Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/dmSWRJ9b7UfTtCpDcu2mJVuyNH4.roa
File:                     dmSWRJ9b7UfTtCpDcu2mJVuyNH4.roa (raw, json)
Hash identifier:          GelpnLDgkGOUoIEQaRMemTjktffZvZNRK4lFCAd6osc=
Subject key identifier:   76:64:96:44:9F:5B:ED:47:D3:B4:2A:43:72:ED:A6:25:5B:B2:34:7E
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB7C8906425EE77C14F541FAA729B
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/dmSWRJ9b7UfTtCpDcu2mJVuyNH4.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212313
IP address blocks:        92.119.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b7:c8:90:64:25:ee:77:c1:4f:54:1f:aa:72:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=766496449f5bed47d3b42a4372eda6255bb2347e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ec:6d:dc:62:b1:e3:20:1e:5c:26:ab:f9:5e:
                    cc:b8:cb:af:a4:ed:85:2b:1c:17:41:5b:3d:dc:f4:
                    7a:e5:33:ed:13:fc:33:7a:f9:26:ca:31:db:e9:3f:
                    be:10:63:cd:91:d0:13:b4:f1:02:4c:f7:b9:32:d7:
                    0c:b6:77:62:a9:58:6e:1e:2c:31:f4:db:17:96:16:
                    32:58:c0:96:61:6c:9a:02:4d:ed:15:2d:23:ac:6d:
                    7d:18:5c:e7:44:48:51:1a:4d:59:e2:a9:25:70:18:
                    f8:1f:cc:e4:23:f8:db:b5:66:75:32:2d:d1:50:96:
                    d9:ab:3a:a8:06:af:cf:0a:07:48:14:4e:db:1b:a3:
                    1c:b9:a8:77:e2:53:13:b6:04:92:aa:c9:58:e6:ff:
                    62:ed:3f:10:48:1a:56:f1:66:09:b1:71:a2:03:b4:
                    79:c6:eb:3b:97:52:c2:b2:c7:f2:b1:9f:8b:45:6c:
                    14:5e:15:df:cb:ec:b4:71:ee:aa:eb:d1:71:fa:7b:
                    26:99:c6:42:a3:33:bf:0b:35:ca:51:92:ae:01:7c:
                    c5:b9:20:25:44:94:64:51:81:82:c1:ae:df:9d:70:
                    f2:f0:f3:7b:69:69:08:aa:04:d7:ab:4f:b0:e1:d5:
                    8e:ef:be:ce:d4:8a:95:2f:fb:72:f1:46:64:89:a9:
                    cb:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:64:96:44:9F:5B:ED:47:D3:B4:2A:43:72:ED:A6:25:5B:B2:34:7E
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/dmSWRJ9b7UfTtCpDcu2mJVuyNH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:81:1b:0e:17:ec:5d:f3:81:61:29:b0:d2:88:4a:35:fa:40:
         d9:3b:63:62:c4:17:a3:5f:3d:8e:69:53:07:9d:14:38:c2:c5:
         9e:0b:3f:b0:a2:61:e1:09:ea:6c:59:17:95:00:7e:b4:d2:9a:
         dc:11:2e:46:52:47:36:8d:1d:18:d1:b3:4d:25:d7:58:4c:06:
         f4:34:47:23:33:4c:a9:be:af:6d:bb:21:a4:1f:5e:84:68:a1:
         f2:bd:ac:0a:fc:58:b2:9b:22:a3:cb:71:9b:a1:b4:46:00:3f:
         e5:89:c2:5b:b4:e1:6f:c2:6e:21:75:3f:bb:bb:8c:75:d0:7d:
         0d:7e:2c:af:10:72:99:bc:cf:6f:4c:f1:6a:74:bd:48:91:00:
         54:10:50:1a:e1:35:65:21:c0:fd:0c:e0:5f:38:0c:4f:b9:00:
         fc:e5:6e:6b:c3:94:83:de:22:fe:3a:26:80:86:49:b6:cf:27:
         86:72:10:3e:3f:e8:77:c0:ef:56:28:1f:00:bf:f1:ba:06:5a:
         1b:15:11:a1:55:20:fa:74:4c:65:5e:9c:66:7d:92:9a:20:66:
         58:7c:cb:4f:68:13:9f:6d:27:6a:24:f1:1c:20:a6:cb:21:bc:
         65:48:4d:df:94:31:40:d9:ca:92:24:38:47:9b:57:b8:d4:73:
         0a:fe:75:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7fIkGQl7nfBT1QfqnKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjY0OTY0NDlmNWJlZDQ3ZDNiNDJhNDM3MmVkYTYyNTViYjIzNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+xt3GKx4yAeXCar+V7MuMuvpO2F
KxwXQVs93PR65TPtE/wzevkmyjHb6T++EGPNkdATtPECTPe5MtcMtndiqVhuHiwx
9NsXlhYyWMCWYWyaAk3tFS0jrG19GFznREhRGk1Z4qklcBj4H8zkI/jbtWZ1Mi3R
UJbZqzqoBq/PCgdIFE7bG6Mcuah34lMTtgSSqslY5v9i7T8QSBpW8WYJsXGiA7R5
xus7l1LCssfysZ+LRWwUXhXfy+y0ce6q69Fx+nsmmcZCozO/CzXKUZKuAXzFuSAl
RJRkUYGCwa7fnXDy8PN7aWkIqgTXq0+w4dWO777O1IqVL/ty8UZkianL2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZklkSfW+1H07QqQ3LtpiVbsjR+MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvZG1TV1JKOWI3VWZUdENwRGN1Mm1KVnV5Tkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHe5MA0G
CSqGSIb3DQEBCwUAA4IBAQCCgRsOF+xd84FhKbDSiEo1+kDZO2NixBejXz2OaVMH
nRQ4wsWeCz+womHhCepsWReVAH600prcES5GUkc2jR0Y0bNNJddYTAb0NEcjM0yp
vq9tuyGkH16EaKHyvawK/FiymyKjy3GbobRGAD/licJbtOFvwm4hdT+7u4x10H0N
fiyvEHKZvM9vTPFqdL1IkQBUEFAa4TVlIcD9DOBfOAxPuQD85W5rw5SD3iL+OiaA
hkm2zyeGchA+P+h3wO9WKB8Av/G6BlobFRGhVSD6dExlXpxmfZKaIGZYfMtPaBOf
bSdqJPEcIKbLIbxlSE3flDFA2cqSJDhHm1e41HMK/nV0
-----END CERTIFICATE-----