Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/lo9NpnoAbjvqzccgOA4ptg28uD0.roa
File:                     lo9NpnoAbjvqzccgOA4ptg28uD0.roa (raw, json)
Hash identifier:          TDbswLXzbNE8Ll982QVGXEUVeemgn/zxWKID2dq7QCg=
Subject key identifier:   96:8F:4D:A6:7A:00:6E:3B:EA:CD:C7:20:38:0E:29:B6:0D:BC:B8:3D
Certificate issuer:       /CN=7d0ac334438a53d18ae40efc9368768b931cfac2
Certificate serial:       018CC725B67E38B6412BF08D44246F6B2A82
Authority key identifier: 7D:0A:C3:34:43:8A:53:D1:8A:E4:0E:FC:93:68:76:8B:93:1C:FA:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQrDNEOKU9GK5A78k2h2i5Mc-sI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/lo9NpnoAbjvqzccgOA4ptg28uD0.roa
Signing time:             Mon 01 Jan 2024 22:29:46 +0000
ROA not before:           Mon 01 Jan 2024 22:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208134
IP address blocks:        45.92.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/fQrDNEOKU9GK5A78k2h2i5Mc-sI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/fQrDNEOKU9GK5A78k2h2i5Mc-sI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQrDNEOKU9GK5A78k2h2i5Mc-sI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b6:7e:38:b6:41:2b:f0:8d:44:24:6f:6b:2a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d0ac334438a53d18ae40efc9368768b931cfac2
        Validity
            Not Before: Jan  1 22:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=968f4da67a006e3beacdc720380e29b60dbcb83d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6e:ef:f8:15:71:db:16:c5:d8:22:97:ba:0a:
                    e4:9a:0a:d0:ae:40:90:5a:5b:af:26:64:14:d3:0b:
                    20:65:b1:eb:ad:8a:6b:95:0e:39:df:6d:2c:dc:25:
                    85:cf:9f:14:08:e1:15:98:98:95:76:1b:fc:fc:2b:
                    e6:92:2a:d5:36:7e:77:6c:5d:86:4e:c8:c7:6c:e7:
                    99:06:9f:96:e9:fb:df:2d:79:5a:eb:f1:01:a1:6d:
                    56:56:f6:dc:96:8f:3f:bd:41:b1:16:8a:13:12:89:
                    89:61:e7:a8:9c:eb:92:68:b7:33:f5:ad:18:5f:bc:
                    fc:92:16:ef:70:e0:06:94:11:af:bd:14:dd:65:89:
                    6f:b2:f5:86:c4:37:98:b1:69:c2:a1:ba:f5:72:ff:
                    02:70:bc:b8:7f:83:29:52:9d:15:2a:52:23:53:f3:
                    fb:cc:b9:dc:51:3b:09:67:86:46:ef:c1:a2:5d:89:
                    1a:ad:c8:5d:2f:9c:88:8e:0e:c3:76:78:c6:9d:ff:
                    d7:df:bb:67:c7:e2:77:21:43:81:2d:37:49:ff:ee:
                    47:08:60:b6:78:16:2a:2e:e8:af:4f:27:28:62:d0:
                    07:a7:e4:9d:8d:8c:48:4d:b7:46:70:7f:c0:6f:26:
                    6f:3b:94:59:29:e0:ce:e9:59:26:45:68:5a:65:78:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8F:4D:A6:7A:00:6E:3B:EA:CD:C7:20:38:0E:29:B6:0D:BC:B8:3D
            X509v3 Authority Key Identifier:
                keyid:7D:0A:C3:34:43:8A:53:D1:8A:E4:0E:FC:93:68:76:8B:93:1C:FA:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQrDNEOKU9GK5A78k2h2i5Mc-sI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/lo9NpnoAbjvqzccgOA4ptg28uD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f26fd1-b375-426c-af79-b519b131bf85/1/fQrDNEOKU9GK5A78k2h2i5Mc-sI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:ff:a9:ef:0a:9e:6d:81:7b:99:55:23:15:12:88:13:8f:20:
         e3:74:82:70:53:71:26:6c:ed:5f:35:92:60:95:cc:78:31:75:
         07:e7:e2:fb:73:47:f1:c4:42:53:70:32:fd:f1:3d:4a:c5:cb:
         48:e4:8b:5c:4e:72:7e:1a:f6:bc:ac:5f:04:cd:db:9d:3d:49:
         8c:80:a7:ad:8e:53:b3:eb:a1:11:87:2d:ff:9d:94:73:df:ab:
         57:83:4d:60:d1:16:c9:12:88:32:fe:b2:fa:d0:d8:1c:2b:a2:
         17:55:8e:ac:c1:b6:b8:bf:ca:1d:b2:a6:3c:2b:ed:d5:64:ba:
         a2:e2:44:66:0d:20:de:02:f2:25:c7:60:dc:d5:a9:cd:d7:ac:
         16:a7:6a:0a:56:b7:ba:12:2d:e0:b6:69:a3:9b:96:f0:02:af:
         4c:8e:e4:41:f8:31:85:52:53:46:51:eb:1a:5b:7c:81:d0:25:
         2f:e3:f4:b3:6b:ae:aa:da:75:23:60:6b:90:6b:90:54:dc:e9:
         7c:6e:a1:49:9d:bb:47:a4:24:0e:36:ff:e2:d8:85:b3:9a:8f:
         b3:f5:2e:25:ab:11:e4:bc:28:cf:3f:ce:f7:dd:c7:6f:3e:d1:
         a0:58:cb:2f:b8:da:81:00:55:2c:18:8b:46:53:84:30:fc:81:
         9e:e9:46:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbZ+OLZBK/CNRCRvayqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMGFjMzM0NDM4YTUzZDE4YWU0MGVmYzkzNjg3NjhiOTMx
Y2ZhYzIwHhcNMjQwMTAxMjIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhmNGRhNjdhMDA2ZTNiZWFjZGM3MjAzODBlMjliNjBkYmNiODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m7v+BVx2xbF2CKXugrkmgrQrkCQ
WluvJmQU0wsgZbHrrYprlQ45320s3CWFz58UCOEVmJiVdhv8/CvmkirVNn53bF2G
TsjHbOeZBp+W6fvfLXla6/EBoW1WVvbclo8/vUGxFooTEomJYeeonOuSaLcz9a0Y
X7z8khbvcOAGlBGvvRTdZYlvsvWGxDeYsWnCobr1cv8CcLy4f4MpUp0VKlIjU/P7
zLncUTsJZ4ZG78GiXYkarchdL5yIjg7DdnjGnf/X37tnx+J3IUOBLTdJ/+5HCGC2
eBYqLuivTycoYtAHp+SdjYxITbdGcH/AbyZvO5RZKeDO6VkmRWhaZXg5rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaPTaZ6AG476s3HIDgOKbYNvLg9MB8GA1UdIwQY
MBaAFH0KwzRDilPRiuQO/JNodouTHPrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFyRE5FT0tVOUdLNUE3OGsyaDJpNU1jLXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9mMjZmZDEtYjM3NS00MjZjLWFmNzkt
YjUxOWIxMzFiZjg1LzEvbG85TnBub0FianZxemNjZ09BNHB0ZzI4dUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9mMjZmZDEtYjM3NS00MjZjLWFmNzktYjUxOWIxMzFiZjg1
LzEvZlFyRE5FT0tVOUdLNUE3OGsyaDJpNU1jLXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVyIMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ/6nvCp5tgXuZVSMVEogTjyDjdIJwU3EmbO1fNZJg
lcx4MXUH5+L7c0fxxEJTcDL98T1KxctI5ItcTnJ+Gva8rF8EzdudPUmMgKetjlOz
66ERhy3/nZRz36tXg01g0RbJEogy/rL60NgcK6IXVY6swba4v8odsqY8K+3VZLqi
4kRmDSDeAvIlx2Dc1anN16wWp2oKVre6Ei3gtmmjm5bwAq9MjuRB+DGFUlNGUesa
W3yB0CUv4/Sza66q2nUjYGuQa5BU3Ol8bqFJnbtHpCQONv/i2IWzmo+z9S4lqxHk
vCjPP8733cdvPtGgWMsvuNqBAFUsGItGU4Qw/IGe6Ub5
-----END CERTIFICATE-----