Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ru-e9WxWlg32PxZpWjGvQUuv540.roa
File:                     ru-e9WxWlg32PxZpWjGvQUuv540.roa (raw, json)
Hash identifier:          eq704Vi/xRdunyvwQGhKRqMN/Zxe6LW5EYjRhmdF78E=
Subject key identifier:   AE:EF:9E:F5:6C:56:96:0D:F6:3F:16:69:5A:31:AF:41:4B:AF:E7:8D
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427489DA433884F25BE2C246080EC5A35
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ru-e9WxWlg32PxZpWjGvQUuv540.roa
Signing time:             Thu 02 Jan 2025 13:50:57 +0000
ROA not before:           Thu 02 Jan 2025 13:50:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211936
IP address blocks:        92.119.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:9d:a4:33:88:4f:25:be:2c:24:60:80:ec:5a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeef9ef56c56960df63f16695a31af414bafe78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:80:e1:4d:db:ff:aa:a8:53:87:3d:45:e0:0c:
                    66:cd:34:31:34:64:24:02:f3:ee:04:93:cb:99:88:
                    1f:1d:b8:73:49:b6:37:87:32:13:be:a1:f6:0d:5f:
                    64:fc:36:b3:73:7e:2b:df:af:0a:00:07:19:bb:15:
                    b6:57:d9:49:4a:b7:7d:a1:73:76:64:c6:c6:84:fb:
                    c0:d2:e6:81:2e:c4:54:b5:33:8e:26:f4:59:01:66:
                    45:ca:33:14:dd:e2:4d:32:fd:69:83:d5:8b:40:94:
                    6b:35:5b:cc:45:97:e4:72:44:b8:02:72:59:a7:a8:
                    f2:31:5a:b1:72:7b:14:79:20:07:52:4e:60:19:e6:
                    84:86:e2:38:06:a6:a2:a7:95:af:42:e4:28:13:93:
                    56:5b:b3:d5:0e:85:40:42:48:2a:7a:f8:6a:9a:cd:
                    d6:9a:0a:82:92:c9:86:b7:a5:ed:8e:78:8e:07:34:
                    64:84:4f:4f:ac:a0:92:d9:8c:18:04:aa:cb:99:2b:
                    1a:ab:14:85:a1:75:65:4b:31:06:80:27:e2:53:ae:
                    c9:b2:a1:89:c6:44:74:f9:56:4b:b0:5d:6e:12:fd:
                    ec:3b:71:f1:df:40:69:f8:4f:18:c3:26:79:e8:35:
                    14:bf:4f:3d:34:a1:04:c3:0d:b6:95:c3:b1:b2:76:
                    c3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:EF:9E:F5:6C:56:96:0D:F6:3F:16:69:5A:31:AF:41:4B:AF:E7:8D
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ru-e9WxWlg32PxZpWjGvQUuv540.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:a1:38:9b:f3:74:1e:69:7e:07:dd:98:0d:95:aa:64:62:eb:
         b5:49:06:ca:5e:cd:4e:a7:45:a8:d7:b8:be:a1:ca:b2:de:ac:
         f1:11:bc:6f:6a:04:60:49:97:e5:c9:7d:d8:d6:dc:cd:60:26:
         08:2f:ab:42:12:fd:48:6b:f2:f6:b4:10:12:1d:3b:fd:4d:c2:
         6f:c6:00:4c:e4:45:3c:95:cc:1b:58:af:df:dc:df:e2:4f:32:
         6a:52:0f:48:b9:77:62:b6:ba:f1:90:cb:af:46:24:25:90:87:
         69:e0:09:37:25:14:37:53:c4:b7:60:b9:db:e9:a8:41:9e:19:
         f1:50:7f:3c:f0:d0:16:36:f4:56:a2:1f:7f:3a:b4:1c:27:ee:
         3a:c5:34:2f:fb:2c:42:c4:af:51:dc:d5:5d:dc:5d:d7:d1:0c:
         4c:09:bf:73:17:a5:62:f4:7b:c8:e7:6f:37:a3:b4:d5:3e:b4:
         5e:e7:b9:a5:78:e4:d1:4c:d5:83:02:ae:e5:88:59:4f:d3:8e:
         9c:75:8c:9d:54:8d:76:34:17:03:09:33:f5:cc:5e:00:74:c8:
         63:7d:66:ee:24:7b:ff:77:ea:9f:6f:6f:0f:f4:d0:10:d2:a2:
         1d:87:6a:b5:d3:39:06:32:15:df:27:24:d1:a2:3c:dc:c0:2a:
         0b:90:c7:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJ2kM4hPJb4sJGCA7Fo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWVmOWVmNTZjNTY5NjBkZjYzZjE2Njk1YTMxYWY0MTRiYWZlNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYDhTdv/qqhThz1F4AxmzTQxNGQk
AvPuBJPLmYgfHbhzSbY3hzITvqH2DV9k/Dazc34r368KAAcZuxW2V9lJSrd9oXN2
ZMbGhPvA0uaBLsRUtTOOJvRZAWZFyjMU3eJNMv1pg9WLQJRrNVvMRZfkckS4AnJZ
p6jyMVqxcnsUeSAHUk5gGeaEhuI4Bqaip5WvQuQoE5NWW7PVDoVAQkgqevhqms3W
mgqCksmGt6XtjniOBzRkhE9PrKCS2YwYBKrLmSsaqxSFoXVlSzEGgCfiU67JsqGJ
xkR0+VZLsF1uEv3sO3Hx30Bp+E8YwyZ56DUUv089NKEEww22lcOxsnbDgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7vnvVsVpYN9j8WaVoxr0FLr+eNMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvcnUtZTlXeFdsZzMyUHhacFdqR3ZRVXV2NTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHekMA0G
CSqGSIb3DQEBCwUAA4IBAQAPoTib83QeaX4H3ZgNlapkYuu1SQbKXs1Op0Wo17i+
ocqy3qzxEbxvagRgSZflyX3Y1tzNYCYIL6tCEv1Ia/L2tBASHTv9TcJvxgBM5EU8
lcwbWK/f3N/iTzJqUg9IuXditrrxkMuvRiQlkIdp4Ak3JRQ3U8S3YLnb6ahBnhnx
UH888NAWNvRWoh9/OrQcJ+46xTQv+yxCxK9R3NVd3F3X0QxMCb9zF6Vi9HvI5283
o7TVPrRe57mleOTRTNWDAq7liFlP046cdYydVI12NBcDCTP1zF4AdMhjfWbuJHv/
d+qfb28P9NAQ0qIdh2q10zkGMhXfJyTRojzcwCoLkMep
-----END CERTIFICATE-----