Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/ifxS3Wm_-fTDxs9rLmmSB46dZGI.roa
File:                     ifxS3Wm_-fTDxs9rLmmSB46dZGI.roa (raw, json)
Hash identifier:          PrmXejk/GZlTz6b/Yf+C2lIqCADCBXeH1FuytK9HTcI=
Subject key identifier:   89:FC:52:DD:69:BF:F9:F4:C3:C6:CF:6B:2E:69:92:07:8E:9D:64:62
Certificate issuer:       /CN=a8dff01f56e3419d027be7591ceef62851ce0f6b
Certificate serial:       018CC8DFAA5D1C4522C225DC0E09AA429061
Authority key identifier: A8:DF:F0:1F:56:E3:41:9D:02:7B:E7:59:1C:EE:F6:28:51:CE:0F:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/ifxS3Wm_-fTDxs9rLmmSB46dZGI.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198549
IP address blocks:        92.53.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:aa:5d:1c:45:22:c2:25:dc:0e:09:aa:42:90:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8dff01f56e3419d027be7591ceef62851ce0f6b
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89fc52dd69bff9f4c3c6cf6b2e6992078e9d6462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:bd:a3:46:35:6e:39:d2:fb:51:c1:5e:f4:94:
                    9e:9b:d9:5c:79:dd:db:42:fb:90:0e:1a:a1:db:00:
                    cf:23:23:9f:ad:73:79:35:fe:5b:07:e6:85:e7:f4:
                    42:aa:87:23:bf:5e:05:a2:b9:25:18:84:9d:0e:b5:
                    52:e6:f7:6c:6b:46:67:2b:70:f5:fe:cf:26:b4:e9:
                    c1:80:25:69:a1:da:a2:91:45:13:9b:3c:ed:a0:17:
                    ef:86:f7:c6:fc:ff:22:23:b9:86:5a:66:d0:4b:c0:
                    72:6f:d0:b1:32:5f:2d:25:e3:38:f0:34:b1:bc:76:
                    9d:7c:11:e6:47:70:f1:2d:24:53:2f:9d:56:cd:0a:
                    02:a6:59:cb:3e:69:36:61:cc:be:7a:4d:d9:62:86:
                    c4:1f:87:0f:e5:50:b7:28:62:19:91:9d:15:02:82:
                    df:ae:0e:77:84:4d:5d:09:c0:d9:a9:85:e1:c1:9f:
                    c9:60:6a:bb:9c:d0:14:85:8b:ef:7d:9c:40:27:5f:
                    e2:87:2d:c4:ef:3e:ae:8d:89:f0:ec:a1:af:e3:ad:
                    eb:75:56:95:fa:4a:3d:1d:e5:46:cf:00:e0:44:70:
                    b7:1a:22:a3:a9:eb:aa:15:be:d6:a1:c9:90:92:09:
                    74:fd:a9:0f:b9:e7:4c:91:46:7f:5c:af:a5:ff:42:
                    56:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:FC:52:DD:69:BF:F9:F4:C3:C6:CF:6B:2E:69:92:07:8E:9D:64:62
            X509v3 Authority Key Identifier:
                keyid:A8:DF:F0:1F:56:E3:41:9D:02:7B:E7:59:1C:EE:F6:28:51:CE:0F:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/ifxS3Wm_-fTDxs9rLmmSB46dZGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/473366-702d-473f-bfbe-882c448e2ef6/1/qN_wH1bjQZ0Ce-dZHO72KFHOD2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:9b:98:fe:18:eb:aa:b1:a4:71:73:b2:e8:72:32:c6:69:13:
         56:c7:0f:e8:45:de:73:32:e7:41:20:e4:47:0d:ad:54:57:df:
         5f:5d:b9:ab:c8:5f:f4:83:d4:38:4b:0e:8f:87:e5:95:88:6a:
         35:0e:9a:f5:05:e7:ee:37:50:dd:cf:78:80:ad:fc:6f:12:6e:
         35:0b:82:67:e0:a0:54:4a:8b:b1:f7:14:2a:2c:62:35:09:11:
         47:71:14:1a:f4:f4:a2:4d:21:60:6a:05:76:88:3b:2a:b6:b9:
         ae:6e:e2:e9:35:66:eb:1a:c8:c4:1a:bb:0d:c8:91:8c:91:ff:
         d0:69:77:78:01:3b:3d:f3:67:03:52:eb:05:d6:5b:18:e3:92:
         dc:89:f3:1d:ab:55:cd:ff:38:f7:30:55:77:18:f5:78:a5:c6:
         e1:e0:3f:1c:6b:4f:e7:36:2f:3f:38:b6:62:16:77:6e:30:c7:
         7e:6a:e7:29:f8:90:a2:6f:f0:b5:05:e9:66:b5:5c:66:4f:42:
         0a:cd:76:95:94:50:54:1d:c4:55:f8:2b:0b:39:c4:75:70:79:
         42:bc:a9:9b:1d:64:ba:6d:50:8b:cf:46:72:42:ef:c1:87:18:
         59:bb:a4:ba:2b:7d:f6:56:b2:a9:2b:f7:93:f5:a1:d5:67:c5:
         7e:da:b7:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36pdHEUiwiXcDgmqQpBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZGZmMDFmNTZlMzQxOWQwMjdiZTc1OTFjZWVmNjI4NTFj
ZTBmNmIwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWZjNTJkZDY5YmZmOWY0YzNjNmNmNmIyZTY5OTIwNzhlOWQ2NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4r2jRjVuOdL7UcFe9JSem9lced3b
QvuQDhqh2wDPIyOfrXN5Nf5bB+aF5/RCqocjv14ForklGISdDrVS5vdsa0ZnK3D1
/s8mtOnBgCVpodqikUUTmzztoBfvhvfG/P8iI7mGWmbQS8Byb9CxMl8tJeM48DSx
vHadfBHmR3DxLSRTL51WzQoCplnLPmk2Ycy+ek3ZYobEH4cP5VC3KGIZkZ0VAoLf
rg53hE1dCcDZqYXhwZ/JYGq7nNAUhYvvfZxAJ1/ihy3E7z6ujYnw7KGv463rdVaV
+ko9HeVGzwDgRHC3GiKjqeuqFb7WocmQkgl0/akPuedMkUZ/XK+l/0JWfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIn8Ut1pv/n0w8bPay5pkgeOnWRiMB8GA1UdIwQY
MBaAFKjf8B9W40GdAnvnWRzu9ihRzg9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5fd0gxYmpRWjBDZS1kWkhPNzJLRkhPRDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS80NzMzNjYtNzAyZC00NzNmLWJmYmUt
ODgyYzQ0OGUyZWY2LzEvaWZ4UzNXbV8tZlREeHM5ckxtbVNCNDZkWkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS80NzMzNjYtNzAyZC00NzNmLWJmYmUtODgyYzQ0OGUyZWY2
LzEvcU5fd0gxYmpRWjBDZS1kWkhPNzJLRkhPRDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDXoMA0G
CSqGSIb3DQEBCwUAA4IBAQCLm5j+GOuqsaRxc7LocjLGaRNWxw/oRd5zMudBIORH
Da1UV99fXbmryF/0g9Q4Sw6Ph+WViGo1Dpr1BefuN1Ddz3iArfxvEm41C4Jn4KBU
Soux9xQqLGI1CRFHcRQa9PSiTSFgagV2iDsqtrmubuLpNWbrGsjEGrsNyJGMkf/Q
aXd4ATs982cDUusF1lsY45LcifMdq1XN/zj3MFV3GPV4pcbh4D8ca0/nNi8/OLZi
FnduMMd+aucp+JCib/C1BelmtVxmT0IKzXaVlFBUHcRV+CsLOcR1cHlCvKmbHWS6
bVCLz0ZyQu/BhxhZu6S6K332VrKpK/eT9aHVZ8V+2rdL
-----END CERTIFICATE-----