Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/qRnRw2aCO-JZIxQyW7guksdMawM.roa
File:                     qRnRw2aCO-JZIxQyW7guksdMawM.roa (raw, json)
Hash identifier:          xR799oMOsSyk2eT9SSdLjt8gpKa0fuHE47TbW74jZOI=
Subject key identifier:   A9:19:D1:C3:66:82:3B:E2:59:23:14:32:5B:B8:2E:92:C7:4C:6B:03
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01943B221DAAF86CB263D2AB231F65EFAF74
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/qRnRw2aCO-JZIxQyW7guksdMawM.roa
Signing time:             Mon 06 Jan 2025 10:21:19 +0000
ROA not before:           Mon 06 Jan 2025 10:21:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213764
IP address blocks:        92.118.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 10:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3b:22:1d:aa:f8:6c:b2:63:d2:ab:23:1f:65:ef:af:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  6 10:21:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a919d1c366823be2592314325bb82e92c74c6b03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bd:bc:8d:30:05:77:8d:51:e1:33:0a:2f:f9:
                    84:f4:78:43:e5:b4:ad:44:8d:ba:ab:d4:ef:ea:45:
                    0f:83:c6:75:ab:14:90:f5:98:00:62:99:74:d7:c2:
                    79:6c:07:8c:28:b0:79:3a:22:ca:17:0c:51:28:d2:
                    eb:cd:52:9f:bf:a0:69:46:e7:b2:b6:cc:0d:73:e4:
                    29:5e:c2:78:99:20:ee:f0:2d:34:04:ba:ce:56:f8:
                    0c:9f:28:a2:dd:d3:f9:9e:07:b9:09:c3:87:1c:42:
                    5a:da:9f:26:3e:bd:dd:32:56:b6:db:1a:f6:7c:0f:
                    8b:8d:29:f5:4e:55:c3:f2:ac:b6:75:d9:df:c6:a4:
                    c1:62:61:09:96:f9:57:df:32:3d:57:18:ab:42:b4:
                    77:88:d6:44:75:58:78:1f:e9:ed:db:32:91:4f:53:
                    f2:20:15:86:ae:93:c3:e2:4f:66:63:c4:68:d3:b0:
                    45:67:0b:b9:6c:d2:03:1e:50:4f:bb:a3:0b:f6:ad:
                    e3:fb:ae:8f:f3:3b:6a:75:9c:7f:91:b6:87:6d:b5:
                    c6:5a:c1:47:c1:40:85:c3:dd:c3:48:21:dc:d1:0c:
                    ff:47:7e:3d:ba:6e:cd:16:82:c0:e9:08:76:be:e6:
                    c2:d8:ad:ae:7a:24:cb:d1:f3:d0:5b:86:bd:eb:93:
                    85:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:19:D1:C3:66:82:3B:E2:59:23:14:32:5B:B8:2E:92:C7:4C:6B:03
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/qRnRw2aCO-JZIxQyW7guksdMawM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:2a:72:7d:8a:e0:ef:6b:97:31:d8:4a:47:d6:e8:24:32:46:
         87:5f:ab:db:a2:fc:83:2c:65:85:97:88:fa:a5:92:88:f4:0b:
         40:d1:28:88:08:14:6b:2f:2c:9c:b9:2b:46:b1:35:cb:6a:c5:
         3e:46:8a:dd:75:48:24:44:2c:dc:45:23:dd:3b:9c:cf:d7:cd:
         ca:6b:68:e5:a9:ef:53:a3:b0:f6:98:2c:3e:3d:b9:5a:a9:b1:
         8c:f9:fa:3b:99:c7:9d:13:eb:9a:a7:8a:80:90:e4:af:86:8c:
         e0:7c:ab:2d:bb:9c:2b:f8:6c:25:bd:50:6c:5b:fa:7d:a6:f5:
         71:90:48:5c:c0:91:a3:2b:5d:56:8e:a3:c1:44:8d:00:ef:58:
         4e:72:9c:9e:64:0d:23:39:2c:f5:1b:63:72:18:65:79:fc:1e:
         a7:ed:36:b2:f7:98:21:c4:47:82:6e:3d:2a:e4:99:fc:1b:64:
         a5:e9:44:6d:d5:83:e7:f3:25:0c:fe:0e:11:8c:a5:3e:13:d6:
         5a:09:c0:01:32:72:42:a8:15:00:dd:c9:55:d9:14:5b:2f:35:
         f1:ed:90:7c:e9:f2:73:f9:86:90:56:1f:17:e4:88:cd:84:23:
         d4:bd:7d:f3:99:a9:b2:31:8c:4b:c3:47:a4:1e:e6:4b:04:3b:
         65:1b:cb:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ7Ih2q+GyyY9KrIx9l7690MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTA2MTAyMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTE5ZDFjMzY2ODIzYmUyNTkyMzE0MzI1YmI4MmU5MmM3NGM2YjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0728jTAFd41R4TMKL/mE9HhD5bSt
RI26q9Tv6kUPg8Z1qxSQ9ZgAYpl018J5bAeMKLB5OiLKFwxRKNLrzVKfv6BpRuey
tswNc+QpXsJ4mSDu8C00BLrOVvgMnyii3dP5nge5CcOHHEJa2p8mPr3dMla22xr2
fA+LjSn1TlXD8qy2ddnfxqTBYmEJlvlX3zI9VxirQrR3iNZEdVh4H+nt2zKRT1Py
IBWGrpPD4k9mY8Ro07BFZwu5bNIDHlBPu6ML9q3j+66P8ztqdZx/kbaHbbXGWsFH
wUCFw93DSCHc0Qz/R349um7NFoLA6Qh2vubC2K2ueiTL0fPQW4a965OFUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkZ0cNmgjviWSMUMlu4LpLHTGsDMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvcVJuUncyYUNPLUpaSXhReVc3Z3Vrc2RNYXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHbPMA0G
CSqGSIb3DQEBCwUAA4IBAQBoKnJ9iuDva5cx2EpH1ugkMkaHX6vbovyDLGWFl4j6
pZKI9AtA0SiICBRrLyycuStGsTXLasU+RorddUgkRCzcRSPdO5zP183Ka2jlqe9T
o7D2mCw+PblaqbGM+fo7mcedE+uap4qAkOSvhozgfKstu5wr+GwlvVBsW/p9pvVx
kEhcwJGjK11WjqPBRI0A71hOcpyeZA0jOSz1G2NyGGV5/B6n7Tay95ghxEeCbj0q
5Jn8G2Sl6URt1YPn8yUM/g4RjKU+E9ZaCcABMnJCqBUA3clV2RRbLzXx7ZB86fJz
+YaQVh8X5IjNhCPUvX3zmamyMYxLw0ekHuZLBDtlG8s3
-----END CERTIFICATE-----