Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/81eaf6-66cf-4b21-8ffb-08bdcd533b61/1/QmloTwHmKmhH5yTgs5RYG5We5V0.roa
File:                     QmloTwHmKmhH5yTgs5RYG5We5V0.roa (raw, json)
Hash identifier:          SDb4w6Xih9Jc30muPCmHxCC2JvDjlGQ8i3Yn58XL+7U=
Subject key identifier:   42:69:68:4F:01:E6:2A:68:47:E7:24:E0:B3:94:58:1B:95:9E:E5:5D
Certificate issuer:       /CN=8ead45e317257e170a2030e79b0f5f74406a7842
Certificate serial:       018CC2DB4FA61B48D7C27D53B5446ADC74C3
Authority key identifier: 8E:AD:45:E3:17:25:7E:17:0A:20:30:E7:9B:0F:5F:74:40:6A:78:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jq1F4xclfhcKIDDnmw9fdEBqeEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/81eaf6-66cf-4b21-8ffb-08bdcd533b61/1/QmloTwHmKmhH5yTgs5RYG5We5V0.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        92.119.245.0/24 maxlen: 24
                          92.119.244.0/24 maxlen: 24
                          92.119.246.0/24 maxlen: 24
                          92.119.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/81eaf6-66cf-4b21-8ffb-08bdcd533b61/1/jq1F4xclfhcKIDDnmw9fdEBqeEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/81eaf6-66cf-4b21-8ffb-08bdcd533b61/1/jq1F4xclfhcKIDDnmw9fdEBqeEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jq1F4xclfhcKIDDnmw9fdEBqeEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4f:a6:1b:48:d7:c2:7d:53:b5:44:6a:dc:74:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ead45e317257e170a2030e79b0f5f74406a7842
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4269684f01e62a6847e724e0b394581b959ee55d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9b:71:78:aa:f7:48:f9:d6:68:9b:a7:71:16:
                    b8:34:53:66:0e:23:24:b3:23:47:d4:60:3d:9e:e7:
                    a5:cf:b0:79:75:23:fa:9d:4f:dc:f4:a7:5a:54:b1:
                    a2:41:93:14:07:8f:80:ce:36:f5:0a:7c:63:44:f7:
                    9b:c6:8c:77:7c:56:1b:9e:74:2c:b8:78:6d:1f:6f:
                    a3:8e:99:c1:ee:7e:22:04:ea:2f:dc:f2:e2:ac:71:
                    95:b5:c4:36:e9:1c:d2:69:7f:84:02:af:e0:e4:9e:
                    b9:79:94:28:47:08:cb:29:60:81:78:93:d4:01:b2:
                    27:06:a5:ac:8d:91:56:f6:4b:06:18:a3:ba:bb:80:
                    96:24:2d:8c:83:51:3a:29:53:c2:95:54:5b:4d:42:
                    bc:a3:c5:b5:52:f2:00:ac:96:4c:70:fa:8d:63:19:
                    28:82:ad:24:28:c2:93:74:38:7f:87:5b:34:5e:86:
                    2f:59:0f:e2:90:53:4c:00:3a:1e:67:c3:1f:69:cf:
                    f5:a3:82:86:68:43:cc:f4:27:4b:bc:91:1d:8d:eb:
                    05:8c:6c:60:9f:ce:24:27:ef:79:89:44:24:3d:86:
                    c8:79:e3:31:09:c1:42:46:07:a0:7b:f3:06:df:8e:
                    4b:f1:6d:54:2e:66:5e:44:11:1c:71:1b:9f:06:2c:
                    3a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:69:68:4F:01:E6:2A:68:47:E7:24:E0:B3:94:58:1B:95:9E:E5:5D
            X509v3 Authority Key Identifier:
                keyid:8E:AD:45:E3:17:25:7E:17:0A:20:30:E7:9B:0F:5F:74:40:6A:78:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jq1F4xclfhcKIDDnmw9fdEBqeEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/81eaf6-66cf-4b21-8ffb-08bdcd533b61/1/QmloTwHmKmhH5yTgs5RYG5We5V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/81eaf6-66cf-4b21-8ffb-08bdcd533b61/1/jq1F4xclfhcKIDDnmw9fdEBqeEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:54:f0:0c:1a:cb:f1:0a:fc:57:35:6a:0c:58:17:fa:cb:db:
         03:dc:7f:8f:23:03:60:3f:85:cc:8a:cd:e7:82:69:b3:10:c8:
         b8:fd:5a:92:cb:9a:f1:4b:e7:0b:ae:dc:ce:b5:20:8b:be:34:
         33:a3:65:03:bb:92:76:15:16:ca:81:9e:30:98:c3:3e:ea:dd:
         4b:1b:cb:4e:67:16:40:2d:cf:47:f7:06:c8:5f:03:f0:73:2d:
         18:01:b8:c2:67:55:a0:0c:de:6e:3a:50:82:0c:89:67:79:df:
         98:96:65:9e:95:63:6f:52:73:f7:e6:8b:6d:9b:ce:17:c9:21:
         82:49:71:56:e0:85:f2:8c:21:5e:41:f8:d4:ce:6d:e1:71:51:
         c0:cd:74:65:1d:32:b4:9e:c9:88:14:a4:47:6e:b3:fc:c3:20:
         cc:85:f4:87:ad:30:6d:b2:f9:ff:ec:e5:4c:27:99:29:aa:0d:
         c5:67:95:ef:9e:0e:c7:05:ce:88:af:aa:dd:47:3d:f1:4f:dc:
         e4:3e:e3:0f:c3:c5:3f:b3:5e:ed:76:9e:39:64:ea:fa:b8:a3:
         68:e1:fc:e1:67:c2:4e:b6:73:8b:7b:bb:05:34:c0:bb:7e:e7:
         d7:f0:7b:36:62:03:ac:dc:f4:9c:7b:82:8b:c2:1a:22:03:ed:
         53:5d:bd:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20+mG0jXwn1TtURq3HTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYWQ0NWUzMTcyNTdlMTcwYTIwMzBlNzliMGY1Zjc0NDA2
YTc4NDIwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY5Njg0ZjAxZTYyYTY4NDdlNzI0ZTBiMzk0NTgxYjk1OWVlNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5txeKr3SPnWaJuncRa4NFNmDiMk
syNH1GA9nuelz7B5dSP6nU/c9KdaVLGiQZMUB4+Azjb1CnxjRPebxox3fFYbnnQs
uHhtH2+jjpnB7n4iBOov3PLirHGVtcQ26RzSaX+EAq/g5J65eZQoRwjLKWCBeJPU
AbInBqWsjZFW9ksGGKO6u4CWJC2Mg1E6KVPClVRbTUK8o8W1UvIArJZMcPqNYxko
gq0kKMKTdDh/h1s0XoYvWQ/ikFNMADoeZ8Mfac/1o4KGaEPM9CdLvJEdjesFjGxg
n84kJ+95iUQkPYbIeeMxCcFCRgege/MG345L8W1ULmZeRBEccRufBiw6OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJpaE8B5ipoR+ck4LOUWBuVnuVdMB8GA1UdIwQY
MBaAFI6tReMXJX4XCiAw55sPX3RAanhCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanExRjR4Y2xmaGNLSUREbm13OWZkRUJxZUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS84MWVhZjYtNjZjZi00YjIxLThmZmIt
MDhiZGNkNTMzYjYxLzEvUW1sb1R3SG1LbWhINXlUZ3M1UllHNVdlNVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS84MWVhZjYtNjZjZi00YjIxLThmZmItMDhiZGNkNTMzYjYx
LzEvanExRjR4Y2xmaGNLSUREbm13OWZkRUJxZUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHf0MA0G
CSqGSIb3DQEBCwUAA4IBAQA+VPAMGsvxCvxXNWoMWBf6y9sD3H+PIwNgP4XMis3n
gmmzEMi4/VqSy5rxS+cLrtzOtSCLvjQzo2UDu5J2FRbKgZ4wmMM+6t1LG8tOZxZA
Lc9H9wbIXwPwcy0YAbjCZ1WgDN5uOlCCDIlned+YlmWelWNvUnP35ottm84XySGC
SXFW4IXyjCFeQfjUzm3hcVHAzXRlHTK0nsmIFKRHbrP8wyDMhfSHrTBtsvn/7OVM
J5kpqg3FZ5Xvng7HBc6Ir6rdRz3xT9zkPuMPw8U/s17tdp45ZOr6uKNo4fzhZ8JO
tnOLe7sFNMC7fufX8Hs2YgOs3PSce4KLwhoiA+1TXb2k
-----END CERTIFICATE-----