Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/92Ur9VzTmRe-z3DtzP0S1IHDa64.roa
File:                     92Ur9VzTmRe-z3DtzP0S1IHDa64.roa (raw, json)
Hash identifier:          mFnsywqt8MCKsx2xLX5W4lkG3+UXu1S8pY3CIfIJHks=
Subject key identifier:   F7:65:2B:F5:5C:D3:99:17:BE:CF:70:ED:CC:FD:12:D4:81:C3:6B:AE
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0545D7F75CE3CA4BFD76B795DB13
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/92Ur9VzTmRe-z3DtzP0S1IHDa64.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199762
IP address blocks:        2a0a:280:1200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:05:45:d7:f7:5c:e3:ca:4b:fd:76:b7:95:db:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7652bf55cd39917becf70edccfd12d481c36bae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7d:08:08:e9:0b:3f:18:4a:2e:98:71:dc:22:
                    be:3c:80:67:a7:67:29:5b:f1:5d:17:4c:da:46:3e:
                    58:44:41:4f:e1:f5:da:54:2f:9d:57:dd:c0:e2:03:
                    e6:69:47:60:db:b1:81:81:ca:44:14:c3:5d:c5:6c:
                    c3:43:ae:58:23:5a:47:24:5e:c6:a9:7c:88:85:80:
                    ce:f8:70:36:da:1b:b9:53:d3:28:b0:eb:d1:e7:27:
                    7a:48:de:f0:93:2a:92:36:cc:59:68:5e:77:66:93:
                    d6:ab:2e:14:e3:8d:2c:b2:03:b8:cc:a9:d9:b9:c0:
                    bb:cb:5a:94:07:55:a0:26:d3:20:50:67:a3:23:41:
                    ea:2b:b7:20:3e:17:72:65:19:c1:aa:e0:1d:6c:ba:
                    5a:c6:39:f5:e3:61:22:98:22:76:0e:a2:48:67:bd:
                    14:82:9a:b4:27:29:6a:cf:d3:75:87:0a:f9:35:df:
                    da:d1:47:13:51:14:96:13:f1:93:cc:8a:2b:1a:1a:
                    11:02:e2:f9:e0:0e:99:bc:cf:4e:f9:f2:14:1e:e7:
                    f0:12:dd:d8:a3:18:ac:bb:ea:e9:73:59:73:17:d2:
                    3d:83:6c:96:08:af:4d:a5:1a:39:7e:78:41:e7:90:
                    79:8f:5a:37:5e:1c:0c:ed:1b:4e:2d:2e:f1:ef:5e:
                    66:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:65:2B:F5:5C:D3:99:17:BE:CF:70:ED:CC:FD:12:D4:81:C3:6B:AE
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/92Ur9VzTmRe-z3DtzP0S1IHDa64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         5b:5c:ae:34:ac:a9:79:77:31:41:fa:28:14:4a:95:85:95:f9:
         43:75:0b:21:d5:c2:ff:bc:b1:ee:d5:81:3d:94:13:a2:24:5d:
         50:3e:cf:16:f2:42:db:c3:aa:a8:38:e8:ea:da:f4:45:f5:9e:
         ed:d2:c9:3a:c3:43:0e:e4:fe:7d:d8:60:2d:bb:de:f7:45:cb:
         3f:e5:47:90:b8:b1:fb:4d:95:17:7e:38:07:1c:90:e7:ca:56:
         31:2e:af:da:94:93:d7:8e:75:fe:aa:2d:8c:e8:0b:91:39:39:
         67:4d:2e:e1:b5:15:39:1c:82:0b:67:e4:72:1b:3e:71:93:1e:
         9a:d4:59:cb:75:a8:1e:6d:cd:74:f2:4f:93:2a:47:b6:ca:db:
         f9:c5:5e:be:a6:43:45:1e:a8:bf:e5:38:43:43:74:5a:a7:06:
         5c:b0:f0:95:e9:52:57:3c:22:7d:3c:13:8b:fe:38:8f:fa:b7:
         fa:2d:95:66:a2:42:20:9e:6c:17:06:9d:e4:bb:1e:a0:37:60:
         9c:e0:09:82:4c:25:29:d4:4b:0d:14:86:da:d2:46:a4:92:9c:
         40:b1:e2:94:b8:70:93:31:b2:df:75:19:08:73:92:ef:71:55:
         9d:a7:03:95:22:ad:e0:3c:32:8d:69:03:18:88:52:b2:0c:05:
         2e:d2:f0:f2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQVF1/dc48pL/Xa3ldsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzY1MmJmNTVjZDM5OTE3YmVjZjcwZWRjY2ZkMTJkNDgxYzM2YmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH0ICOkLPxhKLphx3CK+PIBnp2cp
W/FdF0zaRj5YREFP4fXaVC+dV93A4gPmaUdg27GBgcpEFMNdxWzDQ65YI1pHJF7G
qXyIhYDO+HA22hu5U9MosOvR5yd6SN7wkyqSNsxZaF53ZpPWqy4U440ssgO4zKnZ
ucC7y1qUB1WgJtMgUGejI0HqK7cgPhdyZRnBquAdbLpaxjn142EimCJ2DqJIZ70U
gpq0Jylqz9N1hwr5Nd/a0UcTURSWE/GTzIorGhoRAuL54A6ZvM9O+fIUHufwEt3Y
oxisu+rpc1lzF9I9g2yWCK9NpRo5fnhB55B5j1o3XhwM7RtOLS7x715meQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPdlK/Vc05kXvs9w7cz9EtSBw2uuMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvOTJVcjlWelRtUmUtejNEdHpQMFMxSUhEYTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBIw
DQYJKoZIhvcNAQELBQADggEBAFtcrjSsqXl3MUH6KBRKlYWV+UN1CyHVwv+8se7V
gT2UE6IkXVA+zxbyQtvDqqg46Ora9EX1nu3SyTrDQw7k/n3YYC273vdFyz/lR5C4
sftNlRd+OAcckOfKVjEur9qUk9eOdf6qLYzoC5E5OWdNLuG1FTkcggtn5HIbPnGT
HprUWct1qB5tzXTyT5MqR7bK2/nFXr6mQ0UeqL/lOENDdFqnBlyw8JXpUlc8In08
E4v+OI/6t/otlWaiQiCebBcGneS7HqA3YJzgCYJMJSnUSw0UhtrSRqSSnECx4pS4
cJMxst91GQhzku9xVZ2nA5UireA8Mo1pAxiIUrIMBS7S8PI=
-----END CERTIFICATE-----