Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/XMUOh6ctfXaftB95dgu-pMfMmdw.roa
File:                     XMUOh6ctfXaftB95dgu-pMfMmdw.roa (raw, json)
Hash identifier:          krjJw5tLo29BgwV+AeVHnbIjWwv043Jk6MTDgZgyf3s=
Subject key identifier:   5C:C5:0E:87:A7:2D:7D:76:9F:B4:1F:79:76:0B:BE:A4:C7:CC:99:DC
Certificate issuer:       /CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
Certificate serial:       018D9E63452309A25A368D412C2EA0096775
Authority key identifier: 66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/XMUOh6ctfXaftB95dgu-pMfMmdw.roa
Signing time:             Mon 12 Feb 2024 17:35:22 +0000
ROA not before:           Mon 12 Feb 2024 17:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51268
IP address blocks:        92.63.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9e:63:45:23:09:a2:5a:36:8d:41:2c:2e:a0:09:67:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
        Validity
            Not Before: Feb 12 17:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cc50e87a72d7d769fb41f79760bbea4c7cc99dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f3:02:7a:fe:94:34:3b:09:8a:c3:e9:6d:fc:
                    2f:a9:76:07:cb:2b:6e:1c:6f:f6:66:fa:7a:8a:2c:
                    fa:4a:6f:31:01:4e:b4:d7:38:cc:b5:5e:8f:36:ed:
                    49:25:a9:48:fe:04:a6:60:50:41:e1:50:97:1b:84:
                    43:5a:c1:d9:61:e9:39:c7:e1:ba:58:e9:6a:98:88:
                    1e:62:be:eb:15:ce:f4:1c:9a:ed:a1:9d:c2:ea:53:
                    fb:af:02:c1:7d:6c:ae:81:d8:b4:85:2c:42:bd:16:
                    99:14:c8:11:4b:3b:76:93:af:7c:bb:df:4a:ad:8f:
                    c6:ac:8f:7e:47:de:a7:04:27:75:22:0b:d1:ac:39:
                    f7:ce:ff:0d:bc:bc:b7:10:38:d4:2f:85:ba:1e:ba:
                    79:3f:f9:e2:30:e5:bf:00:86:23:19:4f:60:59:62:
                    70:08:eb:83:d7:a5:b9:2c:02:23:e2:ad:28:f8:69:
                    87:22:63:e7:00:89:62:5b:59:75:a0:d4:2c:2d:b4:
                    01:2b:e4:23:db:54:5c:2a:69:f3:12:12:d8:f8:1e:
                    bc:b6:ff:9b:8e:98:f0:3d:97:71:c2:0a:b2:c0:88:
                    76:bc:f7:83:07:33:a5:95:4e:47:b2:70:20:6d:31:
                    26:64:16:c0:33:11:e5:46:94:a4:f1:a0:5b:29:f0:
                    8b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C5:0E:87:A7:2D:7D:76:9F:B4:1F:79:76:0B:BE:A4:C7:CC:99:DC
            X509v3 Authority Key Identifier:
                keyid:66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/XMUOh6ctfXaftB95dgu-pMfMmdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:6b:82:0b:c6:9b:84:c2:69:b2:02:4c:ec:7f:e5:cb:df:55:
         88:a4:19:b1:1f:62:dd:a8:fd:62:82:30:21:07:6d:25:ee:f0:
         85:4f:2b:67:bd:04:52:38:e4:e9:8b:11:59:ab:1b:8d:c0:c5:
         25:10:d2:60:ee:f2:a8:e0:8c:aa:a6:2d:bf:54:d8:56:b7:c5:
         dc:a0:b9:3f:de:ba:25:5a:37:f0:87:3f:cb:c3:e1:59:a2:f3:
         28:47:4a:d4:97:6f:14:9d:3c:f6:30:1a:67:1a:45:71:f0:f1:
         3a:ae:bb:22:3a:a9:4f:31:ae:f4:a0:a2:84:33:72:91:39:fe:
         0b:6f:32:e8:f1:bd:7a:ac:82:cd:8b:70:2b:2a:94:cd:a7:dd:
         af:88:8f:01:98:77:16:d2:ef:8f:20:dd:77:c2:9a:80:3e:27:
         7d:6e:4b:b2:ff:fb:46:1f:68:2f:b8:38:d5:d7:38:70:a9:2e:
         71:0e:b0:ad:45:bd:e2:ca:df:fc:ee:e7:37:b9:39:54:5b:d4:
         f5:02:e8:e2:e0:73:7a:2c:06:26:1e:11:cf:c1:09:2b:44:de:
         1b:3e:3c:e6:2f:5f:c5:91:3e:4b:f6:6c:8d:72:62:17:47:31:
         8d:73:14:10:2f:91:b4:c0:a7:9e:4a:45:d2:c1:cd:09:6a:d3:
         42:af:e8:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2eY0UjCaJaNo1BLC6gCWd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTA0ZTRmN2Q5ZjM4ZDhlMjJhMmQzMmJlMDE5MDMxOTMw
YzFhNDcwHhcNMjQwMjEyMTczNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2M1MGU4N2E3MmQ3ZDc2OWZiNDFmNzk3NjBiYmVhNGM3Y2M5OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPMCev6UNDsJisPpbfwvqXYHyytu
HG/2Zvp6iiz6Sm8xAU601zjMtV6PNu1JJalI/gSmYFBB4VCXG4RDWsHZYek5x+G6
WOlqmIgeYr7rFc70HJrtoZ3C6lP7rwLBfWyugdi0hSxCvRaZFMgRSzt2k698u99K
rY/GrI9+R96nBCd1IgvRrDn3zv8NvLy3EDjUL4W6Hrp5P/niMOW/AIYjGU9gWWJw
COuD16W5LAIj4q0o+GmHImPnAIliW1l1oNQsLbQBK+Qj21RcKmnzEhLY+B68tv+b
jpjwPZdxwgqywIh2vPeDBzOllU5HsnAgbTEmZBbAMxHlRpSk8aBbKfCL2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzFDoenLX12n7QfeXYLvqTHzJncMB8GA1UdIwQY
MBaAFGYQTk99nzjY4iotMr4BkDGTDBpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQt
NDc0NzJlZDNiZWNiLzEvWE1VT2g2Y3RmWGFmdEI5NWRndS1wTWZNbWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQtNDc0NzJlZDNiZWNi
LzEvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD9eMA0G
CSqGSIb3DQEBCwUAA4IBAQAva4ILxpuEwmmyAkzsf+XL31WIpBmxH2LdqP1igjAh
B20l7vCFTytnvQRSOOTpixFZqxuNwMUlENJg7vKo4Iyqpi2/VNhWt8XcoLk/3rol
Wjfwhz/Lw+FZovMoR0rUl28UnTz2MBpnGkVx8PE6rrsiOqlPMa70oKKEM3KROf4L
bzLo8b16rILNi3ArKpTNp92viI8BmHcW0u+PIN13wpqAPid9bkuy//tGH2gvuDjV
1zhwqS5xDrCtRb3iyt/87uc3uTlUW9T1Auji4HN6LAYmHhHPwQkrRN4bPjzmL1/F
kT5L9myNcmIXRzGNcxQQL5G0wKeeSkXSwc0JatNCr+jS
-----END CERTIFICATE-----