Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/5O0UiD_W3tjgR9ssx2_M3oXSAqs.roa
File:                     5O0UiD_W3tjgR9ssx2_M3oXSAqs.roa (raw, json)
Hash identifier:          gAGUmwLvei624zjz2Ru7prJo+tns2dqLybNdH1gm80g=
Subject key identifier:   E4:ED:14:88:3F:D6:DE:D8:E0:47:DB:2C:C7:6F:CC:DE:85:D2:02:AB
Certificate issuer:       /CN=a8e4918fc7fdfb73bba8cf58d4cb5fe449cf83f6
Certificate serial:       019425FD8C26B994B78BAC65C178B38C2149
Authority key identifier: A8:E4:91:8F:C7:FD:FB:73:BB:A8:CF:58:D4:CB:5F:E4:49:CF:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/5O0UiD_W3tjgR9ssx2_M3oXSAqs.roa
Signing time:             Thu 02 Jan 2025 07:49:21 +0000
ROA not before:           Thu 02 Jan 2025 07:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        92.205.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:8c:26:b9:94:b7:8b:ac:65:c1:78:b3:8c:21:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e4918fc7fdfb73bba8cf58d4cb5fe449cf83f6
        Validity
            Not Before: Jan  2 07:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4ed14883fd6ded8e047db2cc76fccde85d202ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:53:5d:80:3e:3d:0b:af:37:8b:45:1b:3f:5d:
                    5c:76:0f:c4:59:2a:27:4e:5b:5e:64:25:86:06:1a:
                    4b:ae:32:a3:e1:d5:0d:77:78:31:7c:36:be:a9:c9:
                    8a:d5:19:2b:98:39:c5:43:d1:a2:d0:9b:01:86:ec:
                    9a:0f:dc:2e:ce:23:7a:46:ec:51:3e:95:87:8a:99:
                    13:28:ec:11:ef:13:d0:c3:ba:7f:45:0a:b9:cb:26:
                    53:84:8c:78:4b:1e:6b:51:49:6e:0f:4b:c2:07:eb:
                    dc:21:9a:91:f0:60:4a:0e:0e:f4:36:64:58:9f:8b:
                    93:e6:77:74:7b:9a:89:42:46:62:12:c4:de:e9:a8:
                    db:57:87:7f:fe:bb:42:2a:90:5c:6e:cf:3e:af:bd:
                    04:10:d4:c0:7e:df:4f:a5:85:b1:6a:19:6e:28:d1:
                    60:1b:7c:41:29:15:a3:2a:13:c8:33:aa:6f:b7:d6:
                    20:43:07:f0:99:bb:25:58:d8:b8:1d:3b:6e:58:41:
                    b5:4f:66:ae:97:c2:a0:12:a1:29:48:0d:d8:5d:d7:
                    3f:76:b6:e1:96:03:4a:b8:98:a1:4f:b6:da:ac:ee:
                    d0:05:10:b2:07:03:f7:e3:05:07:8f:2e:ba:15:75:
                    87:9f:f8:2c:80:55:f9:98:de:ee:11:48:a7:c8:04:
                    8b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:ED:14:88:3F:D6:DE:D8:E0:47:DB:2C:C7:6F:CC:DE:85:D2:02:AB
            X509v3 Authority Key Identifier:
                keyid:A8:E4:91:8F:C7:FD:FB:73:BB:A8:CF:58:D4:CB:5F:E4:49:CF:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/5O0UiD_W3tjgR9ssx2_M3oXSAqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.205.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:cc:05:ce:7e:39:0c:ba:5f:dd:04:6e:5d:e1:f5:f3:23:b1:
         46:2f:e5:4f:92:23:b0:51:fa:1a:1b:35:a6:de:a5:8b:c7:4f:
         32:13:17:2c:d8:08:ed:24:ee:78:21:b8:fc:65:eb:2e:e9:32:
         4e:74:aa:d7:56:dd:c7:9b:78:fb:5d:c5:04:d8:b3:bd:f6:67:
         cd:ec:f9:ad:17:08:e2:68:00:64:16:bb:85:5e:16:25:77:6d:
         15:d3:33:b8:0d:4b:62:0f:d1:ee:12:a6:3c:db:69:be:fe:53:
         e4:d5:ef:fa:59:61:df:e0:21:06:53:0f:8e:7f:5a:a1:71:ea:
         0f:6a:6f:7a:d1:f8:9d:ed:0e:db:fe:87:d7:f3:d7:97:96:00:
         af:58:ed:23:39:88:4a:cd:fe:a2:6d:03:14:16:d1:5e:4e:e5:
         4d:54:2b:93:40:95:71:7f:db:46:ff:4e:f0:07:a7:ff:bf:11:
         3f:04:c7:fa:94:86:09:af:5e:e3:6c:89:97:7f:1e:aa:d5:9f:
         76:a5:79:af:22:d6:9a:e6:85:ac:94:a2:be:91:cd:70:26:f3:
         82:8b:30:5b:34:e9:02:87:2b:3f:53:fa:47:95:1c:93:83:1f:
         64:a8:94:eb:8c:c0:47:1c:16:0b:bd:17:97:08:a0:c3:f9:4d:
         8b:70:89:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/YwmuZS3i6xlwXizjCFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTQ5MThmYzdmZGZiNzNiYmE4Y2Y1OGQ0Y2I1ZmU0NDlj
ZjgzZjYwHhcNMjUwMTAyMDc0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGVkMTQ4ODNmZDZkZWQ4ZTA0N2RiMmNjNzZmY2NkZTg1ZDIwMmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlNdgD49C683i0UbP11cdg/EWSon
TlteZCWGBhpLrjKj4dUNd3gxfDa+qcmK1RkrmDnFQ9Gi0JsBhuyaD9wuziN6RuxR
PpWHipkTKOwR7xPQw7p/RQq5yyZThIx4Sx5rUUluD0vCB+vcIZqR8GBKDg70NmRY
n4uT5nd0e5qJQkZiEsTe6ajbV4d//rtCKpBcbs8+r70EENTAft9PpYWxahluKNFg
G3xBKRWjKhPIM6pvt9YgQwfwmbslWNi4HTtuWEG1T2aul8KgEqEpSA3YXdc/drbh
lgNKuJihT7barO7QBRCyBwP34wUHjy66FXWHn/gsgFX5mN7uEUinyASLMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTtFIg/1t7Y4EfbLMdvzN6F0gKrMB8GA1UdIwQY
MBaAFKjkkY/H/ftzu6jPWNTLX+RJz4P2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9TUmo4ZjktM083cU05WTFNdGY1RW5QZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xODVlYjMtMmFiMi00NWI1LWFhMzMt
MDE1ZWE1MDE5NTIwLzEvNU8wVWlEX1czdGpnUjlzc3gyX00zb1hTQXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xODVlYjMtMmFiMi00NWI1LWFhMzMtMDE1ZWE1MDE5NTIw
LzEvcU9TUmo4ZjktM083cU05WTFNdGY1RW5QZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXM11MA0G
CSqGSIb3DQEBCwUAA4IBAQCxzAXOfjkMul/dBG5d4fXzI7FGL+VPkiOwUfoaGzWm
3qWLx08yExcs2AjtJO54Ibj8Zesu6TJOdKrXVt3Hm3j7XcUE2LO99mfN7PmtFwji
aABkFruFXhYld20V0zO4DUtiD9HuEqY822m+/lPk1e/6WWHf4CEGUw+Of1qhceoP
am960fid7Q7b/ofX89eXlgCvWO0jOYhKzf6ibQMUFtFeTuVNVCuTQJVxf9tG/07w
B6f/vxE/BMf6lIYJr17jbImXfx6q1Z92pXmvItaa5oWslKK+kc1wJvOCizBbNOkC
hys/U/pHlRyTgx9kqJTrjMBHHBYLvReXCKDD+U2LcIm2
-----END CERTIFICATE-----