Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/Xr80LkC5Rk1R276TGI1L3lqSW0o.roa
File:                     Xr80LkC5Rk1R276TGI1L3lqSW0o.roa (raw, json)
Hash identifier:          1/dl1SZ9wMt13YVHYQatALCjaTISinOrrZaU8YTSLt0=
Subject key identifier:   5E:BF:34:2E:40:B9:46:4D:51:DB:BE:93:18:8D:4B:DE:5A:92:5B:4A
Certificate issuer:       /CN=9bdba95290a985a697763d30ab42f9c3784078b2
Certificate serial:       0192FCD4B83D78DBA34B4EF419DDD4D4C209
Authority key identifier: 9B:DB:A9:52:90:A9:85:A6:97:76:3D:30:AB:42:F9:C3:78:40:78:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9upUpCphaaXdj0wq0L5w3hAeLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/Xr80LkC5Rk1R276TGI1L3lqSW0o.roa
Signing time:             Tue 05 Nov 2024 14:57:32 +0000
ROA not before:           Tue 05 Nov 2024 14:57:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209368
IP address blocks:        185.133.92.0/22 maxlen: 24
                          2a09:83c0::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/m9upUpCphaaXdj0wq0L5w3hAeLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/m9upUpCphaaXdj0wq0L5w3hAeLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9upUpCphaaXdj0wq0L5w3hAeLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:d4:b8:3d:78:db:a3:4b:4e:f4:19:dd:d4:d4:c2:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bdba95290a985a697763d30ab42f9c3784078b2
        Validity
            Not Before: Nov  5 14:57:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ebf342e40b9464d51dbbe93188d4bde5a925b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a8:6e:d0:2e:1a:8d:be:a4:ce:cd:5a:c2:c6:
                    1c:9e:6b:fb:8f:5f:ea:e0:bf:38:66:f8:d4:41:ad:
                    2f:76:6d:a5:36:5f:be:e3:fd:8a:3d:58:c2:48:71:
                    4c:54:9d:2f:2a:43:67:0c:25:30:fc:0e:00:d9:19:
                    6d:87:64:e6:79:f1:cf:36:fb:1e:6a:ea:9d:b5:42:
                    5c:ab:b2:d5:31:02:2f:62:1c:1b:7e:28:13:0a:26:
                    03:08:cf:a2:33:21:ca:90:34:18:b5:92:c7:7f:8d:
                    cb:2d:df:20:e7:99:50:eb:89:14:92:ac:48:37:b6:
                    a5:8d:c9:75:6b:1f:68:50:7a:21:1d:81:11:39:2c:
                    56:a0:79:66:1c:0d:25:ef:80:4f:f0:da:04:0c:18:
                    59:9a:75:ba:2f:01:6e:5e:97:7b:48:58:9f:57:80:
                    a7:3e:44:08:c0:89:d5:b3:f7:01:c4:4f:38:b0:31:
                    42:06:d7:c8:ef:bd:ec:88:66:e3:41:e8:5b:6e:6c:
                    0a:06:73:34:c7:98:88:64:f1:e0:ee:93:fd:2e:28:
                    5e:03:10:0d:45:f6:fc:b1:cd:74:4f:f8:f1:46:80:
                    62:fe:e2:59:f0:76:b6:fa:bf:f8:7f:ad:5e:f0:36:
                    4a:68:25:0d:56:90:f8:ca:34:01:25:cb:01:39:66:
                    54:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BF:34:2E:40:B9:46:4D:51:DB:BE:93:18:8D:4B:DE:5A:92:5B:4A
            X509v3 Authority Key Identifier:
                keyid:9B:DB:A9:52:90:A9:85:A6:97:76:3D:30:AB:42:F9:C3:78:40:78:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9upUpCphaaXdj0wq0L5w3hAeLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/Xr80LkC5Rk1R276TGI1L3lqSW0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/4ae1bd-5864-43f0-b4fd-80a66c0fc884/1/m9upUpCphaaXdj0wq0L5w3hAeLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.92.0/22
                IPv6:
                  2a09:83c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:1e:14:79:7d:16:e6:03:be:93:83:02:75:91:7c:7c:4e:42:
         3a:e2:f2:5c:fc:d0:23:fa:8e:41:71:3d:b1:df:1d:8a:bd:32:
         dc:9a:2d:48:20:d2:52:26:13:04:90:87:11:7e:5f:ef:58:78:
         f3:48:38:76:89:4f:a9:ea:bc:61:05:80:05:78:48:cc:68:f5:
         19:5c:f5:76:05:72:e9:e0:4f:a2:e8:80:22:e0:fe:57:bf:7e:
         c2:ac:a2:93:bf:a5:f2:6d:5a:e0:44:3d:52:23:08:34:21:cc:
         7f:8f:2b:34:f8:2c:fd:c2:ad:54:91:11:c6:c3:a5:83:82:6b:
         54:a9:a5:ea:ce:52:2b:dc:28:92:b1:18:d6:ec:5a:8c:37:63:
         0d:f8:dc:ae:81:4a:52:ad:74:82:7c:4a:04:04:d5:ac:93:8c:
         30:c8:c1:ed:90:42:77:84:a3:04:c6:80:56:18:05:70:a7:47:
         d6:73:0e:d1:a5:1f:49:a1:cd:a1:ae:25:2c:1b:e9:69:6f:e3:
         95:ac:32:4b:71:9d:d1:33:b8:14:27:79:3a:7e:61:65:3c:5f:
         91:a2:b3:46:9b:95:90:84:ea:ea:e4:b2:61:d7:70:6f:85:b5:
         fe:49:a2:c1:56:b0:51:b5:b5:15:26:49:a0:b6:b8:cc:f2:ba:
         8a:a0:97:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZL81Lg9eNujS070Gd3U1MIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZGJhOTUyOTBhOTg1YTY5Nzc2M2QzMGFiNDJmOWMzNzg0
MDc4YjIwHhcNMjQxMTA1MTQ1NzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJmMzQyZTQwYjk0NjRkNTFkYmJlOTMxODhkNGJkZTVhOTI1YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKhu0C4ajb6kzs1awsYcnmv7j1/q
4L84ZvjUQa0vdm2lNl++4/2KPVjCSHFMVJ0vKkNnDCUw/A4A2Rlth2TmefHPNvse
auqdtUJcq7LVMQIvYhwbfigTCiYDCM+iMyHKkDQYtZLHf43LLd8g55lQ64kUkqxI
N7aljcl1ax9oUHohHYEROSxWoHlmHA0l74BP8NoEDBhZmnW6LwFuXpd7SFifV4Cn
PkQIwInVs/cBxE84sDFCBtfI773siGbjQehbbmwKBnM0x5iIZPHg7pP9LiheAxAN
Rfb8sc10T/jxRoBi/uJZ8Ha2+r/4f61e8DZKaCUNVpD4yjQBJcsBOWZUdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF6/NC5AuUZNUdu+kxiNS95akltKMB8GA1UdIwQY
MBaAFJvbqVKQqYWml3Y9MKtC+cN4QHiyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTl1cFVwQ3BoYWFYZGowd3EwTDV3M2hBZUxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy80YWUxYmQtNTg2NC00M2YwLWI0ZmQt
ODBhNjZjMGZjODg0LzEvWHI4MExrQzVSazFSMjc2VEdJMUwzbHFTVzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy80YWUxYmQtNTg2NC00M2YwLWI0ZmQtODBhNjZjMGZjODg0
LzEvbTl1cFVwQ3BoYWFYZGowd3EwTDV3M2hBZUxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYVcMA0E
AgACMAcDBQMqCYPAMA0GCSqGSIb3DQEBCwUAA4IBAQB0HhR5fRbmA76TgwJ1kXx8
TkI64vJc/NAj+o5BcT2x3x2KvTLcmi1IINJSJhMEkIcRfl/vWHjzSDh2iU+p6rxh
BYAFeEjMaPUZXPV2BXLp4E+i6IAi4P5Xv37CrKKTv6XybVrgRD1SIwg0Icx/jys0
+Cz9wq1UkRHGw6WDgmtUqaXqzlIr3CiSsRjW7FqMN2MN+NyugUpSrXSCfEoEBNWs
k4wwyMHtkEJ3hKMExoBWGAVwp0fWcw7RpR9Joc2hriUsG+lpb+OVrDJLcZ3RM7gU
J3k6fmFlPF+RorNGm5WQhOrq5LJh13BvhbX+SaLBVrBRtbUVJkmgtrjM8rqKoJcm
-----END CERTIFICATE-----