Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/jfg7RV_UkgzfWeWyHAStqzmdIyk.roa
File:                     jfg7RV_UkgzfWeWyHAStqzmdIyk.roa (raw, json)
Hash identifier:          megMmIzuq8ICC7NEYCx8Rdb/JlGjMtAr0rnU8DerNoo=
Subject key identifier:   8D:F8:3B:45:5F:D4:92:0C:DF:59:E5:B2:1C:04:AD:AB:39:9D:23:29
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013EDBB63397AA0CD79CC54269BC91
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/jfg7RV_UkgzfWeWyHAStqzmdIyk.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398108
IP address blocks:        92.204.128.0/20 maxlen: 20
                          92.204.144.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3e:db:b6:33:97:aa:0c:d7:9c:c5:42:69:bc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8df83b455fd4920cdf59e5b21c04adab399d2329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0b:ca:f8:df:2e:c2:3f:5b:35:cd:b0:46:ee:
                    f5:9e:46:5d:16:64:62:51:07:fc:c4:12:30:22:23:
                    60:81:4d:7a:32:9f:35:f1:c0:69:fb:71:93:d2:dc:
                    51:74:a0:1b:65:04:ce:04:fa:22:a9:2f:9f:86:87:
                    7c:ab:76:fd:c3:57:6e:42:e7:ee:94:33:80:ca:6b:
                    25:c5:c5:8a:7b:93:cd:48:e1:e4:c6:b5:a8:94:5c:
                    b8:e3:47:c8:f3:09:bd:01:41:aa:db:c3:96:3d:7d:
                    8e:cb:03:fb:bb:97:f1:ad:65:02:98:fa:4d:44:26:
                    60:ab:84:17:8d:5f:4e:52:42:26:3d:65:0a:72:cf:
                    36:3d:15:ee:70:f4:29:87:10:c6:dd:30:94:6b:f2:
                    34:ff:c6:47:f7:2d:ab:84:f9:e2:2e:b3:62:5e:f7:
                    1a:38:3e:0a:b5:69:5e:ff:47:73:5d:8f:e7:d3:2b:
                    05:1c:c3:e2:ee:65:fe:fe:25:05:a7:d0:c1:b9:f1:
                    fd:42:a2:59:5c:48:aa:be:2f:8c:a1:08:78:a5:66:
                    65:5c:5b:07:15:6c:be:45:a7:7d:0d:39:cc:19:e2:
                    fc:3d:c8:95:7a:0e:46:17:4b:16:58:42:e0:c6:12:
                    4c:34:91:45:df:9d:3f:a8:9c:cb:a7:3b:5c:eb:f5:
                    d4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:F8:3B:45:5F:D4:92:0C:DF:59:E5:B2:1C:04:AD:AB:39:9D:23:29
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/jfg7RV_UkgzfWeWyHAStqzmdIyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.128.0-92.204.151.255

    Signature Algorithm: sha256WithRSAEncryption
         90:29:59:ee:2d:bf:0a:e3:c1:4e:8b:46:7c:de:aa:64:c4:47:
         6f:26:b0:2d:56:12:1f:14:5e:43:ea:69:84:08:ce:51:7f:a9:
         db:ae:4f:55:b6:d2:4c:f6:0b:ca:27:09:f1:c1:c4:3c:8a:1c:
         f1:f9:7e:f2:8a:57:5d:c2:5a:fc:e1:51:09:af:34:e6:49:20:
         92:1f:dd:a8:57:ad:0b:e7:31:b1:dc:80:50:80:98:03:b5:9b:
         05:51:ff:5b:89:7d:ff:c5:d6:73:41:a3:91:2e:e9:cc:a1:05:
         ab:c1:0c:96:67:8e:a3:43:e3:f2:da:c3:6c:85:64:04:7c:44:
         49:9e:2e:18:8a:84:7b:a9:ec:0b:96:1d:8a:37:cc:69:2b:cf:
         d2:b0:bd:22:4d:65:5f:bb:26:10:b2:4e:05:f1:ee:6f:2c:4b:
         5f:28:09:d2:62:ff:f0:85:a3:62:3d:d1:a1:38:02:00:f8:e0:
         b0:75:43:0c:36:a5:df:27:b1:ec:56:38:1b:68:e8:15:74:39:
         60:9d:9d:b0:29:ad:01:43:fc:bb:c9:a1:a2:06:01:c9:3f:5f:
         6c:ec:c6:20:03:9c:b9:2d:9c:57:a1:d2:fc:7d:3f:13:e6:a7:
         20:9c:87:c3:de:57:83:ff:c9:45:15:d1:f6:7b:d6:9b:a2:a8:
         cd:71:5b:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAT7btjOXqgzXnMVCabyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGY4M2I0NTVmZDQ5MjBjZGY1OWU1YjIxYzA0YWRhYjM5OWQyMzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwvK+N8uwj9bNc2wRu71nkZdFmRi
UQf8xBIwIiNggU16Mp818cBp+3GT0txRdKAbZQTOBPoiqS+fhod8q3b9w1duQufu
lDOAymslxcWKe5PNSOHkxrWolFy440fI8wm9AUGq28OWPX2OywP7u5fxrWUCmPpN
RCZgq4QXjV9OUkImPWUKcs82PRXucPQphxDG3TCUa/I0/8ZH9y2rhPniLrNiXvca
OD4KtWle/0dzXY/n0ysFHMPi7mX+/iUFp9DBufH9QqJZXEiqvi+MoQh4pWZlXFsH
FWy+Rad9DTnMGeL8PciVeg5GF0sWWELgxhJMNJFF350/qJzLpztc6/XUgQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI34O0Vf1JIM31nlshwEras5nSMpMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvamZnN1JWX1VrZ3pmV2VXeUhBU3Rxem1kSXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdczIAD
BANczJAwDQYJKoZIhvcNAQELBQADggEBAJApWe4tvwrjwU6LRnzeqmTER28msC1W
Eh8UXkPqaYQIzlF/qduuT1W20kz2C8onCfHBxDyKHPH5fvKKV13CWvzhUQmvNOZJ
IJIf3ahXrQvnMbHcgFCAmAO1mwVR/1uJff/F1nNBo5Eu6cyhBavBDJZnjqND4/La
w2yFZAR8REmeLhiKhHup7AuWHYo3zGkrz9KwvSJNZV+7JhCyTgXx7m8sS18oCdJi
//CFo2I90aE4AgD44LB1Qww2pd8nsexWOBto6BV0OWCdnbAprQFD/LvJoaIGAck/
X2zsxiADnLktnFeh0vx9PxPmpyCch8PeV4P/yUUV0fZ71puiqM1xW5g=
-----END CERTIFICATE-----