Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/BktgDjkKfmbCZf-oXx9ENCCGWuA.roa
File:                     BktgDjkKfmbCZf-oXx9ENCCGWuA.roa (raw, json)
Hash identifier:          U0Tq9dxFQ/g+ONwPFeRIgMoYNrmpZ+juaiUEZhEl6jI=
Subject key identifier:   06:4B:60:0E:39:0A:7E:66:C2:65:FF:A8:5F:1F:44:34:20:86:5A:E0
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       01925BDE00AC5AFD2CAB9FAFB5DD8D6C6C63
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/BktgDjkKfmbCZf-oXx9ENCCGWuA.roa
Signing time:             Sat 05 Oct 2024 08:48:48 +0000
ROA not before:           Sat 05 Oct 2024 08:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        5.42.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5b:de:00:ac:5a:fd:2c:ab:9f:af:b5:dd:8d:6c:6c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Oct  5 08:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=064b600e390a7e66c265ffa85f1f443420865ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:99:33:ae:ea:d4:59:00:5a:c6:f9:ff:c7:06:
                    80:3c:38:8f:e2:08:19:13:76:31:55:7c:36:46:ac:
                    3e:1c:64:9e:69:d3:6f:3f:87:3b:6f:39:3f:67:00:
                    f5:ad:cd:14:ea:80:4f:47:e8:23:34:c1:2a:71:11:
                    2c:cf:1a:e5:59:b6:f4:b0:d5:6f:8b:68:68:e6:51:
                    a4:73:2b:0a:1e:3d:b1:a7:42:1b:80:23:0e:30:d2:
                    37:3d:af:18:f9:2d:99:82:5c:cc:9c:f5:6b:09:d8:
                    c5:bc:c2:57:da:73:ac:18:9e:7f:2f:9a:f0:1a:d8:
                    2f:e6:99:a1:c5:bc:fb:89:bb:df:31:83:23:75:bb:
                    db:9a:46:59:e5:ea:80:13:3c:e5:f2:c4:48:55:c9:
                    74:70:52:cb:5b:0e:3b:49:5f:ef:6a:d9:ad:71:a7:
                    08:61:a1:1c:42:d1:9e:18:38:9f:3a:df:d6:6d:76:
                    ac:8d:a8:cf:91:0a:45:83:e5:46:78:5f:4d:41:09:
                    98:e4:7f:e4:af:be:5e:cb:57:00:88:76:db:76:08:
                    77:4d:b8:a4:01:b3:d1:6b:8a:b6:a2:32:62:03:82:
                    c5:0b:24:32:89:79:a5:47:f6:f6:9c:5c:bb:e2:ce:
                    13:9c:f5:65:0b:72:98:0c:ce:b4:a7:90:17:04:ec:
                    fe:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4B:60:0E:39:0A:7E:66:C2:65:FF:A8:5F:1F:44:34:20:86:5A:E0
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/BktgDjkKfmbCZf-oXx9ENCCGWuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:be:09:36:16:0d:ba:92:99:d0:20:d4:4c:de:2d:5c:6f:09:
         96:18:17:71:a7:8e:1b:be:16:9a:45:b2:83:4e:5b:60:f5:b5:
         d0:22:8a:22:67:88:81:5f:d6:d1:89:68:e2:bf:61:0f:f4:79:
         07:84:37:bc:4b:38:00:67:46:06:f3:44:e7:ad:45:8b:db:7d:
         41:81:cb:60:73:08:34:27:7a:78:c8:ff:50:59:72:1d:04:2d:
         5e:87:19:6f:c1:50:5f:5b:b5:49:88:b2:1a:cf:87:a8:0c:4f:
         1f:df:57:2b:b3:59:3c:9a:0d:fd:18:9d:a6:94:45:f0:16:59:
         4b:c4:c6:31:a6:17:ca:18:b9:53:16:15:01:e7:7c:45:61:cb:
         1e:c4:25:f9:8a:00:89:ed:c0:72:ab:97:cd:93:3c:b9:ff:65:
         83:a4:36:17:48:f8:b5:27:98:df:03:73:ce:98:ac:45:1b:d0:
         66:eb:60:a8:7c:c6:37:80:a3:52:bd:a1:3f:84:06:54:e7:21:
         7c:ca:ea:d5:25:97:af:bf:4f:59:99:4d:4c:67:23:e3:7b:c8:
         07:23:4d:53:ab:f1:79:07:57:f2:fa:44:e8:3e:a5:5b:c3:07:
         17:53:39:01:0d:54:fe:83:dc:ec:2a:99:a8:ae:34:a9:37:67:
         b4:ea:63:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJb3gCsWv0sq5+vtd2NbGxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQxMDA1MDg0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjRiNjAwZTM5MGE3ZTY2YzI2NWZmYTg1ZjFmNDQzNDIwODY1YWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZkzrurUWQBaxvn/xwaAPDiP4ggZ
E3YxVXw2Rqw+HGSeadNvP4c7bzk/ZwD1rc0U6oBPR+gjNMEqcREszxrlWbb0sNVv
i2ho5lGkcysKHj2xp0IbgCMOMNI3Pa8Y+S2ZglzMnPVrCdjFvMJX2nOsGJ5/L5rw
Gtgv5pmhxbz7ibvfMYMjdbvbmkZZ5eqAEzzl8sRIVcl0cFLLWw47SV/vatmtcacI
YaEcQtGeGDifOt/WbXasjajPkQpFg+VGeF9NQQmY5H/kr75ey1cAiHbbdgh3Tbik
AbPRa4q2ojJiA4LFCyQyiXmlR/b2nFy74s4TnPVlC3KYDM60p5AXBOz+swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZLYA45Cn5mwmX/qF8fRDQghlrgMB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvQmt0Z0Rqa0tmbWJDWmYtb1h4OUVOQ0NHV3VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSpcMA0G
CSqGSIb3DQEBCwUAA4IBAQBxvgk2Fg26kpnQINRM3i1cbwmWGBdxp44bvhaaRbKD
Tltg9bXQIooiZ4iBX9bRiWjiv2EP9HkHhDe8SzgAZ0YG80TnrUWL231Bgctgcwg0
J3p4yP9QWXIdBC1ehxlvwVBfW7VJiLIaz4eoDE8f31crs1k8mg39GJ2mlEXwFllL
xMYxphfKGLlTFhUB53xFYcsexCX5igCJ7cByq5fNkzy5/2WDpDYXSPi1J5jfA3PO
mKxFG9Bm62CofMY3gKNSvaE/hAZU5yF8yurVJZevv09ZmU1MZyPje8gHI01Tq/F5
B1fy+kToPqVbwwcXUzkBDVT+g9zsKpmorjSpN2e06mPT
-----END CERTIFICATE-----