Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/qU7mzK6DWH3Q7y-enQPdG9eYCes.roa
File:                     qU7mzK6DWH3Q7y-enQPdG9eYCes.roa (raw, json)
Hash identifier:          pbXGxweHa0InYUHDMzc4GYzmPeEMskLv8jrEiJHqQv4=
Subject key identifier:   A9:4E:E6:CC:AE:83:58:7D:D0:EF:2F:9E:9D:03:DD:1B:D7:98:09:EB
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       0192BF525539BE0F7491575D9EAE8ED5F8BA
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/qU7mzK6DWH3Q7y-enQPdG9eYCes.roa
Signing time:             Thu 24 Oct 2024 16:18:16 +0000
ROA not before:           Thu 24 Oct 2024 16:18:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398101
IP address blocks:        92.204.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bf:52:55:39:be:0f:74:91:57:5d:9e:ae:8e:d5:f8:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Oct 24 16:18:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a94ee6ccae83587dd0ef2f9e9d03dd1bd79809eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:92:15:1a:be:7a:9d:f4:90:83:d4:ca:b2:b1:
                    04:08:9b:cd:a2:78:00:72:39:a7:19:d4:49:dd:ee:
                    33:be:ef:16:4f:a0:6a:53:13:73:a2:41:42:c0:5a:
                    e9:e3:31:3f:8a:59:72:1e:7f:4c:56:54:11:ac:01:
                    1f:f7:40:46:ca:db:a2:aa:e8:b6:db:9b:f6:0c:57:
                    f0:9c:e1:e2:f8:2c:5c:71:17:38:0a:fd:43:6b:3f:
                    76:02:28:b9:67:ec:db:0b:56:50:c9:3f:6f:3e:9a:
                    a5:79:75:60:70:68:47:54:5b:fd:06:e8:29:6a:21:
                    50:a2:29:91:ff:61:8e:58:e2:55:cd:32:80:90:00:
                    e1:65:33:90:17:6d:da:e0:92:9c:41:06:69:e6:fd:
                    c9:0a:5d:d5:29:fe:1d:8a:06:b8:bc:5e:41:93:17:
                    c5:3a:37:44:ce:76:6b:0c:a4:a1:d3:93:61:1c:04:
                    07:06:8c:b2:02:28:0b:8d:1c:72:ec:4d:f7:90:d9:
                    e2:85:08:17:85:d5:96:b4:1a:f0:87:63:cd:c8:ed:
                    d9:ff:69:56:70:58:ef:2f:7d:af:80:b7:b2:5c:ea:
                    16:eb:7a:8f:18:5c:05:f4:84:d3:3b:83:c6:99:b5:
                    33:60:16:fd:8c:c8:ff:8d:5f:9f:79:4e:b7:4b:fe:
                    e6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4E:E6:CC:AE:83:58:7D:D0:EF:2F:9E:9D:03:DD:1B:D7:98:09:EB
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/qU7mzK6DWH3Q7y-enQPdG9eYCes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         45:9d:67:c2:b9:8a:f7:b1:8f:6d:cb:d0:47:fe:c0:ab:4b:dc:
         d0:0d:6b:30:e8:e2:36:d9:f1:76:4c:96:a5:5b:20:a9:94:45:
         81:da:60:bb:43:62:9d:b9:99:47:1a:93:bb:e8:42:9a:75:30:
         00:58:7a:c5:4a:bc:37:23:ac:bd:cf:96:0d:8b:c4:59:77:15:
         a6:f5:c1:ac:69:bd:f5:5a:b2:1c:41:e7:e8:f5:6f:1f:e2:5c:
         4b:a8:8d:9b:d8:9a:b2:70:b2:4f:f6:bb:7a:97:a7:80:a3:0f:
         12:56:a9:ca:0f:c6:79:4a:24:82:55:2b:b1:2b:3e:ae:2e:cf:
         59:c3:16:59:d8:e5:64:f1:a5:87:78:99:49:2c:c5:d1:b9:54:
         f9:bd:49:c9:ce:ab:48:4a:0c:69:e2:17:1f:86:cc:c6:91:19:
         a5:b1:aa:5a:45:d4:2e:4b:1e:ea:74:db:7e:3b:30:a9:0d:9d:
         cf:d8:37:5e:09:b4:60:96:84:72:fd:7c:da:b3:f2:6c:7c:b5:
         15:d6:ce:72:3e:7d:b1:e4:55:26:b4:dd:e5:dc:67:c8:3b:1d:
         ec:27:91:2c:8f:3d:79:83:a3:c7:c8:b8:d3:03:b6:ba:29:05:
         b3:4f:57:9a:f9:af:00:f7:37:79:41:40:49:01:52:93:94:02:
         02:a2:be:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK/UlU5vg90kVddnq6O1fi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQxMDI0MTYxODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTRlZTZjY2FlODM1ODdkZDBlZjJmOWU5ZDAzZGQxYmQ3OTgwOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5IVGr56nfSQg9TKsrEECJvNongA
cjmnGdRJ3e4zvu8WT6BqUxNzokFCwFrp4zE/illyHn9MVlQRrAEf90BGytuiqui2
25v2DFfwnOHi+CxccRc4Cv1Daz92Aii5Z+zbC1ZQyT9vPpqleXVgcGhHVFv9Bugp
aiFQoimR/2GOWOJVzTKAkADhZTOQF23a4JKcQQZp5v3JCl3VKf4diga4vF5BkxfF
OjdEznZrDKSh05NhHAQHBoyyAigLjRxy7E33kNnihQgXhdWWtBrwh2PNyO3Z/2lW
cFjvL32vgLeyXOoW63qPGFwF9ITTO4PGmbUzYBb9jMj/jV+feU63S/7mnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlO5syug1h90O8vnp0D3RvXmAnrMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvcVU3bXpLNkRXSDNRN3ktZW5RUGRHOWVZQ2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXMyAMA0G
CSqGSIb3DQEBCwUAA4IBAQBFnWfCuYr3sY9ty9BH/sCrS9zQDWsw6OI22fF2TJal
WyCplEWB2mC7Q2KduZlHGpO76EKadTAAWHrFSrw3I6y9z5YNi8RZdxWm9cGsab31
WrIcQefo9W8f4lxLqI2b2JqycLJP9rt6l6eAow8SVqnKD8Z5SiSCVSuxKz6uLs9Z
wxZZ2OVk8aWHeJlJLMXRuVT5vUnJzqtISgxp4hcfhszGkRmlsapaRdQuSx7qdNt+
OzCpDZ3P2DdeCbRgloRy/Xzas/JsfLUV1s5yPn2x5FUmtN3l3GfIOx3sJ5Esjz15
g6PHyLjTA7a6KQWzT1ea+a8A9zd5QUBJAVKTlAICor6i
-----END CERTIFICATE-----