Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Xk0EHMR33ufEbEJsT5YWcgVsKlk.roa
File:                     Xk0EHMR33ufEbEJsT5YWcgVsKlk.roa (raw, json)
Hash identifier:          1Wi8X+5Wq/vwzXiMLgBQeFQWOMUcCxPhQytBbpG02jY=
Subject key identifier:   5E:4D:04:1C:C4:77:DE:E7:C4:6C:42:6C:4F:96:16:72:05:6C:2A:59
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0191363A2100F0DCED93F78F9521240D823F
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Xk0EHMR33ufEbEJsT5YWcgVsKlk.roa
Signing time:             Fri 09 Aug 2024 08:21:04 +0000
ROA not before:           Fri 09 Aug 2024 08:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        92.119.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:3a:21:00:f0:dc:ed:93:f7:8f:95:21:24:0d:82:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Aug  9 08:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e4d041cc477dee7c46c426c4f961672056c2a59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:27:84:ed:b0:9d:ae:ee:68:f6:4a:2b:0f:25:
                    c7:25:99:cb:00:9f:95:9b:f2:98:73:54:89:21:58:
                    d4:80:5f:5f:40:91:7d:af:c0:97:61:d6:06:1f:26:
                    98:2d:f8:c8:11:71:54:a0:57:46:c0:0a:c4:94:69:
                    7b:28:7d:0c:e6:3a:cd:f7:5e:64:56:64:65:4e:04:
                    eb:29:52:ed:57:b3:47:33:6d:d5:c1:70:11:8e:71:
                    31:4d:c6:14:0b:2c:6a:33:0b:25:e1:1a:35:db:f5:
                    93:79:85:44:af:5c:f6:e4:5e:66:18:7b:76:6f:50:
                    97:a7:08:8b:11:f8:56:5a:a4:27:d2:2a:fd:65:8a:
                    57:12:c5:24:bb:f7:47:45:df:26:44:17:d2:cd:20:
                    df:e7:6f:f4:e3:90:1d:40:2b:df:af:0d:d6:75:d6:
                    54:64:68:6a:37:b5:c5:b1:9d:74:83:95:2d:82:da:
                    29:93:28:b7:35:4f:26:43:f2:1d:6c:d8:c4:83:18:
                    ba:13:8a:2c:1b:20:fd:5c:d8:d1:0f:41:51:ee:a3:
                    82:eb:18:54:e7:6a:cb:53:09:76:7c:d7:c0:29:f2:
                    86:80:73:06:9f:67:8e:e9:ad:8d:fb:22:51:40:80:
                    53:7a:5e:69:e8:87:83:ab:de:e8:da:c9:01:a9:da:
                    13:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4D:04:1C:C4:77:DE:E7:C4:6C:42:6C:4F:96:16:72:05:6C:2A:59
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/Xk0EHMR33ufEbEJsT5YWcgVsKlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:f4:f9:67:7e:a2:33:93:fc:d9:1c:3d:f5:ff:b9:ef:ac:a4:
         f6:06:8b:dd:d9:cb:c7:4a:40:8c:c3:50:3f:da:56:2a:4a:3f:
         06:5b:8c:ca:e1:0a:30:54:89:71:78:23:e0:7d:39:c1:b5:3e:
         d9:f0:65:8e:7d:f3:aa:5f:9b:8a:e7:52:c1:b8:06:32:4a:73:
         a5:29:d7:60:31:ec:f0:9d:8b:29:41:57:a1:47:68:4a:ac:00:
         e9:44:f2:fa:50:ad:45:82:c8:5d:f5:e9:bb:04:e7:ef:e4:13:
         50:55:31:3f:5b:c7:b8:47:40:a0:c4:9c:7f:8c:54:a0:b1:51:
         5b:2b:a1:d7:2f:48:16:f4:dd:f6:f7:93:7e:bb:26:28:d6:c0:
         0c:56:50:9e:7a:23:a1:8a:6e:ca:df:5d:a9:f9:a2:8d:db:a8:
         83:ab:45:69:07:6f:cc:d0:ba:0a:84:bb:df:a2:7b:a0:98:72:
         56:3f:6d:1f:e6:18:b7:2b:ea:51:ae:c5:c2:ed:ed:55:03:29:
         b3:ec:d1:b1:ee:f2:ec:de:cf:ea:42:08:e1:69:62:ba:73:a7:
         66:48:c6:6a:ce:8e:ed:33:e1:b6:3d:a8:f2:67:ac:bb:c9:4a:
         f4:0e:e8:9c:c6:ba:a5:d5:f5:44:c8:33:a3:e0:88:93:19:0b:
         96:cf:3c:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE2OiEA8Nztk/ePlSEkDYI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwODA5MDgyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRkMDQxY2M0NzdkZWU3YzQ2YzQyNmM0Zjk2MTY3MjA1NmMyYTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSeE7bCdru5o9korDyXHJZnLAJ+V
m/KYc1SJIVjUgF9fQJF9r8CXYdYGHyaYLfjIEXFUoFdGwArElGl7KH0M5jrN915k
VmRlTgTrKVLtV7NHM23VwXARjnExTcYUCyxqMwsl4Ro12/WTeYVEr1z25F5mGHt2
b1CXpwiLEfhWWqQn0ir9ZYpXEsUku/dHRd8mRBfSzSDf52/045AdQCvfrw3WddZU
ZGhqN7XFsZ10g5Utgtopkyi3NU8mQ/IdbNjEgxi6E4osGyD9XNjRD0FR7qOC6xhU
52rLUwl2fNfAKfKGgHMGn2eO6a2N+yJRQIBTel5p6IeDq97o2skBqdoThQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5NBBzEd97nxGxCbE+WFnIFbCpZMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvWGswRUhNUjMzdWZFYkVKc1Q1WVdjZ1ZzS2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHekMA0G
CSqGSIb3DQEBCwUAA4IBAQAb9PlnfqIzk/zZHD31/7nvrKT2Bovd2cvHSkCMw1A/
2lYqSj8GW4zK4QowVIlxeCPgfTnBtT7Z8GWOffOqX5uK51LBuAYySnOlKddgMezw
nYspQVehR2hKrADpRPL6UK1Fgshd9em7BOfv5BNQVTE/W8e4R0CgxJx/jFSgsVFb
K6HXL0gW9N3295N+uyYo1sAMVlCeeiOhim7K312p+aKN26iDq0VpB2/M0LoKhLvf
onugmHJWP20f5hi3K+pRrsXC7e1VAymz7NGx7vLs3s/qQgjhaWK6c6dmSMZqzo7t
M+G2PajyZ6y7yUr0Duicxrql1fVEyDOj4IiTGQuWzzwI
-----END CERTIFICATE-----