Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/92xqcoQPtqfYGvBNseEybsBOJPw.roa
File:                     92xqcoQPtqfYGvBNseEybsBOJPw.roa (raw, json)
Hash identifier:          ozA7ngm7vh0UfhRxGHFDLDI1ss9H/6Dx/pqClnjvnkQ=
Subject key identifier:   F7:6C:6A:72:84:0F:B6:A7:D8:1A:F0:4D:B1:E1:32:6E:C0:4E:24:FC
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0D48B74ED00C09B2534AF3D4AFF4
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/92xqcoQPtqfYGvBNseEybsBOJPw.roa
Signing time:             Tue 02 Jan 2024 08:31:59 +0000
ROA not before:           Tue 02 Jan 2024 08:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209025
IP address blocks:        2a0a:280:2b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0d:48:b7:4e:d0:0c:09:b2:53:4a:f3:d4:af:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f76c6a72840fb6a7d81af04db1e1326ec04e24fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2f:50:12:4e:c6:0f:f4:4f:15:94:54:c3:64:
                    53:29:26:1f:e5:e1:b5:bb:0d:7d:fc:7f:ee:0e:73:
                    32:e0:68:d2:e9:60:41:4a:6f:11:e5:37:eb:43:9d:
                    5b:75:b6:8b:4e:8f:1b:05:f6:c7:d5:01:a9:52:63:
                    e4:a2:46:ba:97:f2:e6:fa:32:4d:9d:77:f4:7b:7a:
                    7b:cf:d8:da:43:45:60:ba:d0:ca:86:c4:23:7a:74:
                    6c:b4:35:7b:11:98:8c:6d:0e:f3:7d:22:e0:6a:dd:
                    df:13:16:c6:20:02:23:30:11:9e:b3:1d:9a:04:ed:
                    d8:9d:3c:ca:98:07:5f:9f:95:b2:4d:eb:61:d1:53:
                    09:48:9b:61:db:a5:9d:7b:1e:c2:ee:bf:64:d1:43:
                    37:a7:37:78:5a:dc:da:20:72:6f:f5:6c:a0:70:fa:
                    4b:05:47:3d:63:b4:89:09:94:e0:dd:58:63:00:3a:
                    f1:d4:1e:d5:fb:5e:42:22:2e:6c:a0:9f:1d:29:2b:
                    24:83:15:d5:d7:b0:b9:90:30:36:25:12:62:ca:7e:
                    e1:55:e5:ac:09:71:e9:31:b3:df:79:58:9c:76:ae:
                    6e:0c:04:c4:a8:6d:1a:1a:7f:5b:66:19:35:c3:02:
                    ce:4e:38:42:ac:78:9f:24:07:e2:2b:53:92:c0:1f:
                    e9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:6C:6A:72:84:0F:B6:A7:D8:1A:F0:4D:B1:E1:32:6E:C0:4E:24:FC
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/92xqcoQPtqfYGvBNseEybsBOJPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:6c:f3:f1:30:fa:6e:20:e2:2c:f3:3f:06:fc:dd:69:ac:36:
         53:2d:bf:b6:97:de:7c:72:a0:9b:4f:7e:6c:3c:2e:41:72:e3:
         5b:18:14:fb:22:dd:77:44:3c:18:cc:f2:87:eb:08:31:db:92:
         24:bd:1d:4e:b8:fd:d9:85:74:91:9a:34:61:70:33:5a:a2:28:
         b5:26:97:5f:2f:e4:4f:14:8a:3e:73:55:f8:7c:06:f6:91:f7:
         a0:0b:b9:8d:f0:54:9c:b2:68:ae:c1:7a:36:e4:18:5b:b1:83:
         22:21:08:27:24:94:6d:da:f3:88:65:69:a3:55:a8:42:e9:f1:
         27:95:32:f4:69:da:4e:db:fd:19:b7:d4:a4:45:16:c2:28:25:
         70:32:38:17:01:61:c4:20:76:60:bd:15:37:b0:a9:03:a6:52:
         02:b0:e5:a1:a0:7b:30:65:89:47:56:99:1c:e5:41:2e:d8:e4:
         31:e9:39:c9:fd:4b:16:7c:66:f2:f4:f0:93:e2:b8:86:fa:28:
         ee:3b:42:2f:da:a1:7a:7b:29:6f:fb:9d:33:49:b1:26:74:7a:
         96:67:60:7a:a7:df:d1:db:92:2f:5c:f3:3b:fb:1c:32:f9:2f:
         c7:fa:45:23:af:10:17:f7:2a:bc:ab:67:d8:d9:11:49:ab:df:
         bf:a1:d8:19
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQ1It07QDAmyU0rz1K/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzZjNmE3Mjg0MGZiNmE3ZDgxYWYwNGRiMWUxMzI2ZWMwNGUyNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi9QEk7GD/RPFZRUw2RTKSYf5eG1
uw19/H/uDnMy4GjS6WBBSm8R5TfrQ51bdbaLTo8bBfbH1QGpUmPkoka6l/Lm+jJN
nXf0e3p7z9jaQ0VgutDKhsQjenRstDV7EZiMbQ7zfSLgat3fExbGIAIjMBGesx2a
BO3YnTzKmAdfn5WyTeth0VMJSJth26Wdex7C7r9k0UM3pzd4WtzaIHJv9WygcPpL
BUc9Y7SJCZTg3VhjADrx1B7V+15CIi5soJ8dKSskgxXV17C5kDA2JRJiyn7hVeWs
CXHpMbPfeVicdq5uDATEqG0aGn9bZhk1wwLOTjhCrHifJAfiK1OSwB/pJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPdsanKED7an2BrwTbHhMm7ATiT8MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvOTJ4cWNvUVB0cWZZR3ZCTnNlRXlic0JPSlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCsw
DQYJKoZIhvcNAQELBQADggEBAI5s8/Ew+m4g4izzPwb83WmsNlMtv7aX3nxyoJtP
fmw8LkFy41sYFPsi3XdEPBjM8ofrCDHbkiS9HU64/dmFdJGaNGFwM1qiKLUml18v
5E8Uij5zVfh8BvaR96ALuY3wVJyyaK7BejbkGFuxgyIhCCcklG3a84hlaaNVqELp
8SeVMvRp2k7b/Rm31KRFFsIoJXAyOBcBYcQgdmC9FTewqQOmUgKw5aGgezBliUdW
mRzlQS7Y5DHpOcn9SxZ8ZvL08JPiuIb6KO47Qi/aoXp7KW/7nTNJsSZ0epZnYHqn
39Hbki9c8zv7HDL5L8f6RSOvEBf3KryrZ9jZEUmr37+h2Bk=
-----END CERTIFICATE-----