Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/ogMmYxWuuth8uzHI-1JYR54mKLs.roa
File:                     ogMmYxWuuth8uzHI-1JYR54mKLs.roa (raw, json)
Hash identifier:          J5m47QMDuJVQLxqXk5rIic5joAcAdUsOy2MyT0zaWeo=
Subject key identifier:   A2:03:26:63:15:AE:BA:D8:7C:BB:31:C8:FB:52:58:47:9E:26:28:BB
Certificate issuer:       /CN=0692c5f16313653425bc467105875e3a297cff9b
Certificate serial:       018E5292A191518E28D72316272BFA0387C0
Authority key identifier: 06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/ogMmYxWuuth8uzHI-1JYR54mKLs.roa
Signing time:             Mon 18 Mar 2024 17:18:45 +0000
ROA not before:           Mon 18 Mar 2024 17:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        92.42.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:52:92:a1:91:51:8e:28:d7:23:16:27:2b:fa:03:87:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0692c5f16313653425bc467105875e3a297cff9b
        Validity
            Not Before: Mar 18 17:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a203266315aebad87cbb31c8fb5258479e2628bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:43:34:f6:ec:38:a3:37:ef:92:ab:86:97:9b:
                    21:f9:84:07:a6:ab:b1:af:22:6e:ef:c0:16:e7:b0:
                    2d:13:ed:42:4f:f0:04:69:88:47:80:c8:82:95:c0:
                    f5:c7:5a:34:be:de:56:e1:d3:b4:25:5c:1f:92:b9:
                    e5:c1:f5:af:87:f0:9b:68:81:b7:4f:ae:4f:26:85:
                    4c:c1:68:cc:8d:fe:e8:61:7f:30:07:90:7e:93:f3:
                    e3:53:bc:34:b9:95:48:be:1f:69:81:34:c6:c0:34:
                    48:7d:16:47:6e:bd:b2:b8:61:ef:73:27:2e:f3:e5:
                    7f:f3:bf:28:13:b2:15:e4:57:d0:99:7d:20:66:c7:
                    ab:ec:3f:24:50:8a:39:a8:9b:c4:70:9a:00:f4:c7:
                    e3:9f:7e:72:e5:ab:5c:64:c7:b2:a6:76:98:29:29:
                    0a:eb:fc:66:bc:1e:79:b3:c2:29:ea:2c:ca:33:e4:
                    93:3a:55:24:2e:41:ab:3e:05:35:60:96:43:97:b5:
                    d6:11:9b:30:41:48:e7:da:f9:8c:24:ca:4b:d5:b8:
                    be:6d:1a:42:18:e8:9c:a4:6b:72:98:8d:22:67:af:
                    d7:98:d7:29:ac:d1:c4:cc:7e:ce:e8:8f:33:59:c0:
                    8b:92:cd:43:9d:08:f7:18:b7:08:dc:9f:8d:5b:80:
                    66:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:03:26:63:15:AE:BA:D8:7C:BB:31:C8:FB:52:58:47:9E:26:28:BB
            X509v3 Authority Key Identifier:
                keyid:06:92:C5:F1:63:13:65:34:25:BC:46:71:05:87:5E:3A:29:7C:FF:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpLF8WMTZTQlvEZxBYdeOil8_5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/ogMmYxWuuth8uzHI-1JYR54mKLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/779928-881c-433a-b243-c9f57e959ef1/1/BpLF8WMTZTQlvEZxBYdeOil8_5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a8:fb:7a:d1:f9:e1:c5:60:a3:23:a7:1d:49:12:59:21:58:
         8a:18:c4:3b:6a:12:e4:19:20:04:28:ea:ca:a2:86:99:ab:c0:
         45:02:53:ea:4c:c8:8e:5a:58:6e:0a:ed:16:7e:b8:fa:d2:6b:
         c7:23:d6:b2:ea:39:77:ee:8c:be:a9:c3:45:a2:e9:36:5b:3e:
         0e:56:56:c3:ad:2a:fe:6b:8f:e1:0d:9e:03:a7:a9:bf:43:c8:
         e6:4b:61:6d:1c:5e:f2:f3:e0:08:4c:ca:43:08:df:35:28:85:
         81:3f:0e:cf:ef:38:02:81:46:06:31:49:39:83:68:90:26:cb:
         33:5d:4f:f9:a9:4d:dd:e7:c5:89:e3:8c:81:ac:2f:ed:45:75:
         98:da:cd:2f:f6:9f:37:d9:46:19:12:2a:4b:9c:33:1a:ab:28:
         9a:26:52:28:ef:9e:38:26:1d:67:eb:eb:08:4b:a9:13:43:f8:
         fa:62:52:9d:e3:18:8c:f3:81:9e:9b:ea:63:9b:7b:66:ea:7d:
         b9:50:d4:e3:1f:ff:d3:b9:26:02:65:ff:cf:27:bb:f6:f8:1d:
         b9:f9:1d:3b:a6:28:0f:a3:24:21:e6:8c:16:60:9c:5a:90:40:
         db:42:8f:3c:10:f8:f0:9f:78:bd:a5:1f:67:46:e5:ef:d7:49:
         b3:88:8e:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5SkqGRUY4o1yMWJyv6A4fAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTJjNWYxNjMxMzY1MzQyNWJjNDY3MTA1ODc1ZTNhMjk3
Y2ZmOWIwHhcNMjQwMzE4MTcxODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAzMjY2MzE1YWViYWQ4N2NiYjMxYzhmYjUyNTg0NzllMjYyOGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEM09uw4ozfvkquGl5sh+YQHpqux
ryJu78AW57AtE+1CT/AEaYhHgMiClcD1x1o0vt5W4dO0JVwfkrnlwfWvh/CbaIG3
T65PJoVMwWjMjf7oYX8wB5B+k/PjU7w0uZVIvh9pgTTGwDRIfRZHbr2yuGHvcycu
8+V/878oE7IV5FfQmX0gZser7D8kUIo5qJvEcJoA9Mfjn35y5atcZMeypnaYKSkK
6/xmvB55s8Ip6izKM+STOlUkLkGrPgU1YJZDl7XWEZswQUjn2vmMJMpL1bi+bRpC
GOicpGtymI0iZ6/XmNcprNHEzH7O6I8zWcCLks1DnQj3GLcI3J+NW4BmewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIDJmMVrrrYfLsxyPtSWEeeJii7MB8GA1UdIwQY
MBaAFAaSxfFjE2U0JbxGcQWHXjopfP+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMt
YzlmNTdlOTU5ZWYxLzEvb2dNbVl4V3V1dGg4dXpISS0xSllSNTRtS0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Nzk5MjgtODgxYy00MzNhLWIyNDMtYzlmNTdlOTU5ZWYx
LzEvQnBMRjhXTVRaVFFsdkVaeEJZZGVPaWw4XzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCpgMA0G
CSqGSIb3DQEBCwUAA4IBAQAqqPt60fnhxWCjI6cdSRJZIViKGMQ7ahLkGSAEKOrK
ooaZq8BFAlPqTMiOWlhuCu0Wfrj60mvHI9ay6jl37oy+qcNFouk2Wz4OVlbDrSr+
a4/hDZ4Dp6m/Q8jmS2FtHF7y8+AITMpDCN81KIWBPw7P7zgCgUYGMUk5g2iQJssz
XU/5qU3d58WJ44yBrC/tRXWY2s0v9p832UYZEipLnDMaqyiaJlIo7544Jh1n6+sI
S6kTQ/j6YlKd4xiM84Gem+pjm3tm6n25UNTjH//TuSYCZf/PJ7v2+B25+R07pigP
oyQh5owWYJxakEDbQo88EPjwn3i9pR9nRuXv10mziI7c
-----END CERTIFICATE-----