Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e82de9-25f4-466e-9c0c-c08997a7a08f/1/L3o1yUxBVPNjeHq1LrtOoE8Wru8.roa
File:                     L3o1yUxBVPNjeHq1LrtOoE8Wru8.roa (raw, json)
Hash identifier:          /7arThK4oDTbvcp/8V+QA6sexWp8b7Odbw3b8r2rAqc=
Subject key identifier:   2F:7A:35:C9:4C:41:54:F3:63:78:7A:B5:2E:BB:4E:A0:4F:16:AE:EF
Certificate issuer:       /CN=814edbd19634cbb91a0d2dafd759d4c9a7e77b7a
Certificate serial:       018CC9BBAA3241B0BCF52C20BC92FC37E6B9
Authority key identifier: 81:4E:DB:D1:96:34:CB:B9:1A:0D:2D:AF:D7:59:D4:C9:A7:E7:7B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gU7b0ZY0y7kaDS2v11nUyafne3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e82de9-25f4-466e-9c0c-c08997a7a08f/1/L3o1yUxBVPNjeHq1LrtOoE8Wru8.roa
Signing time:             Tue 02 Jan 2024 10:32:48 +0000
ROA not before:           Tue 02 Jan 2024 10:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202837
IP address blocks:        45.92.15.0/24 maxlen: 24
                          45.92.14.0/24 maxlen: 24
                          45.92.13.0/24 maxlen: 24
                          45.92.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e82de9-25f4-466e-9c0c-c08997a7a08f/1/gU7b0ZY0y7kaDS2v11nUyafne3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e82de9-25f4-466e-9c0c-c08997a7a08f/1/gU7b0ZY0y7kaDS2v11nUyafne3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gU7b0ZY0y7kaDS2v11nUyafne3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:aa:32:41:b0:bc:f5:2c:20:bc:92:fc:37:e6:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=814edbd19634cbb91a0d2dafd759d4c9a7e77b7a
        Validity
            Not Before: Jan  2 10:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f7a35c94c4154f363787ab52ebb4ea04f16aeef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:94:b9:c2:a8:ea:d5:71:15:c9:7c:90:99:
                    3e:2a:ac:eb:ff:32:12:ab:94:82:4d:ad:a5:7f:e5:
                    de:3f:99:93:7d:6a:49:d7:df:da:f9:8d:1c:f4:e5:
                    07:4c:2d:1d:02:70:e6:9e:dd:29:9e:2a:d9:97:94:
                    d7:43:41:16:bd:cd:64:86:11:fb:45:30:e2:f0:ea:
                    32:34:4a:4a:e1:ed:64:c3:37:ff:33:3e:95:f9:9c:
                    5b:56:5e:b5:70:16:3d:cf:94:f7:76:9c:45:bc:bb:
                    77:98:1a:c2:10:0f:4a:50:6b:27:41:74:9b:9d:59:
                    da:4b:03:b1:31:4f:8d:8b:2f:4c:4c:47:66:af:50:
                    b5:dd:b8:a9:1c:61:de:cf:0f:eb:34:1a:94:e7:61:
                    39:b4:38:aa:19:34:43:5c:eb:f4:8a:c2:c3:f7:a0:
                    bd:b4:d1:c2:b1:98:a2:96:7d:41:ad:2b:6e:da:00:
                    8b:28:84:29:1a:be:1e:33:00:5e:65:8d:14:ba:92:
                    dc:a0:18:26:cb:62:07:7b:f4:7b:e8:97:9a:4e:d8:
                    38:29:14:b6:33:1c:a3:ec:f5:f7:8b:62:a4:ef:fb:
                    f4:6f:f1:3a:1f:3c:cd:9a:0e:57:33:ce:a8:87:8b:
                    d0:1f:a8:21:d4:6d:3a:c8:10:cc:cf:5c:1d:b3:32:
                    47:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7A:35:C9:4C:41:54:F3:63:78:7A:B5:2E:BB:4E:A0:4F:16:AE:EF
            X509v3 Authority Key Identifier:
                keyid:81:4E:DB:D1:96:34:CB:B9:1A:0D:2D:AF:D7:59:D4:C9:A7:E7:7B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gU7b0ZY0y7kaDS2v11nUyafne3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e82de9-25f4-466e-9c0c-c08997a7a08f/1/L3o1yUxBVPNjeHq1LrtOoE8Wru8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e82de9-25f4-466e-9c0c-c08997a7a08f/1/gU7b0ZY0y7kaDS2v11nUyafne3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:ba:05:34:2a:c5:6f:88:b9:ab:37:40:84:f2:95:00:1b:bd:
         61:03:33:cf:ee:e1:53:59:88:0c:72:d2:a8:21:de:9d:5c:13:
         1e:7b:32:eb:71:ab:86:50:9e:64:a7:11:0b:4d:9f:72:25:1b:
         5a:24:69:12:37:73:a0:1c:0d:2e:dd:70:d5:02:9d:d4:6e:b1:
         6d:ea:f1:09:77:73:74:e7:22:ce:c2:16:7e:1c:17:f9:e2:a3:
         a9:67:3a:9e:b1:9e:a2:cb:50:ca:93:fb:d5:42:57:02:24:83:
         0a:5f:94:20:8e:f8:f4:9f:70:f6:80:5a:d4:71:b8:be:85:ef:
         67:60:44:a4:76:25:e1:62:75:b3:b4:b7:64:f3:1c:4d:ad:b1:
         b9:96:7b:15:49:cb:0c:48:ff:9c:b0:6b:dd:70:73:02:8a:13:
         9f:e7:24:ca:8a:b5:67:2d:13:64:2d:9d:05:68:11:f5:79:38:
         d4:e8:51:33:9b:22:bc:d7:45:71:72:5f:f6:bc:aa:6f:fb:81:
         1a:8e:52:11:00:d4:c0:5b:98:db:9b:e0:73:0c:16:92:9f:e4:
         1c:b3:90:40:ff:2f:c9:61:ea:2f:20:f7:a7:95:72:5e:75:44:
         8b:db:24:85:a2:90:71:03:95:60:1e:f6:fc:3c:30:ca:8b:73:
         76:a0:0c:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu6oyQbC89SwgvJL8N+a5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNGVkYmQxOTYzNGNiYjkxYTBkMmRhZmQ3NTlkNGM5YTdl
NzdiN2EwHhcNMjQwMTAyMTAzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdhMzVjOTRjNDE1NGYzNjM3ODdhYjUyZWJiNGVhMDRmMTZhZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwKUucKo6tVxFcl8kJk+Kqzr/zIS
q5SCTa2lf+XeP5mTfWpJ19/a+Y0c9OUHTC0dAnDmnt0pnirZl5TXQ0EWvc1khhH7
RTDi8OoyNEpK4e1kwzf/Mz6V+ZxbVl61cBY9z5T3dpxFvLt3mBrCEA9KUGsnQXSb
nVnaSwOxMU+Niy9MTEdmr1C13bipHGHezw/rNBqU52E5tDiqGTRDXOv0isLD96C9
tNHCsZiiln1BrStu2gCLKIQpGr4eMwBeZY0UupLcoBgmy2IHe/R76JeaTtg4KRS2
Mxyj7PX3i2Kk7/v0b/E6HzzNmg5XM86oh4vQH6gh1G06yBDMz1wdszJH1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC96NclMQVTzY3h6tS67TqBPFq7vMB8GA1UdIwQY
MBaAFIFO29GWNMu5Gg0tr9dZ1Mmn53t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1U3YjBaWTB5N2thRFMydjExblV5YWZuZTNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lODJkZTktMjVmNC00NjZlLTljMGMt
YzA4OTk3YTdhMDhmLzEvTDNvMXlVeEJWUE5qZUhxMUxydE9vRThXcnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lODJkZTktMjVmNC00NjZlLTljMGMtYzA4OTk3YTdhMDhm
LzEvZ1U3YjBaWTB5N2thRFMydjExblV5YWZuZTNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVwMMA0G
CSqGSIb3DQEBCwUAA4IBAQCkugU0KsVviLmrN0CE8pUAG71hAzPP7uFTWYgMctKo
Id6dXBMeezLrcauGUJ5kpxELTZ9yJRtaJGkSN3OgHA0u3XDVAp3UbrFt6vEJd3N0
5yLOwhZ+HBf54qOpZzqesZ6iy1DKk/vVQlcCJIMKX5Qgjvj0n3D2gFrUcbi+he9n
YESkdiXhYnWztLdk8xxNrbG5lnsVScsMSP+csGvdcHMCihOf5yTKirVnLRNkLZ0F
aBH1eTjU6FEzmyK810Vxcl/2vKpv+4EajlIRANTAW5jbm+BzDBaSn+Qcs5BA/y/J
YeovIPenlXJedUSL2ySFopBxA5VgHvb8PDDKi3N2oAyv
-----END CERTIFICATE-----