Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/b92-BTEoxSymoPsR9pBiHZDIa10.roa
File:                     b92-BTEoxSymoPsR9pBiHZDIa10.roa (raw, json)
Hash identifier:          G6ii0Gqzu+yT671baF6jePuAiAielljnSc+GhD05b40=
Subject key identifier:   6F:DD:BE:05:31:28:C5:2C:A6:A0:FB:11:F6:90:62:1D:90:C8:6B:5D
Certificate issuer:       /CN=46d9a0a4b57a0eec7c4e52a119db4b1c656f4db4
Certificate serial:       018CC5005D86A286D8ED05CB7AE588FA3800
Authority key identifier: 46:D9:A0:A4:B5:7A:0E:EC:7C:4E:52:A1:19:DB:4B:1C:65:6F:4D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/b92-BTEoxSymoPsR9pBiHZDIa10.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        83.137.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5d:86:a2:86:d8:ed:05:cb:7a:e5:88:fa:38:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d9a0a4b57a0eec7c4e52a119db4b1c656f4db4
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fddbe053128c52ca6a0fb11f690621d90c86b5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:20:4e:d3:80:9a:26:0c:45:a3:1a:b5:b2:a3:
                    b5:f9:95:9a:54:56:04:a6:7f:e2:8a:6b:f3:be:e2:
                    84:ee:83:e6:db:24:95:f0:22:89:a7:62:af:1b:eb:
                    6c:4d:b8:2a:09:ff:a0:a3:f9:61:93:9e:3e:33:3b:
                    27:59:3a:3d:17:90:a0:32:f4:37:2b:31:b7:43:d7:
                    dd:fa:af:0d:7a:38:d3:e2:b3:98:d4:48:77:bd:99:
                    97:69:8e:39:23:3b:3f:59:19:0b:9d:fc:f4:ac:41:
                    84:4f:2f:ec:d8:5e:e0:17:f1:12:44:db:18:88:2b:
                    4e:34:48:d7:71:32:37:9b:6e:2d:4f:d1:3d:88:c2:
                    de:f9:df:21:05:da:7b:82:ac:76:96:9c:eb:ef:9e:
                    26:15:14:da:2a:88:30:66:fd:20:d5:05:aa:0c:9a:
                    14:33:b9:f0:65:00:68:ce:f3:83:c9:ee:0d:c8:00:
                    ec:96:7e:7d:94:d0:a2:f3:fd:f1:9e:f1:1b:8d:22:
                    85:9a:9b:9e:ff:32:33:43:2d:b9:7d:4a:1a:f3:d7:
                    21:26:04:e3:8c:a7:c7:30:55:52:0e:1d:b5:d7:8e:
                    05:36:85:04:73:4d:af:38:98:c8:05:39:45:c4:d1:
                    1c:2d:1a:41:a9:26:14:09:14:b0:71:51:cd:1f:eb:
                    76:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:DD:BE:05:31:28:C5:2C:A6:A0:FB:11:F6:90:62:1D:90:C8:6B:5D
            X509v3 Authority Key Identifier:
                keyid:46:D9:A0:A4:B5:7A:0E:EC:7C:4E:52:A1:19:DB:4B:1C:65:6F:4D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/b92-BTEoxSymoPsR9pBiHZDIa10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:e0:9c:c0:77:52:7b:be:76:1c:d0:34:5f:9c:0c:0d:55:d2:
         f2:b2:ea:61:0e:50:48:a7:2a:3d:98:4f:bc:3c:27:20:94:cc:
         c7:1b:bf:54:42:a3:bc:41:54:ce:e6:a8:3c:40:fc:b9:4b:c8:
         a2:e0:22:7d:7c:68:eb:07:e1:64:6c:55:4e:6b:f8:09:54:85:
         4e:af:f0:18:aa:8b:58:bc:2b:54:b8:24:2d:4e:d8:4e:93:fe:
         91:af:54:66:87:71:34:1c:d2:71:fe:94:35:57:52:03:30:e5:
         44:64:cf:93:1f:89:8d:a7:1b:00:f1:bf:bb:ba:e5:57:00:73:
         f3:0d:0b:6f:40:15:ca:c4:b4:b0:e4:b1:fd:cc:5e:a8:fc:08:
         ed:9b:69:9a:b8:33:fc:fe:5e:d4:a2:05:1e:5a:1e:5e:4e:aa:
         f4:4f:c5:b6:71:5c:0f:40:14:84:97:53:bc:00:cd:65:f8:88:
         b0:5f:10:d0:fa:a2:f1:18:1a:fa:03:e0:7e:33:dd:54:81:cc:
         f7:58:53:d9:18:80:ba:f6:b4:94:cb:70:77:ed:bd:8d:f2:b5:
         0e:80:9c:0f:ba:fe:c5:58:23:a4:71:c5:14:1d:76:56:11:af:
         69:7f:22:13:45:c4:d5:11:83:37:a1:b4:92:6d:40:1b:d1:33:
         f8:30:a3:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAF2GoobY7QXLeuWI+jgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDlhMGE0YjU3YTBlZWM3YzRlNTJhMTE5ZGI0YjFjNjU2
ZjRkYjQwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmRkYmUwNTMxMjhjNTJjYTZhMGZiMTFmNjkwNjIxZDkwYzg2YjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCBO04CaJgxFoxq1sqO1+ZWaVFYE
pn/iimvzvuKE7oPm2ySV8CKJp2KvG+tsTbgqCf+go/lhk54+MzsnWTo9F5CgMvQ3
KzG3Q9fd+q8NejjT4rOY1Eh3vZmXaY45Izs/WRkLnfz0rEGETy/s2F7gF/ESRNsY
iCtONEjXcTI3m24tT9E9iMLe+d8hBdp7gqx2lpzr754mFRTaKogwZv0g1QWqDJoU
M7nwZQBozvODye4NyADsln59lNCi8/3xnvEbjSKFmpue/zIzQy25fUoa89chJgTj
jKfHMFVSDh21144FNoUEc02vOJjIBTlFxNEcLRpBqSYUCRSwcVHNH+t2MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/dvgUxKMUspqD7EfaQYh2QyGtdMB8GA1UdIwQY
MBaAFEbZoKS1eg7sfE5SoRnbSxxlb020MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRtZ3BMVjZEdXg4VGxLaEdkdExIR1Z2VGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS82NzNiMWQtNmQxNC00ZGY1LTk5YWQt
MmVlMmI3Mjk1ZGZmLzEvYjkyLUJURW94U3ltb1BzUjlwQmlIWkRJYTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS82NzNiMWQtNmQxNC00ZGY1LTk5YWQtMmVlMmI3Mjk1ZGZm
LzEvUnRtZ3BMVjZEdXg4VGxLaEdkdExIR1Z2VGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4nxMA0G
CSqGSIb3DQEBCwUAA4IBAQCt4JzAd1J7vnYc0DRfnAwNVdLysuphDlBIpyo9mE+8
PCcglMzHG79UQqO8QVTO5qg8QPy5S8ii4CJ9fGjrB+FkbFVOa/gJVIVOr/AYqotY
vCtUuCQtTthOk/6Rr1Rmh3E0HNJx/pQ1V1IDMOVEZM+TH4mNpxsA8b+7uuVXAHPz
DQtvQBXKxLSw5LH9zF6o/Ajtm2mauDP8/l7UogUeWh5eTqr0T8W2cVwPQBSEl1O8
AM1l+IiwXxDQ+qLxGBr6A+B+M91Ugcz3WFPZGIC69rSUy3B37b2N8rUOgJwPuv7F
WCOkccUUHXZWEa9pfyITRcTVEYM3obSSbUAb0TP4MKOs
-----END CERTIFICATE-----