Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/Rvoozr9-AEirIvl3H78yEjywI3M.roa
File:                     Rvoozr9-AEirIvl3H78yEjywI3M.roa (raw, json)
Hash identifier:          C8PH+7JgTNI/2g3gAC+RhVDcD73858pmRmw+QrCbn9g=
Subject key identifier:   46:FA:28:CE:BF:7E:00:48:AB:22:F9:77:1F:BF:32:12:3C:B0:23:73
Certificate issuer:       /CN=d5a2196ef119221155e1683f8967d254625dae71
Certificate serial:       0194258F3A34D5531A3F82C43C94C3BBAA92
Authority key identifier: D5:A2:19:6E:F1:19:22:11:55:E1:68:3F:89:67:D2:54:62:5D:AE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/Rvoozr9-AEirIvl3H78yEjywI3M.roa
Signing time:             Thu 02 Jan 2025 05:48:51 +0000
ROA not before:           Thu 02 Jan 2025 05:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49081
IP address blocks:        188.92.32.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3a:34:d5:53:1a:3f:82:c4:3c:94:c3:bb:aa:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5a2196ef119221155e1683f8967d254625dae71
        Validity
            Not Before: Jan  2 05:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46fa28cebf7e0048ab22f9771fbf32123cb02373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d1:c4:e2:93:9d:a3:7f:5c:47:60:33:27:8f:
                    78:90:fa:97:99:93:64:06:ad:f5:e1:ab:ef:ed:dc:
                    76:39:4d:8f:95:6e:e7:5d:4d:61:65:da:d7:37:07:
                    9e:0f:43:10:86:15:f0:0d:75:38:8e:f9:a6:de:d6:
                    bf:37:43:8c:9b:aa:d7:84:57:f8:62:e3:58:f0:4f:
                    7a:c3:b2:05:78:74:fb:24:2d:ec:e3:4d:bd:96:8a:
                    dd:db:c7:c5:01:53:ab:77:61:e7:48:4f:f3:3a:ad:
                    e9:da:d3:99:8b:e8:d5:85:27:24:0a:a9:aa:de:93:
                    a4:14:67:09:72:07:8d:93:e5:02:ae:e8:50:cf:70:
                    67:66:7c:83:21:d2:ae:14:d4:89:5c:41:4f:f3:33:
                    0b:44:c7:89:9f:fa:b2:07:a6:7e:4e:54:19:53:ce:
                    4b:3a:f4:1e:02:44:9c:e1:3d:44:a8:76:51:89:74:
                    df:48:ae:d2:12:0b:42:81:cc:c2:66:10:23:95:3b:
                    bb:23:29:bd:21:5f:fd:28:f3:ab:af:e1:50:9c:49:
                    7c:3f:50:6b:10:8d:5e:19:8f:41:9d:23:77:3b:57:
                    17:e1:80:ee:8a:9f:a7:7c:b9:f2:c9:25:e4:b4:8a:
                    2b:d0:2a:48:2c:4e:58:5d:6a:c9:5b:02:46:3d:ee:
                    5d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FA:28:CE:BF:7E:00:48:AB:22:F9:77:1F:BF:32:12:3C:B0:23:73
            X509v3 Authority Key Identifier:
                keyid:D5:A2:19:6E:F1:19:22:11:55:E1:68:3F:89:67:D2:54:62:5D:AE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/Rvoozr9-AEirIvl3H78yEjywI3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         50:1c:22:aa:3a:11:1c:03:82:5f:e8:37:6c:0b:59:ad:81:50:
         35:5c:55:8d:0e:33:b7:e9:98:7d:17:37:3a:4e:43:ee:0c:04:
         34:33:9b:83:9a:19:86:62:1f:ea:87:e4:39:48:89:12:29:3c:
         df:bd:96:98:a4:ec:5a:d8:cf:c9:d8:16:66:9d:d9:ab:4e:09:
         eb:f7:56:66:eb:c2:43:a8:9a:53:84:97:da:7e:7b:a7:2d:52:
         4b:41:ea:bf:f9:00:2a:98:61:a5:48:c0:c5:2e:0a:ec:65:2e:
         e6:00:cd:ba:7e:98:74:33:71:86:63:35:a1:16:af:e6:38:ae:
         7b:e7:37:ce:36:13:c9:c0:b0:f6:1a:f0:71:9c:7c:17:8b:ed:
         7a:91:8c:22:9f:05:fe:fd:d4:3c:02:1c:d8:d2:c7:b6:b3:66:
         12:cc:5e:4b:36:8d:a1:c8:ee:a6:27:05:f4:28:45:fa:a9:88:
         ab:90:2f:ac:24:aa:54:7c:1e:41:d5:fa:e0:b3:48:23:b5:65:
         49:90:13:5e:2c:82:b2:93:ad:e4:5d:b5:57:cd:d2:cf:b3:69:
         d8:3a:59:00:40:46:56:9f:1b:03:4e:a3:bd:d5:b0:01:20:54:
         41:30:55:29:cc:79:50:ca:c4:ea:97:96:49:17:34:be:cc:8f:
         5c:68:4f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzo01VMaP4LEPJTDu6qSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YTIxOTZlZjExOTIyMTE1NWUxNjgzZjg5NjdkMjU0NjI1
ZGFlNzEwHhcNMjUwMTAyMDU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZhMjhjZWJmN2UwMDQ4YWIyMmY5NzcxZmJmMzIxMjNjYjAyMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9HE4pOdo39cR2AzJ494kPqXmZNk
Bq314avv7dx2OU2PlW7nXU1hZdrXNweeD0MQhhXwDXU4jvmm3ta/N0OMm6rXhFf4
YuNY8E96w7IFeHT7JC3s4029lord28fFAVOrd2HnSE/zOq3p2tOZi+jVhSckCqmq
3pOkFGcJcgeNk+UCruhQz3BnZnyDIdKuFNSJXEFP8zMLRMeJn/qyB6Z+TlQZU85L
OvQeAkSc4T1EqHZRiXTfSK7SEgtCgczCZhAjlTu7Iym9IV/9KPOrr+FQnEl8P1Br
EI1eGY9BnSN3O1cX4YDuip+nfLnyySXktIor0CpILE5YXWrJWwJGPe5dswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb6KM6/fgBIqyL5dx+/MhI8sCNzMB8GA1UdIwQY
MBaAFNWiGW7xGSIRVeFoP4ln0lRiXa5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFJWmJ2RVpJaEZWNFdnX2lXZlNWR0pkcm5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iMDYzMzctNjUxNy00MDBiLThjYjUt
N2FmYTBiY2Q3OTc2LzEvUnZvb3pyOS1BRWlySXZsM0g3OHlFanl3STNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iMDYzMzctNjUxNy00MDBiLThjYjUtN2FmYTBiY2Q3OTc2
LzEvMWFJWmJ2RVpJaEZWNFdnX2lXZlNWR0pkcm5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvFwgMA0G
CSqGSIb3DQEBCwUAA4IBAQBQHCKqOhEcA4Jf6DdsC1mtgVA1XFWNDjO36Zh9Fzc6
TkPuDAQ0M5uDmhmGYh/qh+Q5SIkSKTzfvZaYpOxa2M/J2BZmndmrTgnr91Zm68JD
qJpThJfafnunLVJLQeq/+QAqmGGlSMDFLgrsZS7mAM26fph0M3GGYzWhFq/mOK57
5zfONhPJwLD2GvBxnHwXi+16kYwinwX+/dQ8AhzY0se2s2YSzF5LNo2hyO6mJwX0
KEX6qYirkC+sJKpUfB5B1frgs0gjtWVJkBNeLIKyk63kXbVXzdLPs2nYOlkAQEZW
nxsDTqO91bABIFRBMFUpzHlQysTql5ZJFzS+zI9caE8d
-----END CERTIFICATE-----