Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Eix1bwtpkh3DfRz10HNMwF0QezY.roa
File:                     Eix1bwtpkh3DfRz10HNMwF0QezY.roa (raw, json)
Hash identifier:          /tPs0X74Nztuoqdzxvgc+Rkd5OVF4g6dXydqRNkNKmU=
Subject key identifier:   12:2C:75:6F:0B:69:92:1D:C3:7D:1C:F5:D0:73:4C:C0:5D:10:7B:36
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019427B65530E7662F7F85C92697866ADBF6
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Eix1bwtpkh3DfRz10HNMwF0QezY.roa
Signing time:             Thu 02 Jan 2025 15:50:48 +0000
ROA not before:           Thu 02 Jan 2025 15:50:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398101
IP address blocks:        92.204.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:55:30:e7:66:2f:7f:85:c9:26:97:86:6a:db:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 15:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=122c756f0b69921dc37d1cf5d0734cc05d107b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:07:14:a5:25:92:a7:c3:80:d0:c8:24:cf:87:
                    a2:6d:a3:23:bc:43:db:b2:63:8d:4c:57:05:50:c0:
                    30:97:4f:8d:8d:22:67:0a:15:1e:1f:18:45:96:19:
                    bb:ec:df:7a:f8:7c:d9:c8:29:c8:fd:bc:08:4b:1a:
                    3f:7c:b9:37:be:e0:d0:24:3f:83:86:fe:e5:97:97:
                    db:c7:17:10:b4:78:30:67:7f:01:87:79:75:1e:be:
                    ff:06:d5:1e:e4:27:b9:34:98:60:aa:aa:8b:a7:46:
                    60:e2:78:b0:27:2b:ee:8a:8f:99:da:c6:84:60:c1:
                    d5:f5:76:5b:5e:1b:ae:00:eb:5a:24:05:30:4a:0d:
                    aa:4d:1f:75:6c:b5:86:6b:dd:8e:2d:51:7e:74:2f:
                    69:81:ae:c0:d1:5a:09:ff:47:17:3e:7a:62:14:d8:
                    b4:8d:c3:58:58:3e:1f:32:c5:fb:b6:96:06:41:eb:
                    11:51:d2:c5:02:02:dc:07:c0:fd:16:52:3f:91:69:
                    d8:f0:d0:ff:54:64:10:73:4c:1e:2c:a7:c5:f6:19:
                    58:00:79:a0:68:d3:a3:8e:4a:0f:1d:7b:4e:2d:72:
                    a8:2b:22:b4:18:dd:a1:dd:ff:d9:f2:4c:cc:a9:ef:
                    6a:9a:00:d5:24:b9:2f:2a:81:93:c6:0f:3a:0c:be:
                    c9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:2C:75:6F:0B:69:92:1D:C3:7D:1C:F5:D0:73:4C:C0:5D:10:7B:36
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Eix1bwtpkh3DfRz10HNMwF0QezY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a4:85:b6:30:35:b4:1c:e7:f5:a6:13:c5:67:ac:85:8a:f1:42:
         75:17:87:16:6d:20:63:24:fc:48:94:70:93:d2:3c:30:87:e1:
         0c:26:9b:76:c5:9d:43:3d:57:01:94:a6:03:3a:4e:92:61:f5:
         05:1e:71:06:9e:17:f6:aa:02:21:9f:be:60:3e:34:ce:50:4c:
         ad:d1:0d:c1:37:0c:f9:f0:db:f9:0e:19:f2:48:36:a4:4b:22:
         e8:7e:42:e0:4f:65:8d:28:4e:94:40:f8:c4:30:11:da:68:c0:
         4c:18:5c:01:17:5b:43:2d:ed:cf:68:3e:6f:58:58:54:f9:c3:
         72:54:82:e6:25:2f:47:5a:d6:cc:08:1c:0a:33:0d:88:52:36:
         eb:d6:29:fb:28:cf:4e:de:28:d8:02:9a:22:2b:db:63:22:19:
         c0:3a:28:e9:b4:e9:52:dd:82:b7:30:b0:58:4c:8e:bf:5b:97:
         22:de:63:a2:5e:60:1e:e7:e4:4f:03:60:11:56:9a:fc:af:92:
         23:cb:8a:f4:48:ec:88:91:55:bb:39:d8:05:40:6c:3d:46:6c:
         8c:4d:86:0a:a5:81:68:d3:79:3d:af:70:11:e1:92:67:4a:69:
         be:c7:be:97:06:0b:0f:3c:06:3d:a2:de:e0:b0:e8:8d:02:03:
         66:2e:d8:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntlUw52Yvf4XJJpeGatv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjUwMTAyMTU1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjJjNzU2ZjBiNjk5MjFkYzM3ZDFjZjVkMDczNGNjMDVkMTA3YjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQcUpSWSp8OA0Mgkz4eibaMjvEPb
smONTFcFUMAwl0+NjSJnChUeHxhFlhm77N96+HzZyCnI/bwISxo/fLk3vuDQJD+D
hv7ll5fbxxcQtHgwZ38Bh3l1Hr7/BtUe5Ce5NJhgqqqLp0Zg4niwJyvuio+Z2saE
YMHV9XZbXhuuAOtaJAUwSg2qTR91bLWGa92OLVF+dC9pga7A0VoJ/0cXPnpiFNi0
jcNYWD4fMsX7tpYGQesRUdLFAgLcB8D9FlI/kWnY8ND/VGQQc0weLKfF9hlYAHmg
aNOjjkoPHXtOLXKoKyK0GN2h3f/Z8kzMqe9qmgDVJLkvKoGTxg86DL7JTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIsdW8LaZIdw30c9dBzTMBdEHs2MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvRWl4MWJ3dHBraDNEZlJ6MTBITk13RjBRZXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXMyAMA0G
CSqGSIb3DQEBCwUAA4IBAQCkhbYwNbQc5/WmE8VnrIWK8UJ1F4cWbSBjJPxIlHCT
0jwwh+EMJpt2xZ1DPVcBlKYDOk6SYfUFHnEGnhf2qgIhn75gPjTOUEyt0Q3BNwz5
8Nv5DhnySDakSyLofkLgT2WNKE6UQPjEMBHaaMBMGFwBF1tDLe3PaD5vWFhU+cNy
VILmJS9HWtbMCBwKMw2IUjbr1in7KM9O3ijYApoiK9tjIhnAOijptOlS3YK3MLBY
TI6/W5ci3mOiXmAe5+RPA2ARVpr8r5Ijy4r0SOyIkVW7OdgFQGw9RmyMTYYKpYFo
03k9r3AR4ZJnSmm+x76XBgsPPAY9ot7gsOiNAgNmLtiN
-----END CERTIFICATE-----