Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/9kFJ2W7InaLmC_aOmFE_6PygKqg.roa
File:                     9kFJ2W7InaLmC_aOmFE_6PygKqg.roa (raw, json)
Hash identifier:          Ani09OdB4wyQ5PGfj44AMSGFgKvXeTBjL5s+5BH6hN8=
Subject key identifier:   F6:41:49:D9:6E:C8:9D:A2:E6:0B:F6:8E:98:51:3F:E8:FC:A0:2A:A8
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2C9B2485BB09EE20FBFFB8E00E06
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/9kFJ2W7InaLmC_aOmFE_6PygKqg.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        92.119.164.0/22 maxlen: 22
                          77.83.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2c:9b:24:85:bb:09:ee:20:fb:ff:b8:e0:0e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f64149d96ec89da2e60bf68e98513fe8fca02aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:77:d8:02:15:e2:78:b9:f1:55:d3:1d:3b:57:
                    ef:8a:bf:e1:f7:49:a7:38:68:a1:eb:c2:6f:2c:8c:
                    1f:88:9b:9f:e3:a2:49:d9:4d:2b:52:97:80:19:f7:
                    d0:d9:07:4e:7d:65:2a:77:3a:81:4d:9a:4e:cf:7a:
                    28:b1:c6:6a:13:c4:e8:ed:d7:0a:13:0e:71:d9:91:
                    d6:0c:58:45:18:be:7d:bd:c6:38:64:69:43:e2:db:
                    99:f2:ad:ce:52:23:76:dd:98:3f:7a:a9:30:0e:38:
                    ee:5c:c1:ac:8c:c7:3e:7b:8d:48:e4:bb:2c:2b:99:
                    04:b1:6f:d0:c6:9f:af:00:64:a8:2f:a6:c8:8f:fe:
                    54:7f:16:a9:9e:02:ad:ea:23:1c:3e:d6:bf:73:09:
                    ab:d7:ba:82:8c:e3:3f:8c:48:c2:a3:6e:02:57:f4:
                    33:b3:96:d6:e2:36:da:ac:ef:14:93:2f:39:5b:b5:
                    e7:b2:72:61:39:fa:b9:95:50:f6:3e:4a:32:32:bf:
                    45:75:db:fd:ba:ee:07:f3:60:56:a8:b4:94:4a:ac:
                    f8:f5:0b:48:9a:1e:c4:68:8d:44:0c:f6:c5:58:50:
                    97:a1:04:94:45:18:b9:53:90:80:e9:57:c9:eb:4d:
                    e0:12:a9:30:8e:19:f9:d0:7c:ec:8b:a9:2a:5b:e9:
                    b8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:41:49:D9:6E:C8:9D:A2:E6:0B:F6:8E:98:51:3F:E8:FC:A0:2A:A8
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/9kFJ2W7InaLmC_aOmFE_6PygKqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.32.0/22
                  92.119.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:5a:47:bc:f2:6c:b6:c1:fb:1e:94:52:88:38:c9:8e:b2:62:
         a7:2f:a4:40:bb:dc:92:f1:e2:ef:ab:46:04:05:c3:db:30:30:
         56:d0:bd:76:57:34:59:f0:11:83:30:6c:ca:f2:55:62:2e:ce:
         20:a6:f3:91:bf:3b:ab:c9:cc:30:2c:cb:be:43:6e:2a:8a:c2:
         50:9e:d0:bb:72:91:2a:5d:d1:b9:61:72:1c:73:cc:11:09:e0:
         cb:bd:ca:b2:54:cb:64:a3:de:e7:35:87:6e:e1:d3:7f:f7:ff:
         83:e0:e8:fb:cb:55:9f:e9:00:96:19:cc:d0:b0:44:fb:7b:d2:
         62:5c:66:db:2a:82:86:26:1d:4c:fd:04:47:6a:b3:2c:76:31:
         d4:79:ca:48:a9:ed:8d:5e:8a:1c:bd:0c:b7:38:e2:74:97:e6:
         44:43:82:17:7d:8f:7f:29:ca:a9:23:ec:24:b5:1c:45:ed:d1:
         d4:f9:1e:c8:33:72:f8:b4:56:7a:c6:cd:e8:c3:08:00:c2:2c:
         06:38:26:a8:3d:d0:0d:a4:0e:45:43:78:72:17:11:f6:01:64:
         1e:9a:74:04:b4:52:b3:0f:ca:e3:d2:39:dc:e7:3d:2d:f0:d4:
         35:3d:b8:58:d5:1e:01:11:7f:4f:83:4a:87:7e:6d:a4:83:34:
         65:f4:5a:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTiybJIW7Ce4g+/+44A4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQxNDlkOTZlYzg5ZGEyZTYwYmY2OGU5ODUxM2ZlOGZjYTAyYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHfYAhXieLnxVdMdO1fvir/h90mn
OGih68JvLIwfiJuf46JJ2U0rUpeAGffQ2QdOfWUqdzqBTZpOz3ooscZqE8To7dcK
Ew5x2ZHWDFhFGL59vcY4ZGlD4tuZ8q3OUiN23Zg/eqkwDjjuXMGsjMc+e41I5Lss
K5kEsW/Qxp+vAGSoL6bIj/5UfxapngKt6iMcPta/cwmr17qCjOM/jEjCo24CV/Qz
s5bW4jbarO8Uky85W7XnsnJhOfq5lVD2PkoyMr9Fddv9uu4H82BWqLSUSqz49QtI
mh7EaI1EDPbFWFCXoQSURRi5U5CA6VfJ603gEqkwjhn50Hzsi6kqW+m4zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPZBSdluyJ2i5gv2jphRP+j8oCqoMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvOWtGSjJXN0luYUxtQ19hT21GRV82UHlnS3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTVMgAwQC
XHekMA0GCSqGSIb3DQEBCwUAA4IBAQBHWke88my2wfselFKIOMmOsmKnL6RAu9yS
8eLvq0YEBcPbMDBW0L12VzRZ8BGDMGzK8lViLs4gpvORvzurycwwLMu+Q24qisJQ
ntC7cpEqXdG5YXIcc8wRCeDLvcqyVMtko97nNYdu4dN/9/+D4Oj7y1Wf6QCWGczQ
sET7e9JiXGbbKoKGJh1M/QRHarMsdjHUecpIqe2NXoocvQy3OOJ0l+ZEQ4IXfY9/
KcqpI+wktRxF7dHU+R7IM3L4tFZ6xs3owwgAwiwGOCaoPdANpA5FQ3hyFxH2AWQe
mnQEtFKzD8rj0jnc5z0t8NQ1PbhY1R4BEX9Pg0qHfm2kgzRl9Foh
-----END CERTIFICATE-----