Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/u4riyzJYopto-vKczpX9n3DSfIk.roa
File:                     u4riyzJYopto-vKczpX9n3DSfIk.roa (raw, json)
Hash identifier:          U3Yt8FIxSxxpz0k/3I9I+MvibSvj5D10rh0DPizPRsQ=
Subject key identifier:   BB:8A:E2:CB:32:58:A2:9B:68:FA:F2:9C:CE:95:FD:9F:70:D2:7C:89
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       018DF928AB19288FC90DB1CA100892A2A343
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/u4riyzJYopto-vKczpX9n3DSfIk.roa
Signing time:             Fri 01 Mar 2024 08:36:48 +0000
ROA not before:           Fri 01 Mar 2024 08:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48806
IP address blocks:        92.240.148.0/24 maxlen: 24
                          92.240.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:28:ab:19:28:8f:c9:0d:b1:ca:10:08:92:a2:a3:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Mar  1 08:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb8ae2cb3258a29b68faf29cce95fd9f70d27c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f4:f0:02:6d:bc:f7:83:cb:33:d3:77:89:e1:
                    00:03:2a:ba:d6:f5:5f:4b:e1:8c:43:a4:d9:25:54:
                    7d:78:df:3d:d5:86:6e:d6:92:39:91:5a:7a:1f:ee:
                    85:7e:c6:bb:d4:6b:f3:92:f0:6c:4d:d6:f0:d8:67:
                    48:df:89:8b:b7:b2:35:68:d7:1d:af:b3:e6:4d:aa:
                    a3:66:e6:44:6e:36:fd:13:dd:d5:66:58:cb:19:4c:
                    3e:1f:fa:15:a0:75:6d:33:4c:a8:ed:1b:1e:6c:04:
                    39:7b:55:d6:5c:5c:bc:58:5e:8e:a6:fb:91:f7:61:
                    4d:11:3a:e9:c8:70:ab:2f:f0:9e:9b:65:a7:c7:67:
                    ee:fd:4a:ef:9d:ae:90:23:4f:a3:90:72:a0:22:c2:
                    9b:6c:f3:ca:24:fa:58:6a:de:e5:e3:f6:65:12:9f:
                    aa:61:ee:d9:6d:3f:f1:c2:b2:0a:44:27:e1:86:a3:
                    4e:8c:f4:24:96:d5:e6:1f:5a:36:94:7d:18:94:53:
                    ae:53:18:bc:c1:09:a5:44:22:d8:a2:60:d0:76:75:
                    aa:a5:0d:88:89:5d:b9:72:e1:4e:5e:81:16:cf:12:
                    6d:25:3b:00:9d:19:f2:86:80:d3:95:02:c7:ab:d4:
                    88:38:44:76:24:73:10:4a:0c:04:a8:fc:9d:3a:a8:
                    7b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:8A:E2:CB:32:58:A2:9B:68:FA:F2:9C:CE:95:FD:9F:70:D2:7C:89
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/u4riyzJYopto-vKczpX9n3DSfIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.240.148.0/24
                  92.240.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:bc:db:05:0e:a8:5a:c3:d7:47:10:ad:17:58:49:2b:1e:b0:
         57:cc:08:12:0a:e8:1e:4e:f4:25:bb:5d:de:e6:8c:6b:4f:eb:
         18:a0:c4:cf:c5:b8:48:1a:8a:f1:cb:30:6f:f7:72:88:e0:08:
         b3:76:5a:c6:9d:e9:84:ac:ef:ea:aa:3e:6d:c5:2e:d4:a1:94:
         1f:82:2b:ab:2a:21:04:55:1e:bc:9b:3a:8c:b7:22:71:86:33:
         97:d0:e5:4f:2b:21:82:be:31:56:db:a1:97:1c:e2:7f:6c:34:
         d8:cd:b4:7c:22:b3:74:4a:2d:ca:92:7c:cd:7d:76:f5:83:6b:
         11:d2:24:80:ab:e2:a6:08:70:5d:77:ee:7f:cc:82:06:03:07:
         f4:62:0a:f2:41:b5:9a:4e:ef:f2:b6:57:f0:a8:9e:57:70:2b:
         80:03:49:d0:95:c1:c8:b7:b8:a4:01:e7:29:e2:79:12:a2:ad:
         5a:cf:49:70:c4:2a:5a:54:b4:f6:c9:b6:cf:1f:e3:da:fc:73:
         3f:60:9b:0f:da:41:42:27:f4:21:ab:79:0b:c0:bf:f0:29:5f:
         3d:91:2e:20:4d:0c:67:75:6b:c8:d6:1e:29:cd:ca:af:54:ac:
         0d:7a:f7:16:73:e0:00:ab:ee:48:91:f5:6f:d0:7c:6c:f2:6f:
         b7:70:95:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY35KKsZKI/JDbHKEAiSoqNDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwMzAxMDgzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjhhZTJjYjMyNThhMjliNjhmYWYyOWNjZTk1ZmQ5ZjcwZDI3Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/TwAm2894PLM9N3ieEAAyq61vVf
S+GMQ6TZJVR9eN891YZu1pI5kVp6H+6Ffsa71GvzkvBsTdbw2GdI34mLt7I1aNcd
r7PmTaqjZuZEbjb9E93VZljLGUw+H/oVoHVtM0yo7RsebAQ5e1XWXFy8WF6OpvuR
92FNETrpyHCrL/Cem2Wnx2fu/Urvna6QI0+jkHKgIsKbbPPKJPpYat7l4/ZlEp+q
Ye7ZbT/xwrIKRCfhhqNOjPQkltXmH1o2lH0YlFOuUxi8wQmlRCLYomDQdnWqpQ2I
iV25cuFOXoEWzxJtJTsAnRnyhoDTlQLHq9SIOER2JHMQSgwEqPydOqh7AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLuK4ssyWKKbaPrynM6V/Z9w0nyJMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvdTRyaXl6SllvcHRvLXZLY3pwWDluM0RTZklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXPCUAwQA
XPCWMA0GCSqGSIb3DQEBCwUAA4IBAQADvNsFDqhaw9dHEK0XWEkrHrBXzAgSCuge
TvQlu13e5oxrT+sYoMTPxbhIGorxyzBv93KI4AizdlrGnemErO/qqj5txS7UoZQf
giurKiEEVR68mzqMtyJxhjOX0OVPKyGCvjFW26GXHOJ/bDTYzbR8IrN0Si3KknzN
fXb1g2sR0iSAq+KmCHBdd+5/zIIGAwf0YgryQbWaTu/ytlfwqJ5XcCuAA0nQlcHI
t7ikAecp4nkSoq1az0lwxCpaVLT2ybbPH+Pa/HM/YJsP2kFCJ/Qhq3kLwL/wKV89
kS4gTQxndWvI1h4pzcqvVKwNevcWc+AAq+5IkfVv0Hxs8m+3cJXD
-----END CERTIFICATE-----