Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/lSbcgBTZUSMGftb49C0qPsyM920.roa
File:                     lSbcgBTZUSMGftb49C0qPsyM920.roa (raw, json)
Hash identifier:          O5Siqeh5WHzmH1yheIBTr15Ug7zVWOC5TDIPmHO+F0k=
Subject key identifier:   95:26:DC:80:14:D9:51:23:06:7E:D6:F8:F4:2D:2A:3E:CC:8C:F7:6D
Certificate issuer:       /CN=d8fc6e45181d839fd10e4a902762f26c9a646796
Certificate serial:       018CCA2A6A1110E59C6123E316C76A46AF38
Authority key identifier: D8:FC:6E:45:18:1D:83:9F:D1:0E:4A:90:27:62:F2:6C:9A:64:67:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/lSbcgBTZUSMGftb49C0qPsyM920.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48586
IP address blocks:        80.92.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6a:11:10:e5:9c:61:23:e3:16:c7:6a:46:af:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8fc6e45181d839fd10e4a902762f26c9a646796
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9526dc8014d95123067ed6f8f42d2a3ecc8cf76d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1e:08:3b:db:4d:2f:fb:5c:92:49:52:c3:75:
                    e0:a1:b2:1c:bf:f6:6b:ba:75:1f:be:92:b1:95:a7:
                    d5:d6:23:a5:38:b9:06:1b:28:5e:ca:c5:02:55:be:
                    87:60:fa:a0:df:46:67:15:3d:ee:ac:df:61:bb:a1:
                    c1:a2:e2:a5:c2:76:b8:40:3f:e6:7c:e1:e7:67:8e:
                    5b:e7:1f:41:89:a1:5b:1f:56:fa:fb:d3:05:19:e0:
                    b3:f8:f9:6b:3f:a1:94:ee:04:22:89:dd:b1:b1:9c:
                    15:2e:ab:13:3b:53:02:a6:8e:60:05:0c:68:43:e6:
                    30:64:53:a1:3e:7a:6f:d2:0f:94:b8:f7:c2:9a:fa:
                    9a:f0:36:d3:ab:a4:36:e7:83:9a:4a:39:27:6e:96:
                    bc:8f:03:9c:9f:64:54:c1:43:21:30:af:bb:e0:5c:
                    75:a2:7c:e9:3a:48:09:0e:96:27:11:19:1d:cb:db:
                    60:b7:1a:8a:6c:ca:a0:9c:cc:d4:0b:d2:34:07:a4:
                    a6:71:1e:6a:f6:e1:5a:2a:f7:c8:22:ae:1f:7c:da:
                    ff:be:9f:c7:b8:cf:1c:6d:47:8f:29:f9:2d:6d:e5:
                    78:36:cd:ef:76:00:ca:55:09:fd:03:8d:75:07:ee:
                    80:aa:2d:60:86:82:23:4d:97:56:a1:4b:86:30:b4:
                    c6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:26:DC:80:14:D9:51:23:06:7E:D6:F8:F4:2D:2A:3E:CC:8C:F7:6D
            X509v3 Authority Key Identifier:
                keyid:D8:FC:6E:45:18:1D:83:9F:D1:0E:4A:90:27:62:F2:6C:9A:64:67:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/lSbcgBTZUSMGftb49C0qPsyM920.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/62343c-edbe-4a8a-84f2-7eb2eb85b84a/1/2PxuRRgdg5_RDkqQJ2LybJpkZ5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:11:02:73:99:49:52:ab:11:9f:bf:e0:42:0f:4a:4e:3b:9f:
         a2:e0:70:ff:93:0c:d7:fe:ff:f2:86:d1:24:cb:b9:80:de:44:
         a5:7e:5d:71:0b:b8:d2:f3:88:c9:05:65:a9:65:00:77:72:9d:
         ad:72:70:18:59:87:f6:72:ab:fa:c4:00:e7:ad:30:27:73:69:
         76:87:89:f6:b4:f3:f3:6d:dc:a6:7a:34:10:10:40:6e:85:71:
         e5:1a:de:45:97:c6:99:93:55:cc:c0:65:ca:d6:f6:f2:b2:29:
         3a:3f:88:cf:aa:e5:2f:dd:a6:e6:fe:a6:5f:3f:7e:30:2c:3d:
         b8:e1:79:00:04:7e:b2:29:25:f7:b4:2c:94:0e:84:cc:d0:e8:
         78:ca:b5:92:96:19:64:76:6e:64:1c:b2:c5:2c:e2:a8:e4:ca:
         b5:37:4b:4f:04:c8:ce:cb:c9:eb:7a:d9:dc:ca:c8:be:95:02:
         52:15:f7:71:b0:ce:ac:71:ec:e8:95:63:91:ad:28:41:61:93:
         f5:dd:27:a0:85:3f:d4:ac:c6:52:3a:09:8c:21:0c:99:1b:f1:
         54:f3:d9:4c:da:e1:41:1b:b8:3e:33:38:46:ac:35:fc:87:aa:
         a3:db:7a:e2:f8:ec:9d:95:c7:2f:7a:b6:81:76:44:18:f4:44:
         8b:b7:fb:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmoREOWcYSPjFsdqRq84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZmM2ZTQ1MTgxZDgzOWZkMTBlNGE5MDI3NjJmMjZjOWE2
NDY3OTYwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTI2ZGM4MDE0ZDk1MTIzMDY3ZWQ2ZjhmNDJkMmEzZWNjOGNmNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhx4IO9tNL/tckklSw3XgobIcv/Zr
unUfvpKxlafV1iOlOLkGGyheysUCVb6HYPqg30ZnFT3urN9hu6HBouKlwna4QD/m
fOHnZ45b5x9BiaFbH1b6+9MFGeCz+PlrP6GU7gQiid2xsZwVLqsTO1MCpo5gBQxo
Q+YwZFOhPnpv0g+UuPfCmvqa8DbTq6Q254OaSjknbpa8jwOcn2RUwUMhMK+74Fx1
onzpOkgJDpYnERkdy9tgtxqKbMqgnMzUC9I0B6SmcR5q9uFaKvfIIq4ffNr/vp/H
uM8cbUePKfktbeV4Ns3vdgDKVQn9A411B+6Aqi1ghoIjTZdWoUuGMLTGIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUm3IAU2VEjBn7W+PQtKj7MjPdtMB8GA1UdIwQY
MBaAFNj8bkUYHYOf0Q5KkCdi8myaZGeWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlB4dVJSZ2RnNV9SRGtxUUoyTHliSnBrWjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MjM0M2MtZWRiZS00YThhLTg0ZjIt
N2ViMmViODViODRhLzEvbFNiY2dCVFpVU01HZnRiNDlDMHFQc3lNOTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MjM0M2MtZWRiZS00YThhLTg0ZjItN2ViMmViODViODRh
LzEvMlB4dVJSZ2RnNV9SRGtxUUoyTHliSnBrWjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFzPMA0G
CSqGSIb3DQEBCwUAA4IBAQA+EQJzmUlSqxGfv+BCD0pOO5+i4HD/kwzX/v/yhtEk
y7mA3kSlfl1xC7jS84jJBWWpZQB3cp2tcnAYWYf2cqv6xADnrTAnc2l2h4n2tPPz
bdymejQQEEBuhXHlGt5Fl8aZk1XMwGXK1vbysik6P4jPquUv3abm/qZfP34wLD24
4XkABH6yKSX3tCyUDoTM0Oh4yrWSlhlkdm5kHLLFLOKo5Mq1N0tPBMjOy8nretnc
ysi+lQJSFfdxsM6scezolWORrShBYZP13SeghT/UrMZSOgmMIQyZG/FU89lM2uFB
G7g+MzhGrDX8h6qj23ri+OydlccveraBdkQY9ESLt/uk
-----END CERTIFICATE-----