Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/_f420PnLHsAxp5Pv7y7lUVpsopA.roa
File:                     _f420PnLHsAxp5Pv7y7lUVpsopA.roa (raw, json)
Hash identifier:          l3XZvYPleaj5x5YJuoyJWe7X32sR4Uq3CFzNI2BwK9A=
Subject key identifier:   FD:FE:36:D0:F9:CB:1E:C0:31:A7:93:EF:EF:2E:E5:51:5A:6C:A2:90
Certificate issuer:       /CN=92253353ba649debee927998ba02c8614399f961
Certificate serial:       018F2E09741B6E139E73862A2CB392F5D421
Authority key identifier: 92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/_f420PnLHsAxp5Pv7y7lUVpsopA.roa
Signing time:             Tue 30 Apr 2024 08:05:22 +0000
ROA not before:           Tue 30 Apr 2024 08:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49367
IP address blocks:        212.104.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:09:74:1b:6e:13:9e:73:86:2a:2c:b3:92:f5:d4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92253353ba649debee927998ba02c8614399f961
        Validity
            Not Before: Apr 30 08:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdfe36d0f9cb1ec031a793efef2ee5515a6ca290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6e:70:68:77:10:33:ee:f4:cc:cd:1f:c5:6c:
                    88:58:3a:5e:24:57:7e:d8:43:61:76:6a:c3:da:97:
                    03:a5:a0:9f:83:55:cf:96:14:ee:75:7c:f7:2f:35:
                    70:7b:0e:68:9f:7f:fe:da:5a:0f:51:fc:6b:f9:98:
                    80:80:41:01:49:7f:0e:02:aa:17:6e:00:db:f1:fe:
                    3d:67:19:ff:09:2f:75:5a:12:5f:4e:d0:a4:31:52:
                    2f:74:ac:b3:fd:26:f7:d5:0b:2c:84:a5:fd:0d:2f:
                    67:4e:b5:50:31:c0:f6:c0:d2:d7:55:7c:ab:81:5c:
                    a6:47:4e:1d:48:6d:f5:76:7a:61:5e:d7:9d:b2:ce:
                    b9:37:f7:d6:cf:b0:f8:0e:c7:35:bb:87:27:37:cc:
                    00:07:00:c5:d5:74:b2:03:52:b2:d2:1e:ad:32:b5:
                    cc:f8:ec:c1:09:7d:fc:4d:f9:79:2a:48:bf:16:72:
                    f6:7f:49:25:0b:32:da:f2:77:c2:0b:b8:a6:01:4b:
                    ff:16:fa:83:8b:ad:e8:e7:8a:de:25:4f:fb:57:9d:
                    dd:95:0c:22:9b:01:04:d9:40:f0:c4:8f:c8:f6:a3:
                    8a:63:59:be:3f:67:4f:d8:c7:72:26:52:aa:e0:58:
                    cd:a6:29:6c:eb:37:f0:e7:ad:41:57:27:ea:95:4e:
                    39:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FE:36:D0:F9:CB:1E:C0:31:A7:93:EF:EF:2E:E5:51:5A:6C:A2:90
            X509v3 Authority Key Identifier:
                keyid:92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/_f420PnLHsAxp5Pv7y7lUVpsopA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:d2:f0:79:59:dc:e6:63:82:45:98:df:81:63:1d:86:ae:92:
         53:f0:c6:fc:a4:dc:ca:8e:bb:47:98:87:31:21:cf:84:2a:a7:
         74:6a:b3:01:d1:5d:c0:50:41:92:6b:bc:55:33:5c:f6:d0:18:
         b8:ee:ad:26:14:4b:d8:17:1f:9f:6e:7d:3f:a7:0a:e5:7b:7f:
         fb:9a:42:36:f9:ce:b6:09:0e:b8:05:82:dd:21:e9:b8:6f:9a:
         53:b3:21:fb:00:58:29:95:28:96:bb:06:f1:6c:71:13:0c:97:
         b1:b6:bb:76:d1:21:c2:ff:e0:74:78:69:c2:17:9d:12:58:0e:
         1b:58:14:38:ec:6a:c2:53:b4:15:89:8b:63:f9:8c:00:fd:ae:
         49:de:a9:45:8b:40:2b:b1:cf:c5:c9:2b:13:42:f2:cb:c4:3c:
         4d:dd:7d:86:3e:e4:03:0a:4b:51:ed:da:e3:2c:93:a6:b0:88:
         88:85:58:d1:e8:d6:c3:bf:0f:80:81:c1:6e:a8:82:21:76:ea:
         72:29:3c:3b:8b:7b:78:47:0e:00:9b:57:27:44:c6:b5:4e:8f:
         64:56:4e:32:57:be:56:f5:68:3f:41:3e:4b:24:31:96:10:b6:
         af:3f:c7:fb:74:24:6f:ca:8c:66:aa:e0:73:35:48:05:7e:90:
         17:99:b5:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8uCXQbbhOec4YqLLOS9dQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjUzMzUzYmE2NDlkZWJlZTkyNzk5OGJhMDJjODYxNDM5
OWY5NjEwHhcNMjQwNDMwMDgwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZlMzZkMGY5Y2IxZWMwMzFhNzkzZWZlZjJlZTU1MTVhNmNhMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5G5waHcQM+70zM0fxWyIWDpeJFd+
2ENhdmrD2pcDpaCfg1XPlhTudXz3LzVwew5on3/+2loPUfxr+ZiAgEEBSX8OAqoX
bgDb8f49Zxn/CS91WhJfTtCkMVIvdKyz/Sb31QsshKX9DS9nTrVQMcD2wNLXVXyr
gVymR04dSG31dnphXtedss65N/fWz7D4Dsc1u4cnN8wABwDF1XSyA1Ky0h6tMrXM
+OzBCX38Tfl5Kki/FnL2f0klCzLa8nfCC7imAUv/FvqDi63o54reJU/7V53dlQwi
mwEE2UDwxI/I9qOKY1m+P2dP2MdyJlKq4FjNpils6zfw561BVyfqlU45+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3+NtD5yx7AMaeT7+8u5VFabKKQMB8GA1UdIwQY
MBaAFJIlM1O6ZJ3r7pJ5mLoCyGFDmflhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYt
Njk5N2IyNTc5YTM0LzEvX2Y0MjBQbkxIc0F4cDVQdjd5N2xVVnBzb3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYtNjk5N2IyNTc5YTM0
LzEva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GiFMA0G
CSqGSIb3DQEBCwUAA4IBAQCH0vB5WdzmY4JFmN+BYx2GrpJT8Mb8pNzKjrtHmIcx
Ic+EKqd0arMB0V3AUEGSa7xVM1z20Bi47q0mFEvYFx+fbn0/pwrle3/7mkI2+c62
CQ64BYLdIem4b5pTsyH7AFgplSiWuwbxbHETDJextrt20SHC/+B0eGnCF50SWA4b
WBQ47GrCU7QViYtj+YwA/a5J3qlFi0Arsc/FySsTQvLLxDxN3X2GPuQDCktR7drj
LJOmsIiIhVjR6NbDvw+AgcFuqIIhdupyKTw7i3t4Rw4Am1cnRMa1To9kVk4yV75W
9Wg/QT5LJDGWELavP8f7dCRvyoxmquBzNUgFfpAXmbXF
-----END CERTIFICATE-----