Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hLFIW0a5maXnQGuM5NgE27c9lJo.roa
File:                     hLFIW0a5maXnQGuM5NgE27c9lJo.roa (raw, json)
Hash identifier:          Wh6/FvR7sIKlRF6W4OwcoOyV/V3rE23qa/+xGPt4eyg=
Subject key identifier:   84:B1:48:5B:46:B9:99:A5:E7:40:6B:8C:E4:D8:04:DB:B7:3D:94:9A
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0191363A2066BF551D93439724C4442DEC69
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hLFIW0a5maXnQGuM5NgE27c9lJo.roa
Signing time:             Fri 09 Aug 2024 08:21:04 +0000
ROA not before:           Fri 09 Aug 2024 08:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        92.119.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:3a:20:66:bf:55:1d:93:43:97:24:c4:44:2d:ec:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Aug  9 08:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84b1485b46b999a5e7406b8ce4d804dbb73d949a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ce:fa:95:e8:2d:87:58:c5:27:7d:15:53:3c:
                    1b:11:96:6f:3a:07:b1:39:54:84:ed:5d:f3:35:1a:
                    b4:92:07:d3:5e:82:dc:17:8f:60:cf:c4:41:72:95:
                    f1:58:90:11:e6:4d:08:d5:50:dd:48:bf:90:d2:c8:
                    65:6c:16:17:91:e5:f6:e3:8a:e5:de:7f:a9:3c:43:
                    27:4e:cb:26:10:b9:6b:49:66:e0:f7:74:81:1c:50:
                    d7:63:ef:d5:3e:3d:c7:17:20:ee:f6:72:43:e8:5a:
                    51:9e:31:15:7b:1b:72:81:d4:a6:55:0b:8d:37:e2:
                    ba:9e:09:87:3e:53:6d:89:b8:5b:b4:d8:e6:2a:88:
                    33:b1:47:97:14:bf:02:2a:1e:3d:2d:d5:a1:d6:41:
                    1b:00:4a:03:db:44:41:9a:64:aa:bc:ad:d3:b0:14:
                    68:2c:f7:38:d1:87:3e:b4:24:66:fa:fd:dc:fe:58:
                    42:7d:df:e0:31:e7:db:d8:2e:d5:32:bd:1e:41:22:
                    59:eb:c6:81:48:6e:8d:ef:3f:1b:14:e0:71:ab:ce:
                    65:6a:0d:5d:73:b9:04:fd:6f:72:29:13:62:63:d2:
                    ca:70:41:49:64:72:bc:2d:f1:7d:c1:1b:cf:3d:72:
                    d6:91:38:ea:50:c7:59:7e:6f:8b:21:d0:cc:bd:08:
                    80:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B1:48:5B:46:B9:99:A5:E7:40:6B:8C:E4:D8:04:DB:B7:3D:94:9A
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/hLFIW0a5maXnQGuM5NgE27c9lJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:13:bd:64:73:cb:70:c0:a6:12:11:5e:4b:eb:50:3c:87:6b:
         a0:a1:e4:c4:bf:71:63:c2:cb:04:74:99:d1:00:00:22:72:24:
         5f:10:cb:49:e7:61:7f:2e:ad:c5:7b:f3:3a:e2:27:52:56:b3:
         9c:6b:12:eb:c8:b3:51:52:14:47:1a:39:72:fe:31:da:49:a9:
         7f:36:23:0b:97:23:18:2a:9a:ef:5c:da:53:e7:fa:47:62:a0:
         f8:30:a8:43:d7:33:25:c9:d9:79:19:03:4b:43:d9:1a:f5:01:
         fe:17:60:ec:ba:46:1a:35:38:d6:be:14:07:df:d8:29:5b:c3:
         b0:00:bf:e6:b2:fb:f9:3e:a6:1a:0a:9e:35:c7:77:81:de:c2:
         ae:3a:81:a2:ed:e1:0b:4a:29:8c:e3:72:f2:86:98:60:f6:fd:
         2c:a0:fd:f2:64:eb:bf:48:ac:34:96:d8:9d:c5:13:a3:10:5d:
         15:18:92:2f:90:9f:65:6b:87:71:f9:79:f5:1f:e4:86:46:d3:
         b1:03:32:06:16:70:a1:ea:65:b1:22:2b:a1:f6:1e:f0:22:a1:
         14:b5:4d:9e:4f:3d:42:6e:3a:cd:f7:32:83:fe:6a:05:f9:e7:
         ea:9e:63:3b:ea:b5:b0:80:f4:c0:21:46:e8:c4:c4:82:89:77:
         b7:90:6c:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE2OiBmv1Udk0OXJMRELexpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwODA5MDgyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGIxNDg1YjQ2Yjk5OWE1ZTc0MDZiOGNlNGQ4MDRkYmI3M2Q5NDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzM76legth1jFJ30VUzwbEZZvOgex
OVSE7V3zNRq0kgfTXoLcF49gz8RBcpXxWJAR5k0I1VDdSL+Q0shlbBYXkeX244rl
3n+pPEMnTssmELlrSWbg93SBHFDXY+/VPj3HFyDu9nJD6FpRnjEVextygdSmVQuN
N+K6ngmHPlNtibhbtNjmKogzsUeXFL8CKh49LdWh1kEbAEoD20RBmmSqvK3TsBRo
LPc40Yc+tCRm+v3c/lhCfd/gMefb2C7VMr0eQSJZ68aBSG6N7z8bFOBxq85lag1d
c7kE/W9yKRNiY9LKcEFJZHK8LfF9wRvPPXLWkTjqUMdZfm+LIdDMvQiA1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISxSFtGuZml50BrjOTYBNu3PZSaMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvaExGSVcwYTVtYVhuUUd1TTVOZ0UyN2M5bEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHekMA0G
CSqGSIb3DQEBCwUAA4IBAQCJE71kc8twwKYSEV5L61A8h2ugoeTEv3FjwssEdJnR
AAAiciRfEMtJ52F/Lq3Fe/M64idSVrOcaxLryLNRUhRHGjly/jHaSal/NiMLlyMY
KprvXNpT5/pHYqD4MKhD1zMlydl5GQNLQ9ka9QH+F2DsukYaNTjWvhQH39gpW8Ow
AL/msvv5PqYaCp41x3eB3sKuOoGi7eELSimM43Lyhphg9v0soP3yZOu/SKw0ltid
xROjEF0VGJIvkJ9la4dx+Xn1H+SGRtOxAzIGFnCh6mWxIiuh9h7wIqEUtU2eTz1C
bjrN9zKD/moF+efqnmM76rWwgPTAIUboxMSCiXe3kGwW
-----END CERTIFICATE-----