Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/B_-7ho9QuVyLg_U_gPqfl4swqLI.roa
File:                     B_-7ho9QuVyLg_U_gPqfl4swqLI.roa (raw, json)
Hash identifier:          oF/SVAgVz0ypcxed7zAvV4COoebiFc7NSDQbhLkK+dE=
Subject key identifier:   07:FF:BB:86:8F:50:B9:5C:8B:83:F5:3F:80:FA:9F:97:8B:30:A8:B2
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E90A510E69FAB12915AD3A2882350
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/B_-7ho9QuVyLg_U_gPqfl4swqLI.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43391
IP address blocks:        92.45.72.0/24 maxlen: 24
                          92.45.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:90:a5:10:e6:9f:ab:12:91:5a:d3:a2:88:23:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07ffbb868f50b95c8b83f53f80fa9f978b30a8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:17:61:de:bf:cc:f9:d4:03:ce:a5:84:21:68:
                    d9:70:08:b6:68:34:d2:99:8e:fe:01:c2:90:44:eb:
                    49:5e:05:fa:a8:59:34:05:2e:18:41:f4:95:17:67:
                    98:32:7d:a5:07:ee:2a:01:9c:1e:0f:1a:94:b5:c3:
                    50:8f:14:12:8e:09:34:d2:9f:79:ff:5e:9b:74:db:
                    c3:66:34:57:b9:ae:60:f8:7c:90:6c:f2:9c:ad:d1:
                    c6:dd:a2:cf:b3:af:13:b3:4a:c6:7b:d2:2f:88:88:
                    83:6c:72:5d:f3:e3:0a:6d:09:dd:f2:de:31:a4:d5:
                    25:e0:f0:c1:65:65:8f:b4:08:5f:69:6f:67:90:4a:
                    ea:61:29:f3:c6:ed:95:c0:d8:26:fb:66:2d:7e:57:
                    92:e1:16:ca:ff:03:d1:ea:ec:31:99:37:bd:11:dc:
                    da:99:36:51:79:98:98:33:38:5c:5f:c8:67:ac:bf:
                    8e:fb:3e:6a:d7:19:c0:c6:c1:cb:8e:6f:d4:d2:7f:
                    b7:13:42:30:8c:d3:5a:a2:c0:a1:d6:94:01:e7:3d:
                    87:ef:5d:36:97:35:58:24:c7:93:9c:d5:8a:6f:96:
                    77:c6:4a:35:61:cd:3b:b0:ac:87:73:40:b6:6b:49:
                    9c:bb:92:dd:f9:4f:f4:21:a0:6f:ae:a1:af:a2:4f:
                    8e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FF:BB:86:8F:50:B9:5C:8B:83:F5:3F:80:FA:9F:97:8B:30:A8:B2
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/B_-7ho9QuVyLg_U_gPqfl4swqLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.45.58.0/24
                  92.45.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:19:6a:8d:e1:19:a1:86:98:59:9e:01:83:36:83:d0:83:21:
         a5:a9:61:b4:ff:14:6e:68:a1:d6:71:c0:c3:96:81:3a:ed:82:
         fa:f2:0a:16:10:36:9a:a5:bf:bc:7d:bb:f5:ae:2e:d3:59:08:
         a0:11:32:b4:5a:15:27:33:2f:53:ab:b3:00:4b:c2:ab:eb:4b:
         0c:a9:78:af:bf:9f:37:16:70:d1:0f:3d:5d:d7:ac:4a:a1:51:
         96:30:4a:63:20:d9:da:e2:bf:18:59:a8:cf:b5:4d:3f:51:69:
         aa:0b:f1:df:1d:ef:a1:e1:44:3e:94:8f:74:01:e9:ed:e6:93:
         1a:77:71:18:fc:d3:27:b0:d7:2f:dd:5e:57:b7:03:f9:0b:c1:
         7c:77:55:be:75:6e:6e:eb:34:e3:2d:9a:bc:57:55:e1:da:c5:
         37:d9:d7:5e:b5:38:d4:0a:1b:0b:30:a2:e5:43:b9:0d:2b:56:
         4e:fa:6c:08:23:33:2a:3e:89:04:8e:6a:e6:1a:29:74:ae:cc:
         90:29:3b:3d:4a:cf:1b:23:4a:7a:51:e8:d7:6b:c2:2c:63:45:
         f5:85:cb:24:6c:b9:a3:ac:e3:8f:de:c5:38:4b:12:2b:04:82:
         be:27:9e:c4:c3:e5:6a:4a:e8:3c:fa:c6:1e:07:0b:eb:24:6e:
         47:3f:7e:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbpClEOafqxKRWtOiiCNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZmYmI4NjhmNTBiOTVjOGI4M2Y1M2Y4MGZhOWY5NzhiMzBhOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBdh3r/M+dQDzqWEIWjZcAi2aDTS
mY7+AcKQROtJXgX6qFk0BS4YQfSVF2eYMn2lB+4qAZweDxqUtcNQjxQSjgk00p95
/16bdNvDZjRXua5g+HyQbPKcrdHG3aLPs68Ts0rGe9IviIiDbHJd8+MKbQnd8t4x
pNUl4PDBZWWPtAhfaW9nkErqYSnzxu2VwNgm+2YtfleS4RbK/wPR6uwxmTe9Edza
mTZReZiYMzhcX8hnrL+O+z5q1xnAxsHLjm/U0n+3E0IwjNNaosCh1pQB5z2H7102
lzVYJMeTnNWKb5Z3xko1Yc07sKyHc0C2a0mcu5Ld+U/0IaBvrqGvok+OTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAf/u4aPULlci4P1P4D6n5eLMKiyMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvQl8tN2hvOVF1VnlMZ19VX2dQcWZsNHN3cUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXC06AwQA
XC1IMA0GCSqGSIb3DQEBCwUAA4IBAQBzGWqN4RmhhphZngGDNoPQgyGlqWG0/xRu
aKHWccDDloE67YL68goWEDaapb+8fbv1ri7TWQigETK0WhUnMy9Tq7MAS8Kr60sM
qXivv583FnDRDz1d16xKoVGWMEpjINna4r8YWajPtU0/UWmqC/HfHe+h4UQ+lI90
Aent5pMad3EY/NMnsNcv3V5XtwP5C8F8d1W+dW5u6zTjLZq8V1Xh2sU32ddetTjU
ChsLMKLlQ7kNK1ZO+mwIIzMqPokEjmrmGil0rsyQKTs9Ss8bI0p6UejXa8IsY0X1
hcskbLmjrOOP3sU4SxIrBIK+J57Ew+VqSug8+sYeBwvrJG5HP36j
-----END CERTIFICATE-----