Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/hyo_psvmOOkQR912IsGu6oZhTOU.roa
File:                     hyo_psvmOOkQR912IsGu6oZhTOU.roa (raw, json)
Hash identifier:          xOsOwVzmqA/vaWpddamBn74IuDgdqA80HUVszD0H6vA=
Subject key identifier:   87:2A:3F:A6:CB:E6:38:E9:10:47:DD:76:22:C1:AE:EA:86:61:4C:E5
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       019118B0C94C88EA201CBAD15AF88739C79C
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/hyo_psvmOOkQR912IsGu6oZhTOU.roa
Signing time:             Sat 03 Aug 2024 14:42:04 +0000
ROA not before:           Sat 03 Aug 2024 14:42:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        92.42.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:18:b0:c9:4c:88:ea:20:1c:ba:d1:5a:f8:87:39:c7:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Aug  3 14:42:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=872a3fa6cbe638e91047dd7622c1aeea86614ce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6b:1d:86:ee:30:a2:c2:cd:68:03:f3:f7:e7:
                    d2:f0:df:d9:5c:36:16:d2:fe:97:99:75:82:7c:ff:
                    0f:7b:d3:5c:ac:d1:f8:da:1b:6f:81:9b:8f:71:08:
                    d1:f9:65:4f:50:db:aa:e4:97:54:91:3f:4f:d7:54:
                    53:94:66:d4:90:5e:a4:da:d2:79:a6:6d:4f:dc:98:
                    e8:47:c9:01:2f:e9:11:90:8a:94:9a:91:13:52:b2:
                    58:96:54:4a:84:51:e3:6c:0d:57:27:95:3a:c6:f4:
                    ab:97:ad:89:e9:ef:5f:ca:12:bc:a5:29:be:21:28:
                    d0:9a:c8:4d:d1:94:3d:3f:55:e8:5a:fb:bf:02:fc:
                    cf:2c:34:83:50:3c:df:3d:69:ca:d5:90:0d:f5:18:
                    4a:fa:ba:bd:36:47:2f:f9:f8:c4:63:04:82:63:80:
                    2c:3e:cc:b5:4e:36:c3:4e:a2:80:b6:f1:fb:9f:ea:
                    b6:84:d8:c8:ce:3d:a9:78:73:97:a2:5a:7a:db:64:
                    1c:1f:7e:9c:c6:ec:f9:1e:44:3a:f6:37:46:b4:d2:
                    0c:74:e2:fd:3f:49:49:e3:b1:c4:d7:0c:a4:ca:40:
                    68:c7:1d:0d:89:be:75:54:8b:db:fd:08:6a:b7:1c:
                    ca:fb:e9:7a:80:9c:50:c7:7f:04:ab:e0:d5:e9:73:
                    e6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2A:3F:A6:CB:E6:38:E9:10:47:DD:76:22:C1:AE:EA:86:61:4C:E5
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/hyo_psvmOOkQR912IsGu6oZhTOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:f6:e0:a9:de:a2:14:4d:0c:b6:2c:b1:61:4d:74:a6:4e:a8:
         5c:c5:f0:ae:8a:eb:6d:28:3d:5b:86:e2:51:bf:01:66:4e:11:
         c0:7e:f9:a9:36:b5:b4:6d:c3:ce:f6:fe:6a:9c:19:28:79:9c:
         6f:4b:dd:72:f3:0d:b8:b1:dd:42:a2:57:48:d7:75:91:a9:6d:
         41:19:6b:47:26:e5:31:df:89:b8:94:1e:85:09:ab:d2:28:f9:
         10:cb:34:42:9d:97:cd:b4:b8:a2:79:31:93:f2:82:9f:ef:c3:
         7c:8c:6c:3d:95:ba:ab:99:ee:d7:7d:55:84:97:7a:69:6b:fd:
         2d:e3:44:34:4b:1e:ac:3a:d4:56:66:56:0c:0c:0a:d9:46:84:
         71:e1:c1:e8:65:30:12:a9:ae:b0:23:51:21:33:83:01:55:42:
         d7:8d:16:6f:42:d6:84:07:a6:e0:7b:93:d8:03:4a:45:a9:aa:
         8f:df:b7:99:a7:02:a0:eb:b0:72:aa:a2:32:26:8f:ec:44:45:
         b2:d3:b6:44:cd:57:56:ee:ac:b5:93:7a:f0:07:f5:f5:e5:f8:
         f3:52:fc:46:e4:78:51:b5:ae:a2:a0:dc:5d:f8:58:35:48:07:
         b4:b2:81:26:68:36:de:e6:9a:8c:21:95:dd:88:09:c0:db:24:
         4f:86:7e:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEYsMlMiOogHLrRWviHOcecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwODAzMTQ0MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJhM2ZhNmNiZTYzOGU5MTA0N2RkNzYyMmMxYWVlYTg2NjE0Y2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Gsdhu4wosLNaAPz9+fS8N/ZXDYW
0v6XmXWCfP8Pe9NcrNH42htvgZuPcQjR+WVPUNuq5JdUkT9P11RTlGbUkF6k2tJ5
pm1P3JjoR8kBL+kRkIqUmpETUrJYllRKhFHjbA1XJ5U6xvSrl62J6e9fyhK8pSm+
ISjQmshN0ZQ9P1XoWvu/AvzPLDSDUDzfPWnK1ZAN9RhK+rq9Nkcv+fjEYwSCY4As
Psy1TjbDTqKAtvH7n+q2hNjIzj2peHOXolp622QcH36cxuz5HkQ69jdGtNIMdOL9
P0lJ47HE1wykykBoxx0Nib51VIvb/QhqtxzK++l6gJxQx38Eq+DV6XPmdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcqP6bL5jjpEEfddiLBruqGYUzlMB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvaHlvX3Bzdm1PT2tRUjkxMklzR3U2b1poVE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCpgMA0G
CSqGSIb3DQEBCwUAA4IBAQB+9uCp3qIUTQy2LLFhTXSmTqhcxfCuiuttKD1bhuJR
vwFmThHAfvmpNrW0bcPO9v5qnBkoeZxvS91y8w24sd1ColdI13WRqW1BGWtHJuUx
34m4lB6FCavSKPkQyzRCnZfNtLiieTGT8oKf78N8jGw9lbqrme7XfVWEl3ppa/0t
40Q0Sx6sOtRWZlYMDArZRoRx4cHoZTASqa6wI1EhM4MBVULXjRZvQtaEB6bge5PY
A0pFqaqP37eZpwKg67ByqqIyJo/sREWy07ZEzVdW7qy1k3rwB/X15fjzUvxG5HhR
ta6ioNxd+Fg1SAe0soEmaDbe5pqMIZXdiAnA2yRPhn5A
-----END CERTIFICATE-----