Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/f9b6b9-b787-4e28-b0bf-aa902dbae928/1/xHS7CIl-tV4ZtB1NDtzIs-bmxhI.roa
File:                     xHS7CIl-tV4ZtB1NDtzIs-bmxhI.roa (raw, json)
Hash identifier:          ZQRf0rvS23J/Ou6PR7e9zLVCqg2raqCC4fcyfjlN8k0=
Subject key identifier:   C4:74:BB:08:89:7E:B5:5E:19:B4:1D:4D:0E:DC:C8:B3:E6:E6:C6:12
Certificate issuer:       /CN=472cb288209900d1af1a998bb039ec757e493dd5
Certificate serial:       018CC94E52C3862CB85096472A4E2BC7FECF
Authority key identifier: 47:2C:B2:88:20:99:00:D1:AF:1A:99:8B:B0:39:EC:75:7E:49:3D:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyyyiCCZANGvGpmLsDnsdX5JPdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/f9b6b9-b787-4e28-b0bf-aa902dbae928/1/xHS7CIl-tV4ZtB1NDtzIs-bmxhI.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59650
IP address blocks:        92.240.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/f9b6b9-b787-4e28-b0bf-aa902dbae928/1/RyyyiCCZANGvGpmLsDnsdX5JPdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/f9b6b9-b787-4e28-b0bf-aa902dbae928/1/RyyyiCCZANGvGpmLsDnsdX5JPdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyyyiCCZANGvGpmLsDnsdX5JPdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:52:c3:86:2c:b8:50:96:47:2a:4e:2b:c7:fe:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=472cb288209900d1af1a998bb039ec757e493dd5
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c474bb08897eb55e19b41d4d0edcc8b3e6e6c612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0a:a3:01:54:d9:c8:43:fd:91:fb:a7:8a:94:
                    88:09:13:d4:42:b8:5b:f9:ca:81:cd:75:28:0c:a0:
                    e9:ba:b0:3d:87:6c:45:3a:74:ba:a6:17:d3:a8:eb:
                    41:54:79:0e:c7:77:76:56:12:af:6b:a8:fe:6c:8d:
                    a0:c4:80:8e:cb:96:67:e5:ce:5a:c2:a1:8b:d2:1e:
                    d0:84:b4:ed:e5:d9:bd:b3:e0:10:02:de:79:b1:93:
                    c0:77:cd:e5:93:37:1c:03:b8:08:70:06:96:ef:67:
                    d3:23:d2:41:26:fe:96:b0:2a:b8:d8:08:05:05:0f:
                    04:36:ef:83:37:af:28:70:8d:39:16:81:01:e7:b8:
                    b5:bc:8c:05:2b:86:28:ea:4d:7a:3c:57:21:1a:37:
                    7a:c2:a3:4d:8b:69:f3:26:45:33:fb:2b:c0:98:99:
                    0a:ef:5a:ae:5f:32:a8:39:b2:8e:16:2b:62:a1:59:
                    02:73:23:f5:83:62:e7:f5:1f:ba:bb:a1:d2:3e:f6:
                    c8:c0:79:94:d1:83:e6:91:a9:a8:72:c5:80:db:a8:
                    f4:51:06:1d:27:aa:3a:6a:85:bf:29:d4:e1:d0:6e:
                    8a:a9:eb:7d:1b:34:a8:f0:ff:e6:ae:f1:3f:c2:3c:
                    07:3b:a6:cb:45:d6:72:7e:97:17:9e:6f:a3:bf:0c:
                    9c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:74:BB:08:89:7E:B5:5E:19:B4:1D:4D:0E:DC:C8:B3:E6:E6:C6:12
            X509v3 Authority Key Identifier:
                keyid:47:2C:B2:88:20:99:00:D1:AF:1A:99:8B:B0:39:EC:75:7E:49:3D:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyyyiCCZANGvGpmLsDnsdX5JPdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/f9b6b9-b787-4e28-b0bf-aa902dbae928/1/xHS7CIl-tV4ZtB1NDtzIs-bmxhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/f9b6b9-b787-4e28-b0bf-aa902dbae928/1/RyyyiCCZANGvGpmLsDnsdX5JPdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.240.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:db:23:b9:48:14:68:04:e1:ca:13:6a:67:63:39:86:7b:7b:
         ad:92:5f:ac:b2:f3:09:38:14:55:38:82:9c:1e:23:b3:2d:64:
         04:5a:88:b1:0d:14:cd:d2:99:df:0f:bb:36:2a:1e:84:5d:2a:
         18:09:c8:84:89:a1:cf:9d:c2:a3:e3:d1:13:9a:77:24:5c:a1:
         cf:a7:ff:ae:34:e7:95:15:5b:44:49:ee:1f:82:cf:cd:41:4e:
         61:55:65:ce:ce:f5:50:6c:8e:11:d0:5e:70:22:33:9e:b6:f1:
         57:4c:a0:5d:19:c3:07:eb:c6:02:e0:09:2c:7a:e3:6c:e1:e0:
         a3:d4:e8:6a:39:d5:d9:4d:2c:aa:50:57:a9:20:f2:0c:e3:09:
         38:ba:a0:02:6d:f9:13:44:53:d7:9e:6f:c4:92:78:bc:76:19:
         0e:36:03:ff:c5:66:b7:2d:e1:a4:ad:e8:f7:b8:11:1b:90:c7:
         01:9f:cb:56:7e:ce:20:81:21:ae:e8:ea:30:ce:6b:ee:b3:01:
         d4:1d:ec:af:27:ae:7c:f7:4f:a6:48:c4:f8:59:59:ff:cb:7a:
         20:b4:ad:f6:8e:50:5b:79:ce:82:a0:bb:de:34:aa:03:26:3e:
         f0:69:dd:9b:0c:f2:e5:97:c0:57:b5:f5:f1:11:3e:71:78:6c:
         6b:41:5f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlLDhiy4UJZHKk4rx/7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MmNiMjg4MjA5OTAwZDFhZjFhOTk4YmIwMzllYzc1N2U0
OTNkZDUwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc0YmIwODg5N2ViNTVlMTliNDFkNGQwZWRjYzhiM2U2ZTZjNjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAqjAVTZyEP9kfunipSICRPUQrhb
+cqBzXUoDKDpurA9h2xFOnS6phfTqOtBVHkOx3d2VhKva6j+bI2gxICOy5Zn5c5a
wqGL0h7QhLTt5dm9s+AQAt55sZPAd83lkzccA7gIcAaW72fTI9JBJv6WsCq42AgF
BQ8ENu+DN68ocI05FoEB57i1vIwFK4Yo6k16PFchGjd6wqNNi2nzJkUz+yvAmJkK
71quXzKoObKOFitioVkCcyP1g2Ln9R+6u6HSPvbIwHmU0YPmkamocsWA26j0UQYd
J6o6aoW/KdTh0G6Kqet9GzSo8P/mrvE/wjwHO6bLRdZyfpcXnm+jvwycTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMR0uwiJfrVeGbQdTQ7cyLPm5sYSMB8GA1UdIwQY
MBaAFEcssoggmQDRrxqZi7A57HV+ST3VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnl5eWlDQ1pBTkd2R3BtTHNEbnNkWDVKUGRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9mOWI2YjktYjc4Ny00ZTI4LWIwYmYt
YWE5MDJkYmFlOTI4LzEveEhTN0NJbC10VjRadEIxTkR0eklzLWJteGhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9mOWI2YjktYjc4Ny00ZTI4LWIwYmYtYWE5MDJkYmFlOTI4
LzEvUnl5eWlDQ1pBTkd2R3BtTHNEbnNkWDVKUGRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXPCYMA0G
CSqGSIb3DQEBCwUAA4IBAQAv2yO5SBRoBOHKE2pnYzmGe3utkl+ssvMJOBRVOIKc
HiOzLWQEWoixDRTN0pnfD7s2Kh6EXSoYCciEiaHPncKj49ETmnckXKHPp/+uNOeV
FVtESe4fgs/NQU5hVWXOzvVQbI4R0F5wIjOetvFXTKBdGcMH68YC4AkseuNs4eCj
1OhqOdXZTSyqUFepIPIM4wk4uqACbfkTRFPXnm/Ekni8dhkONgP/xWa3LeGkrej3
uBEbkMcBn8tWfs4ggSGu6OowzmvuswHUHeyvJ65890+mSMT4WVn/y3ogtK32jlBb
ec6CoLveNKoDJj7wad2bDPLll8BXtfXxET5xeGxrQV+w
-----END CERTIFICATE-----