Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/8nNgOGtBQWNTilGRrMmNlFZZwGM.roa
File:                     8nNgOGtBQWNTilGRrMmNlFZZwGM.roa (raw, json)
Hash identifier:          mOJcQQ3vA0VCC5mkB6hJglG7LUq/Vu6wljMQaBgi+dM=
Subject key identifier:   F2:73:60:38:6B:41:41:63:53:8A:51:91:AC:C9:8D:94:56:59:C0:63
Certificate issuer:       /CN=283624007f44dcaf568c370e7f71f950cb1940ef
Certificate serial:       019423D73162D7497B370A92411CF823209D
Authority key identifier: 28:36:24:00:7F:44:DC:AF:56:8C:37:0E:7F:71:F9:50:CB:19:40:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KDYkAH9E3K9WjDcOf3H5UMsZQO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/8nNgOGtBQWNTilGRrMmNlFZZwGM.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198118
IP address blocks:        92.42.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/KDYkAH9E3K9WjDcOf3H5UMsZQO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/KDYkAH9E3K9WjDcOf3H5UMsZQO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KDYkAH9E3K9WjDcOf3H5UMsZQO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:31:62:d7:49:7b:37:0a:92:41:1c:f8:23:20:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=283624007f44dcaf568c370e7f71f950cb1940ef
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f27360386b414163538a5191acc98d945659c063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:91:64:29:32:e6:10:7e:f9:f5:da:47:1f:0d:
                    36:7d:ff:2a:9e:37:15:d6:50:be:93:b2:59:5d:48:
                    25:39:e9:63:83:0f:76:b1:f0:11:5c:6e:24:45:6a:
                    db:6d:a7:ee:0a:66:07:bd:b6:2c:6d:d0:ed:16:64:
                    18:35:51:3f:96:2b:67:e1:fa:3b:0c:d6:4b:df:79:
                    90:cb:fd:f1:41:24:5b:32:ac:ee:a7:d7:e0:a4:e6:
                    8a:a4:bf:0d:f4:4a:03:69:98:73:27:3a:57:28:fb:
                    59:a8:ec:56:4c:e4:52:d0:da:ee:52:ee:f6:1b:e6:
                    bf:2c:0f:08:91:4d:23:f4:c2:2f:c2:ef:80:16:d1:
                    d2:b4:31:73:08:aa:32:b5:5f:20:e5:69:01:92:90:
                    d1:7f:56:da:16:b3:4f:1e:77:0e:09:4e:64:d2:aa:
                    7b:0c:b6:c8:91:b1:d5:f8:56:a1:e5:20:b6:e7:e8:
                    b6:31:b5:3b:33:f1:3b:42:d5:25:fa:2a:5f:e4:24:
                    47:91:73:6e:9a:82:11:75:65:1b:a9:3c:24:78:fc:
                    ca:ee:c3:a9:49:0f:9f:49:a2:00:3f:7a:2a:42:90:
                    24:fa:47:4a:9e:a1:d7:f7:ab:52:f5:b3:98:fc:8c:
                    42:a9:12:7c:d7:38:01:ea:06:35:53:17:12:6f:97:
                    34:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:73:60:38:6B:41:41:63:53:8A:51:91:AC:C9:8D:94:56:59:C0:63
            X509v3 Authority Key Identifier:
                keyid:28:36:24:00:7F:44:DC:AF:56:8C:37:0E:7F:71:F9:50:CB:19:40:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KDYkAH9E3K9WjDcOf3H5UMsZQO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/8nNgOGtBQWNTilGRrMmNlFZZwGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/KDYkAH9E3K9WjDcOf3H5UMsZQO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:0d:ff:8d:5b:98:7d:1c:b2:77:fb:4a:fc:f8:a8:53:b4:0b:
         fb:7c:0b:c5:8f:6a:df:7d:c1:a0:46:89:ba:16:da:4f:97:3b:
         87:48:d9:f1:35:9a:1c:20:0f:73:02:cb:03:3e:3a:31:fc:73:
         96:e4:a7:d0:bf:5e:dc:eb:84:f3:5f:1f:f1:8f:d8:d0:39:4a:
         53:a4:97:01:91:5a:10:63:f3:a7:e6:27:9f:14:d0:a3:bb:13:
         38:08:b1:22:1b:b3:7e:90:ed:63:09:03:13:24:14:76:b1:47:
         e8:0e:16:2a:25:c0:1d:e1:ed:53:3b:86:b5:fc:9f:8a:44:61:
         bd:c4:53:92:55:0f:84:7c:4c:b9:38:ff:0a:49:24:64:84:f5:
         cb:11:89:79:f3:8c:e2:76:d0:bd:99:a4:b0:e7:94:61:6b:ab:
         b5:65:90:35:8e:e2:f0:2b:f9:6d:db:02:7f:16:d5:14:a6:ee:
         b0:27:6b:5a:4c:3c:c1:11:be:6d:eb:49:e9:e1:c5:94:a6:ae:
         90:57:5c:2e:10:ca:0f:5f:95:3c:15:67:2a:d3:7a:26:92:70:
         a2:52:45:f9:78:37:31:48:37:6c:f4:bd:aa:43:7b:64:6c:d4:
         cd:7d:7b:50:42:44:90:45:4a:bd:13:36:6f:a9:f8:9b:71:14:
         38:e3:dd:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zFi10l7NwqSQRz4IyCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MzYyNDAwN2Y0NGRjYWY1NjhjMzcwZTdmNzFmOTUwY2Ix
OTQwZWYwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjczNjAzODZiNDE0MTYzNTM4YTUxOTFhY2M5OGQ5NDU2NTljMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5FkKTLmEH759dpHHw02ff8qnjcV
1lC+k7JZXUglOeljgw92sfARXG4kRWrbbafuCmYHvbYsbdDtFmQYNVE/litn4fo7
DNZL33mQy/3xQSRbMqzup9fgpOaKpL8N9EoDaZhzJzpXKPtZqOxWTORS0NruUu72
G+a/LA8IkU0j9MIvwu+AFtHStDFzCKoytV8g5WkBkpDRf1baFrNPHncOCU5k0qp7
DLbIkbHV+Fah5SC25+i2MbU7M/E7QtUl+ipf5CRHkXNumoIRdWUbqTwkePzK7sOp
SQ+fSaIAP3oqQpAk+kdKnqHX96tS9bOY/IxCqRJ81zgB6gY1UxcSb5c09wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJzYDhrQUFjU4pRkazJjZRWWcBjMB8GA1UdIwQY
MBaAFCg2JAB/RNyvVow3Dn9x+VDLGUDvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0RZa0FIOUUzSzlXakRjT2YzSDVVTXNaUU84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82MGM3MjQtYTAwNS00NmQ3LTg0NTIt
MTZjZTMzOTAxNmEwLzEvOG5OZ09HdEJRV05UaWxHUnJNbU5sRlpad0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82MGM3MjQtYTAwNS00NmQ3LTg0NTItMTZjZTMzOTAxNmEw
LzEvS0RZa0FIOUUzSzlXakRjT2YzSDVVTXNaUU84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCoHMA0G
CSqGSIb3DQEBCwUAA4IBAQCgDf+NW5h9HLJ3+0r8+KhTtAv7fAvFj2rffcGgRom6
FtpPlzuHSNnxNZocIA9zAssDPjox/HOW5KfQv17c64TzXx/xj9jQOUpTpJcBkVoQ
Y/On5iefFNCjuxM4CLEiG7N+kO1jCQMTJBR2sUfoDhYqJcAd4e1TO4a1/J+KRGG9
xFOSVQ+EfEy5OP8KSSRkhPXLEYl584zidtC9maSw55Rha6u1ZZA1juLwK/lt2wJ/
FtUUpu6wJ2taTDzBEb5t60np4cWUpq6QV1wuEMoPX5U8FWcq03omknCiUkX5eDcx
SDds9L2qQ3tkbNTNfXtQQkSQRUq9EzZvqfibcRQ4493C
-----END CERTIFICATE-----