Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ccRycgvC64y98eYYqHq-1ZAivfE.roa
File:                     ccRycgvC64y98eYYqHq-1ZAivfE.roa (raw, json)
Hash identifier:          lAN7t7s06SRRymZ7RanK8SvGuw1Guc249CYb3jsiolE=
Subject key identifier:   71:C4:72:72:0B:C2:EB:8C:BD:F1:E6:18:A8:7A:BE:D5:90:22:BD:F1
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC80133F0011C261BE84DD06C7D765785
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ccRycgvC64y98eYYqHq-1ZAivfE.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        92.204.128.0/20 maxlen: 24
                          151.106.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:33:f0:01:1c:26:1b:e8:4d:d0:6c:7d:76:57:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71c472720bc2eb8cbdf1e618a87abed59022bdf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:92:2f:e8:92:b6:15:19:37:36:1f:a6:68:6d:
                    05:52:41:7f:9e:cf:ee:77:3e:65:ed:d1:0a:8a:cc:
                    b0:35:ea:56:69:14:b9:bc:4f:0b:fe:b5:0a:1a:18:
                    0a:d2:25:e2:94:3c:aa:60:6d:ea:e8:2e:cd:ed:12:
                    d9:08:0a:8d:ad:68:da:b9:e0:ff:dc:3f:7a:ae:5f:
                    0c:ab:ed:bc:fd:32:09:2d:3d:fd:41:96:7f:61:04:
                    13:43:d9:a8:65:13:54:32:39:e1:fe:82:38:44:93:
                    8e:8d:b3:1d:90:f5:7f:3b:d0:31:93:e5:4c:26:f0:
                    26:ef:f3:33:d0:7b:1f:b4:87:9d:18:b2:16:8d:6d:
                    f2:d0:8a:00:33:d6:76:ad:0f:fa:0e:ed:83:dc:ba:
                    d6:37:51:c6:fc:13:60:8c:bc:49:c2:ca:f6:c1:fe:
                    81:7d:31:b2:51:ce:5c:86:6c:7f:0e:d2:a7:da:2e:
                    36:ce:25:a2:2f:d6:99:89:2e:b1:e9:ec:aa:62:59:
                    17:8a:97:68:97:2c:d0:16:86:a8:6e:2a:c4:c7:8e:
                    ef:42:4d:74:7f:45:6c:a6:44:e9:3f:13:98:42:ac:
                    be:fc:78:c7:52:63:6a:23:30:8e:15:04:a6:8b:d6:
                    e8:12:d3:bf:00:d0:2b:1b:7f:1e:39:90:8f:dc:d3:
                    15:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C4:72:72:0B:C2:EB:8C:BD:F1:E6:18:A8:7A:BE:D5:90:22:BD:F1
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ccRycgvC64y98eYYqHq-1ZAivfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.128.0/20
                  151.106.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         05:7a:73:d3:99:6e:45:87:d3:4e:09:98:85:67:6d:ee:04:8c:
         55:be:ec:fd:d8:f3:1c:a7:a5:ed:b5:03:b4:13:ee:7b:6f:de:
         39:c9:fb:74:a7:d6:4d:05:b1:b5:ca:0c:7f:85:20:67:c6:56:
         da:c8:ee:68:ba:92:f1:ff:bf:25:e9:34:65:af:65:95:c3:60:
         78:f3:f2:ae:4e:81:bf:c7:a0:fa:f4:dd:b8:e2:a4:5b:4c:df:
         36:08:be:c9:20:4b:55:c4:52:27:28:23:c2:20:8d:ea:1d:7b:
         25:98:80:2c:90:e8:53:57:f4:aa:0b:3a:29:11:e9:43:e0:f5:
         7f:8f:40:f2:58:26:85:c6:8c:1e:e8:b4:e4:43:8f:92:b8:4a:
         d9:0f:49:68:7a:68:c0:51:a6:ea:69:c5:96:27:b3:86:9e:61:
         ee:62:3b:0c:1b:a2:24:5e:c0:c7:a7:b8:d2:be:f6:64:4b:0a:
         16:47:c9:24:ff:92:e5:6f:e2:19:48:b6:28:55:55:54:1c:1f:
         61:10:29:ca:55:61:2f:8d:a3:01:26:be:87:a9:80:80:b8:43:
         35:04:00:79:bf:20:9d:c9:ab:45:c7:be:4d:4f:b3:b6:5e:84:
         fa:04:45:84:c3:3c:49:65:44:23:2c:0e:2f:01:61:3c:b6:30:
         20:2a:e6:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIATPwARwmG+hN0Gx9dleFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWM0NzI3MjBiYzJlYjhjYmRmMWU2MThhODdhYmVkNTkwMjJiZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5Iv6JK2FRk3Nh+maG0FUkF/ns/u
dz5l7dEKisywNepWaRS5vE8L/rUKGhgK0iXilDyqYG3q6C7N7RLZCAqNrWjaueD/
3D96rl8Mq+28/TIJLT39QZZ/YQQTQ9moZRNUMjnh/oI4RJOOjbMdkPV/O9Axk+VM
JvAm7/Mz0HsftIedGLIWjW3y0IoAM9Z2rQ/6Du2D3LrWN1HG/BNgjLxJwsr2wf6B
fTGyUc5chmx/DtKn2i42ziWiL9aZiS6x6eyqYlkXipdolyzQFoaobirEx47vQk10
f0VspkTpPxOYQqy+/HjHUmNqIzCOFQSmi9boEtO/ANArG38eOZCP3NMV0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHEcnILwuuMvfHmGKh6vtWQIr3xMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvY2NSeWNndkM2NHk5OGVZWXFIcS0xWkFpdmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXMyAAwQE
l2ogMA0GCSqGSIb3DQEBCwUAA4IBAQAFenPTmW5Fh9NOCZiFZ23uBIxVvuz92PMc
p6XttQO0E+57b945yft0p9ZNBbG1ygx/hSBnxlbayO5oupLx/78l6TRlr2WVw2B4
8/KuToG/x6D69N244qRbTN82CL7JIEtVxFInKCPCII3qHXslmIAskOhTV/SqCzop
EelD4PV/j0DyWCaFxowe6LTkQ4+SuErZD0loemjAUabqacWWJ7OGnmHuYjsMG6Ik
XsDHp7jSvvZkSwoWR8kk/5Llb+IZSLYoVVVUHB9hECnKVWEvjaMBJr6HqYCAuEM1
BAB5vyCdyatFx75NT7O2XoT6BEWEwzxJZUQjLA4vAWE8tjAgKuaA
-----END CERTIFICATE-----