a:3c:a1:62:f6:a4:18:03:5e:1d:d8:4a:c0:17:
                    c6:1e:55:e9:f7:9c:fa:cf:25:f6:d4:b9:15:11:07:
                    e8:4b:3b:bb:4f:c4:4d:e6:16:64:1b:b7:69:b3:6e:
                    2d:b1:7c:b9:af:66:13:bf:98:cb:ca:a3:00:0b:f0:
                    74:ff:fc:ee:82:8e:b0:34:27:62:3a:44:be:5d:13:
                    97:d2:ae:4f:60:f3:ff:80:28:6b:5a:c3:61:9f:8a:
                    dc:e0:f2:a6:05:dc:2d:45:ab:42:8e:64:41:3d:69:
                    f7:fb:53:d9:d8:f5:16:f9:9f:bc:a3:69:1f:b3:ea:
                    8c:89:28:9b:1d:1d:2a:04:ae:01:6e:86:11:a6:3d:
                    31:10:d6:86:45:24:c0:6a:5b:d1:ec:2c:73:1c:f8:
                    04:c2:87:48:33:b9:12:0b:73:b9:7d:f4:dc:54:d7:
                    b6:80:43:f7:a3:22:6f:77:d3:bf:e1:3a:e9:f9:21:
                    21:14:32:2f:5e:d6:fb:b5:4e:36:ad:15:98:a0:3f:
                    ff:3f:91:59:e8:3f:89:cd:3e:89:27:4b:e5:ee:3e:
                    1b:fb:1f:52:29:04:34:ac:fd:9d:6d:d9:12:c0:3c:
                    93:01:f9:84:50:cf:fa:6b:47:54:a0:ed:61:ac:33:
                    a8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:50:9A:F7:6B:19:E7:BA:DB:4A:5A:43:16:72:64:61:CE:A5:41:AB
            X509v3 Authority Key Identifier:
                keyid:AA:B7:86:16:F3:B3:9E:D4:82:0D:04:CE:09:8E:A7:C2:06:55:31:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qreGFvOzntSCDQTOCY6nwgZVMUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/rFCa92sZ57rbSlpDFnJkYc6lQas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/qreGFvOzntSCDQTOCY6nwgZVMUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:ba:33:50:bb:0b:c2:34:78:1d:f1:d4:1d:08:db:0d:9e:4c:
         17:7b:75:59:d6:92:ca:92:d5:62:7c:df:71:05:f3:1e:79:0a:
         f1:09:54:2d:40:09:a0:32:f0:d3:0b:88:b9:2b:e3:8b:ca:75:
         b6:0e:08:09:73:3b:4e:bd:72:38:d6:01:2d:0c:74:1b:92:3f:
         5b:0a:40:32:37:b9:2e:94:ff:50:00:00:39:3f:52:80:88:9a:
         0f:f0:58:28:1e:4f:82:2e:9f:a1:94:fc:ff:8f:51:8c:ee:ca:
         db:87:08:39:3c:77:25:9f:e0:b3:d9:73:62:49:98:88:89:5e:
         75:68:ad:7c:64:a6:74:74:a3:fc:be:70:c3:12:47:07:e6:6b:
         72:50:a0:e7:64:44:0a:ee:a0:1f:8d:f9:8f:e4:ae:1c:69:b7:
         eb:02:77:15:21:e2:32:8e:82:dd:22:32:f6:aa:ed:43:92:ec:
         9a:ef:7e:63:c7:09:28:92:0d:6b:94:4a:a8:83:3c:ae:f7:4c:
         d7:a0:0a:f7:8e:9c:bf:73:0e:39:1e:fe:30:ce:ae:38:7f:95:
         d0:d1:9c:49:24:2f:10:b0:07:ab:75:60:79:ec:78:6f:89:aa:
         b9:80:a5:05:81:08:40:74:01:2e:3e:a3:77:64:f6:47:f7:10:
         3f:d6:20:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1CG2YQ6eAOnkTHvphtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjc4NjE2ZjNiMzllZDQ4MjBkMDRjZTA5OGVhN2MyMDY1
NTMxNGIwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzUwOWFmNzZiMTllN2JhZGI0YTVhNDMxNjcyNjQ2MWNlYTU0MWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4pzGsLLxel8ymwI/DpqejyhYvak
GANeHdhKwBfGHlXp95z6zyX21LkVEQfoSzu7T8RN5hZkG7dps24tsXy5r2YTv5jL
yqMAC/B0//zugo6wNCdiOkS+XROX0q5PYPP/gChrWsNhn4rc4PKmBdwtRatCjmRB
PWn3+1PZ2PUW+Z+8o2kfs+qMiSibHR0qBK4BboYRpj0xENaGRSTAalvR7CxzHPgE
wodIM7kSC3O5ffTcVNe2gEP3oyJvd9O/4Trp+SEhFDIvXtb7tU42rRWYoD//P5FZ
6D+JzT6JJ0vl7j4b+x9SKQQ0rP2dbdkSwDyTAfmEUM/6a0dUoO1hrDOoWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxQmvdrGee620paQxZyZGHOpUGrMB8GA1UdIwQY
MBaAFKq3hhbzs57Ugg0EzgmOp8IGVTFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJlR0Z2T3pudFNDRFFUT0NZNm53Z1pWTVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9jMzhiNmItYWIwOS00NmFhLTg3ZWYt
ZWJhYTZmZjdkODg2LzEvckZDYTkyc1o1N3JiU2xwREZuSmtZYzZsUWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9jMzhiNmItYWIwOS00NmFhLTg3ZWYtZWJhYTZmZjdkODg2
LzEvcXJlR0Z2T3pudFNDRFFUT0NZNm53Z1pWTVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHdAMA0G
CSqGSIb3DQEBCwUAA4IBAQBZujNQuwvCNHgd8dQdCNsNnkwXe3VZ1pLKktVifN9x
BfMeeQrxCVQtQAmgMvDTC4i5K+OLynW2DggJcztOvXI41gEtDHQbkj9bCkAyN7ku
lP9QAAA5P1KAiJoP8FgoHk+CLp+hlPz/j1GM7srbhwg5PHcln+Cz2XNiSZiIiV51
aK18ZKZ0dKP8vnDDEkcH5mtyUKDnZEQK7qAfjfmP5K4cabfrAncVIeIyjoLdIjL2
qu1Dkuya735jxwkokg1rlEqogzyu90zXoAr3jpy/cw45Hv4wzq44f5XQ0ZxJJC8Q
sAerdWB57Hhviaq5gKUFgQhAdAEuPqN3ZPZH9xA/1iA4
-----END CERTIFICATE-----