Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/o20wkF_PTtN8-oHhOMkJBGrTcjM.roa
File:                     o20wkF_PTtN8-oHhOMkJBGrTcjM.roa (raw, json)
Hash identifier:          7rPV2UgWycZod7CIx9C9xR02OIfOoJHJHOD4Gyq90qo=
Subject key identifier:   A3:6D:30:90:5F:CF:4E:D3:7C:FA:81:E1:38:C9:09:04:6A:D3:72:33
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348ACBAFF2A297FD478BF91729BE8BB
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/o20wkF_PTtN8-oHhOMkJBGrTcjM.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        92.119.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ac:ba:ff:2a:29:7f:d4:78:bf:91:72:9b:e8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a36d30905fcf4ed37cfa81e138c909046ad37233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f7:22:12:35:2b:87:35:1c:82:9f:ad:ed:ef:
                    df:37:91:cf:32:93:ae:16:47:9b:10:a9:1d:2a:52:
                    ae:46:83:d1:6c:8d:91:20:41:69:72:8e:ea:7c:50:
                    7a:91:b7:9b:89:5c:43:a5:bb:8e:85:20:97:b9:cc:
                    be:2a:ef:a8:3b:e1:c1:ed:94:a8:02:d9:d5:d5:9a:
                    d6:0c:df:9f:d4:19:bd:71:36:7e:22:6f:0c:99:46:
                    53:ab:bc:35:e5:17:21:53:2e:84:61:62:a8:7d:57:
                    bc:f7:48:e6:02:ed:1f:34:2b:e3:92:36:04:d9:05:
                    67:34:17:a9:18:6f:d6:89:ae:e2:5a:bb:d3:b9:21:
                    d0:4b:7d:19:31:f4:f4:f0:1d:20:1f:f7:2b:80:e8:
                    e7:33:e7:64:c4:84:3a:c1:26:5f:b9:b7:98:ba:c0:
                    0c:95:31:75:b0:43:36:af:50:bc:92:a0:35:11:a7:
                    8f:13:f8:cd:11:3e:63:b9:e4:4a:8e:44:2f:50:f2:
                    78:10:04:57:d9:dd:45:04:59:43:5d:94:9a:74:a2:
                    07:e9:ba:9a:a4:0c:d2:ae:c4:76:7c:f3:7d:62:27:
                    4a:b7:ea:2b:b7:71:4c:79:73:81:e5:38:f8:db:fb:
                    66:9d:65:f2:50:2f:e1:3b:9c:91:75:b4:6b:dc:6b:
                    ab:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:6D:30:90:5F:CF:4E:D3:7C:FA:81:E1:38:C9:09:04:6A:D3:72:33
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/o20wkF_PTtN8-oHhOMkJBGrTcjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:6e:71:b8:64:81:61:5f:7a:0f:a5:09:02:f6:50:7d:1b:2d:
         8f:73:f7:9f:68:17:c0:02:69:f2:3c:a5:e2:ee:d0:60:6d:f5:
         8f:6b:21:2f:2d:b2:6a:d0:a9:c0:35:22:5e:5c:cb:94:ca:a6:
         4f:72:74:a8:61:7a:ec:80:78:4b:8a:56:a8:5b:94:8e:b1:f9:
         aa:31:a7:e7:46:b6:f8:b7:29:6f:65:d6:c2:f0:4b:0b:07:97:
         0b:e8:be:f9:c2:12:3a:cb:04:97:20:05:18:18:39:4b:aa:0b:
         2a:06:b8:f4:37:83:82:93:26:55:3d:ad:ff:58:79:9a:af:5b:
         8f:b0:76:e8:56:87:98:30:c6:83:74:1a:ea:47:ba:77:dc:67:
         de:00:59:3e:7e:6a:77:17:63:c1:0e:84:b4:90:ea:a3:63:ec:
         69:13:ca:7d:c5:20:a9:c4:51:d6:91:cb:64:d5:ed:d9:93:d2:
         24:7a:b8:e1:2d:12:f3:90:4c:93:0d:74:52:77:92:8e:ce:6a:
         49:5c:82:86:2b:4f:c1:28:73:65:ca:eb:66:3c:69:12:13:62:
         07:b0:6b:8e:5d:85:27:c0:d9:70:6d:c4:5f:19:43:13:65:ce:
         9a:61:c5:28:a0:b2:f0:84:15:6e:4d:af:e8:4d:6d:48:44:39:
         37:58:f6:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKy6/yopf9R4v5Fym+i7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzZkMzA5MDVmY2Y0ZWQzN2NmYTgxZTEzOGM5MDkwNDZhZDM3MjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vciEjUrhzUcgp+t7e/fN5HPMpOu
FkebEKkdKlKuRoPRbI2RIEFpco7qfFB6kbebiVxDpbuOhSCXucy+Ku+oO+HB7ZSo
AtnV1ZrWDN+f1Bm9cTZ+Im8MmUZTq7w15RchUy6EYWKofVe890jmAu0fNCvjkjYE
2QVnNBepGG/Wia7iWrvTuSHQS30ZMfT08B0gH/crgOjnM+dkxIQ6wSZfubeYusAM
lTF1sEM2r1C8kqA1EaePE/jNET5jueRKjkQvUPJ4EARX2d1FBFlDXZSadKIH6bqa
pAzSrsR2fPN9YidKt+ort3FMeXOB5Tj42/tmnWXyUC/hO5yRdbRr3GurXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNtMJBfz07TfPqB4TjJCQRq03IzMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvbzIwd2tGX1BUdE44LW9IaE9Na0pCR3JUY2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHckMA0G
CSqGSIb3DQEBCwUAA4IBAQBUbnG4ZIFhX3oPpQkC9lB9Gy2Pc/efaBfAAmnyPKXi
7tBgbfWPayEvLbJq0KnANSJeXMuUyqZPcnSoYXrsgHhLilaoW5SOsfmqMafnRrb4
tylvZdbC8EsLB5cL6L75whI6ywSXIAUYGDlLqgsqBrj0N4OCkyZVPa3/WHmar1uP
sHboVoeYMMaDdBrqR7p33GfeAFk+fmp3F2PBDoS0kOqjY+xpE8p9xSCpxFHWkctk
1e3Zk9IkerjhLRLzkEyTDXRSd5KOzmpJXIKGK0/BKHNlyutmPGkSE2IHsGuOXYUn
wNlwbcRfGUMTZc6aYcUooLLwhBVuTa/oTW1IRDk3WPbT
-----END CERTIFICATE-----