Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/PpquALWoevaAEas_ik0oKPWiWL8.roa
File:                     PpquALWoevaAEas_ik0oKPWiWL8.roa (raw, json)
Hash identifier:          DMtWb4HLB0ogDWPzafLlXP8tz8Xg4wcPh+6EDNLWeAM=
Subject key identifier:   3E:9A:AE:00:B5:A8:7A:F6:80:11:AB:3F:8A:4D:28:28:F5:A2:58:BF
Certificate issuer:       /CN=283624007f44dcaf568c370e7f71f950cb1940ef
Certificate serial:       018CC3B6FBDB6608BC24166FA6F0E7D8FAA4
Authority key identifier: 28:36:24:00:7F:44:DC:AF:56:8C:37:0E:7F:71:F9:50:CB:19:40:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KDYkAH9E3K9WjDcOf3H5UMsZQO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/PpquALWoevaAEas_ik0oKPWiWL8.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198118
IP address blocks:        92.42.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/KDYkAH9E3K9WjDcOf3H5UMsZQO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/KDYkAH9E3K9WjDcOf3H5UMsZQO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KDYkAH9E3K9WjDcOf3H5UMsZQO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fb:db:66:08:bc:24:16:6f:a6:f0:e7:d8:fa:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=283624007f44dcaf568c370e7f71f950cb1940ef
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e9aae00b5a87af68011ab3f8a4d2828f5a258bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:89:fa:7c:91:12:a9:e5:03:a6:3f:31:48:d8:
                    8f:23:96:6a:54:37:5f:c8:90:b0:77:9a:87:b4:49:
                    e9:76:36:2b:aa:6a:82:10:61:a2:ff:d2:6a:94:d4:
                    54:18:8c:11:13:f2:bd:cf:b9:30:50:63:b7:8d:e6:
                    6d:e3:85:72:0b:e2:ee:c3:98:d9:11:de:6b:5b:f4:
                    e4:8a:ff:9a:aa:0a:71:13:2b:a5:19:20:19:8d:4d:
                    8c:66:fc:35:a3:bd:8d:08:ec:fb:41:9e:a8:8c:a7:
                    31:66:7e:df:af:8e:53:40:c7:4c:59:ba:a5:11:20:
                    4d:d1:bd:4e:ae:7c:be:36:62:b8:1c:d7:57:59:45:
                    82:4f:35:33:01:70:d5:5e:9f:96:05:d0:3d:a0:7c:
                    a5:25:db:d6:de:34:1e:04:7d:a1:e1:ad:03:52:33:
                    3d:95:10:8e:ba:60:ae:d2:f1:64:a8:63:bd:fe:09:
                    fa:f4:c8:57:e7:b6:2e:e3:c2:9e:ac:80:b0:a1:a3:
                    5c:59:f0:63:82:94:9e:86:9e:5c:41:ab:d8:81:7d:
                    ef:ef:d1:64:d7:83:1d:1f:f5:24:ef:f4:f5:d4:cc:
                    78:22:40:c0:96:e7:9b:53:3f:ed:3d:e3:7a:db:b5:
                    29:7a:72:3a:ee:be:29:59:86:52:e2:b0:02:59:d4:
                    5a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9A:AE:00:B5:A8:7A:F6:80:11:AB:3F:8A:4D:28:28:F5:A2:58:BF
            X509v3 Authority Key Identifier:
                keyid:28:36:24:00:7F:44:DC:AF:56:8C:37:0E:7F:71:F9:50:CB:19:40:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KDYkAH9E3K9WjDcOf3H5UMsZQO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/PpquALWoevaAEas_ik0oKPWiWL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/60c724-a005-46d7-8452-16ce339016a0/1/KDYkAH9E3K9WjDcOf3H5UMsZQO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:db:df:04:2e:22:ff:bb:0d:54:f5:78:f1:06:e9:d4:43:50:
         13:eb:59:da:8e:b2:fe:59:42:bf:85:d1:aa:ab:22:e9:cb:1f:
         c6:14:99:66:a7:78:92:48:3a:92:32:04:47:bc:3e:a8:2a:05:
         2b:84:41:7c:ab:41:ef:d6:6f:20:21:5c:c1:95:7c:72:68:b4:
         cd:9a:72:dd:e8:79:2b:92:48:57:e0:e1:2f:cc:dc:08:7d:1d:
         94:3d:4b:9b:6b:1e:d2:20:2d:b4:53:16:91:14:d0:2f:20:e2:
         39:34:b6:c1:d2:54:2e:c3:7c:fe:11:a6:51:26:ae:b2:4a:ae:
         f9:13:88:2e:8c:78:c6:b6:20:70:55:fe:14:7e:f5:6c:41:bf:
         b1:89:7a:2c:ce:ae:25:23:b4:55:23:1d:9f:98:d9:a2:70:1a:
         1b:a6:c5:4d:87:09:3d:21:4c:25:fc:b7:15:2c:de:0e:d7:30:
         c7:69:9a:cc:c7:81:e7:62:4e:b7:1f:bb:bf:4e:fa:35:8c:4b:
         e5:44:41:8b:b3:4a:7f:22:31:75:0f:71:bd:0e:ee:bb:bb:64:
         22:1b:9a:c3:97:dd:83:5f:16:19:2d:0c:92:ef:d9:ed:19:fa:
         77:db:80:02:26:a6:ca:a9:4b:93:35:11:5d:bc:90:ff:ac:b4:
         88:49:92:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvvbZgi8JBZvpvDn2PqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MzYyNDAwN2Y0NGRjYWY1NjhjMzcwZTdmNzFmOTUwY2Ix
OTQwZWYwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTlhYWUwMGI1YTg3YWY2ODAxMWFiM2Y4YTRkMjgyOGY1YTI1OGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4n6fJESqeUDpj8xSNiPI5ZqVDdf
yJCwd5qHtEnpdjYrqmqCEGGi/9JqlNRUGIwRE/K9z7kwUGO3jeZt44VyC+Luw5jZ
Ed5rW/Tkiv+aqgpxEyulGSAZjU2MZvw1o72NCOz7QZ6ojKcxZn7fr45TQMdMWbql
ESBN0b1Orny+NmK4HNdXWUWCTzUzAXDVXp+WBdA9oHylJdvW3jQeBH2h4a0DUjM9
lRCOumCu0vFkqGO9/gn69MhX57Yu48KerICwoaNcWfBjgpSehp5cQavYgX3v79Fk
14MdH/Uk7/T11Mx4IkDAluebUz/tPeN627UpenI67r4pWYZS4rACWdRaoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6argC1qHr2gBGrP4pNKCj1oli/MB8GA1UdIwQY
MBaAFCg2JAB/RNyvVow3Dn9x+VDLGUDvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0RZa0FIOUUzSzlXakRjT2YzSDVVTXNaUU84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82MGM3MjQtYTAwNS00NmQ3LTg0NTIt
MTZjZTMzOTAxNmEwLzEvUHBxdUFMV29ldmFBRWFzX2lrMG9LUFdpV0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82MGM3MjQtYTAwNS00NmQ3LTg0NTItMTZjZTMzOTAxNmEw
LzEvS0RZa0FIOUUzSzlXakRjT2YzSDVVTXNaUU84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCoHMA0G
CSqGSIb3DQEBCwUAA4IBAQAx298ELiL/uw1U9XjxBunUQ1AT61najrL+WUK/hdGq
qyLpyx/GFJlmp3iSSDqSMgRHvD6oKgUrhEF8q0Hv1m8gIVzBlXxyaLTNmnLd6Hkr
kkhX4OEvzNwIfR2UPUubax7SIC20UxaRFNAvIOI5NLbB0lQuw3z+EaZRJq6ySq75
E4gujHjGtiBwVf4UfvVsQb+xiXoszq4lI7RVIx2fmNmicBobpsVNhwk9IUwl/LcV
LN4O1zDHaZrMx4HnYk63H7u/Tvo1jEvlREGLs0p/IjF1D3G9Du67u2QiG5rDl92D
XxYZLQyS79ntGfp324ACJqbKqUuTNRFdvJD/rLSISZKo
-----END CERTIFICATE-----