Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/hPkT26H9QrrGf9pDhJ_toQld2FE.roa
File:                     hPkT26H9QrrGf9pDhJ_toQld2FE.roa (raw, json)
Hash identifier:          I2JOAFx02rSfaVzHSHMiA2ciDqamBM3PGW4q1FSmpZ4=
Subject key identifier:   84:F9:13:DB:A1:FD:42:BA:C6:7F:DA:43:84:9F:ED:A1:09:5D:D8:51
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       019297347A900ED0B7886FE044F7DF1EB7B0
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/hPkT26H9QrrGf9pDhJ_toQld2FE.roa
Signing time:             Wed 16 Oct 2024 21:20:51 +0000
ROA not before:           Wed 16 Oct 2024 21:20:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205544
IP address blocks:        185.236.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:97:34:7a:90:0e:d0:b7:88:6f:e0:44:f7:df:1e:b7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Oct 16 21:20:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84f913dba1fd42bac67fda43849feda1095dd851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e4:30:72:87:45:31:c8:08:d8:39:c8:9e:ec:
                    56:7c:bd:e4:4b:77:1c:11:6f:ca:fb:97:22:1f:aa:
                    29:70:4a:4c:30:f5:5a:93:91:67:e5:20:f1:af:92:
                    13:67:90:ab:3e:90:65:64:9b:80:13:34:97:13:59:
                    2b:dd:03:00:4a:e4:1e:c2:9a:eb:47:c6:f2:d3:ec:
                    ec:7a:ec:ae:2b:4a:a5:5a:08:30:aa:6d:b2:a5:4f:
                    06:6c:fb:be:b9:9a:be:75:a3:e0:50:09:8e:b0:cc:
                    c4:89:4d:00:ea:04:43:5a:8d:78:04:99:12:ae:a2:
                    65:b3:1a:fb:d2:ba:c4:6a:c2:f5:72:18:96:7b:9b:
                    c4:a4:bd:d7:b0:3a:62:03:a8:68:3b:6d:fa:22:34:
                    2f:f9:58:30:f2:81:6b:7b:f9:e8:ea:6c:68:32:71:
                    8b:e7:61:38:2b:ae:07:47:1f:79:b9:73:de:d6:88:
                    5b:c0:d7:37:13:48:8d:c0:81:a9:fe:65:8c:ba:6a:
                    5b:30:4e:ec:8a:25:4f:d8:97:29:1a:c8:ce:ef:e6:
                    de:b8:25:42:97:87:c0:39:73:d6:08:dc:df:d7:d0:
                    ce:85:e4:48:af:46:e8:53:91:43:64:09:72:65:98:
                    9e:52:8f:cb:70:66:68:78:af:a4:46:e2:7d:ac:d3:
                    97:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F9:13:DB:A1:FD:42:BA:C6:7F:DA:43:84:9F:ED:A1:09:5D:D8:51
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/hPkT26H9QrrGf9pDhJ_toQld2FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:41:a9:85:99:34:7c:ed:79:6b:6b:d1:ab:1c:c6:8f:f3:91:
         0e:1f:c3:c6:9e:08:00:cf:14:b5:cb:74:92:b5:5e:5b:24:fb:
         94:1a:b7:ea:92:ee:d2:cf:ba:70:ab:5e:24:03:06:c9:9f:fb:
         e2:60:37:b2:9d:33:24:0f:e5:1c:1a:5e:c7:db:f9:9d:e8:7a:
         36:aa:0d:c6:72:b4:0b:82:ff:17:49:c7:e5:86:06:3e:2c:10:
         5a:af:ac:eb:80:d3:38:f3:3f:12:17:32:a6:ca:c4:44:10:96:
         e3:99:6a:33:ca:42:ff:81:d5:7e:11:6e:8c:b1:1d:11:da:b3:
         e1:ec:d5:8a:c9:64:1b:bd:b4:4e:6f:ac:c0:35:3d:b9:63:69:
         22:ad:76:62:24:02:af:a3:6e:7b:ec:13:65:0c:c8:f7:f8:6f:
         9c:d9:d6:0d:02:4b:3f:5f:34:98:9b:cc:f6:12:e2:20:60:09:
         c0:5b:e0:fc:13:39:03:60:8c:31:f8:46:46:de:39:e6:8c:3a:
         04:42:12:dd:d5:21:84:fa:ec:72:c1:f5:d9:df:20:69:3f:62:
         2e:c7:98:92:25:67:ee:21:6b:55:94:71:07:70:5c:b8:25:de:
         31:38:8f:9e:b9:76:96:11:07:19:de:2d:d5:c8:69:a5:4f:fa:
         66:f9:ee:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKXNHqQDtC3iG/gRPffHrewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQxMDE2MjEyMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGY5MTNkYmExZmQ0MmJhYzY3ZmRhNDM4NDlmZWRhMTA5NWRkODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eQwcodFMcgI2DnInuxWfL3kS3cc
EW/K+5ciH6opcEpMMPVak5Fn5SDxr5ITZ5CrPpBlZJuAEzSXE1kr3QMASuQewprr
R8by0+zseuyuK0qlWggwqm2ypU8GbPu+uZq+daPgUAmOsMzEiU0A6gRDWo14BJkS
rqJlsxr70rrEasL1chiWe5vEpL3XsDpiA6hoO236IjQv+Vgw8oFre/no6mxoMnGL
52E4K64HRx95uXPe1ohbwNc3E0iNwIGp/mWMumpbME7siiVP2JcpGsjO7+beuCVC
l4fAOXPWCNzf19DOheRIr0boU5FDZAlyZZieUo/LcGZoeK+kRuJ9rNOX5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIT5E9uh/UK6xn/aQ4Sf7aEJXdhRMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvaFBrVDI2SDlRcnJHZjlwRGhKX3RvUWxkMkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuexcMA0G
CSqGSIb3DQEBCwUAA4IBAQAZQamFmTR87Xlra9GrHMaP85EOH8PGnggAzxS1y3SS
tV5bJPuUGrfqku7Sz7pwq14kAwbJn/viYDeynTMkD+UcGl7H2/md6Ho2qg3GcrQL
gv8XScflhgY+LBBar6zrgNM48z8SFzKmysREEJbjmWozykL/gdV+EW6MsR0R2rPh
7NWKyWQbvbROb6zANT25Y2kirXZiJAKvo2577BNlDMj3+G+c2dYNAks/XzSYm8z2
EuIgYAnAW+D8EzkDYIwx+EZG3jnmjDoEQhLd1SGE+uxywfXZ3yBpP2Iux5iSJWfu
IWtVlHEHcFy4Jd4xOI+euXaWEQcZ3i3VyGmlT/pm+e50
-----END CERTIFICATE-----