Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/eaa4d0-8d1d-4cc1-8b22-450395fb88fa/1/yxmllm0Qh79AVcCakKVPpQ3bgZQ.roa
File:                     yxmllm0Qh79AVcCakKVPpQ3bgZQ.roa (raw, json)
Hash identifier:          GmGMZUsAKWMBaQXjvbL6FgR6wxsj6O2NcI4x+WTA4MQ=
Subject key identifier:   CB:19:A5:96:6D:10:87:BF:40:55:C0:9A:90:A5:4F:A5:0D:DB:81:94
Certificate issuer:       /CN=9c92aa53d3290aa80379935335db9fcc3ffd29aa
Certificate serial:       0192AF2CBA8FC2DB9515BB276A80DF7FC1DC
Authority key identifier: 9C:92:AA:53:D3:29:0A:A8:03:79:93:53:35:DB:9F:CC:3F:FD:29:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nJKqU9MpCqgDeZNTNdufzD_9Kao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/eaa4d0-8d1d-4cc1-8b22-450395fb88fa/1/yxmllm0Qh79AVcCakKVPpQ3bgZQ.roa
Signing time:             Mon 21 Oct 2024 13:03:17 +0000
ROA not before:           Mon 21 Oct 2024 13:03:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201548
IP address blocks:        185.71.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/eaa4d0-8d1d-4cc1-8b22-450395fb88fa/1/nJKqU9MpCqgDeZNTNdufzD_9Kao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/eaa4d0-8d1d-4cc1-8b22-450395fb88fa/1/nJKqU9MpCqgDeZNTNdufzD_9Kao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nJKqU9MpCqgDeZNTNdufzD_9Kao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:af:2c:ba:8f:c2:db:95:15:bb:27:6a:80:df:7f:c1:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c92aa53d3290aa80379935335db9fcc3ffd29aa
        Validity
            Not Before: Oct 21 13:03:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb19a5966d1087bf4055c09a90a54fa50ddb8194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:03:d4:ef:bc:4b:a2:2f:5a:b8:07:ca:ef:5e:
                    ee:41:56:01:35:b3:21:6e:6b:c1:03:f1:f5:19:f1:
                    7f:9c:3d:ed:61:8b:4c:ad:8b:82:84:a3:79:c7:44:
                    a7:d5:46:fd:fe:e7:af:46:2e:dd:4d:1e:ce:c4:5c:
                    0e:ab:f2:13:89:7d:cf:97:e4:d0:a9:b3:68:4d:ea:
                    97:05:a7:24:32:69:92:d2:a9:c5:13:35:a9:51:76:
                    93:a2:39:a0:88:0d:6e:79:e1:0a:5d:69:de:43:74:
                    95:68:89:16:ad:52:03:e4:3f:03:b3:35:f9:fa:09:
                    1a:ed:d0:c8:c0:18:dc:78:b6:47:d0:2b:7f:5f:4e:
                    95:59:b0:56:b4:11:cb:d8:ba:54:cb:96:1b:c7:7d:
                    33:b0:1e:b2:0a:ca:a2:2f:3c:a6:c1:f6:2c:9d:76:
                    12:68:c7:9e:1c:2f:73:16:ab:1a:8a:c2:39:f3:aa:
                    6b:bb:65:c7:a5:94:dd:64:9a:82:98:34:34:1d:de:
                    83:f7:f3:7b:0f:63:20:d7:d7:cc:23:cd:ea:da:69:
                    ef:6c:5d:85:01:26:51:2d:ab:f4:eb:5c:27:67:2d:
                    f1:ab:8d:d2:6a:a7:5d:f8:03:35:84:c8:d6:ea:6b:
                    50:01:61:41:09:7c:27:94:13:76:bf:d1:a9:cc:48:
                    ad:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:19:A5:96:6D:10:87:BF:40:55:C0:9A:90:A5:4F:A5:0D:DB:81:94
            X509v3 Authority Key Identifier:
                keyid:9C:92:AA:53:D3:29:0A:A8:03:79:93:53:35:DB:9F:CC:3F:FD:29:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nJKqU9MpCqgDeZNTNdufzD_9Kao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/eaa4d0-8d1d-4cc1-8b22-450395fb88fa/1/yxmllm0Qh79AVcCakKVPpQ3bgZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/eaa4d0-8d1d-4cc1-8b22-450395fb88fa/1/nJKqU9MpCqgDeZNTNdufzD_9Kao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:8c:67:7d:db:70:ce:6f:3b:3f:e0:78:01:f8:ec:49:cf:cd:
         d3:81:50:47:f2:71:fa:46:e0:7e:ca:4f:d2:b3:16:8b:80:ae:
         2a:d0:5e:fc:2b:56:65:32:d4:8e:1d:22:df:85:45:30:ad:91:
         6f:77:2c:67:de:27:a2:97:4a:7a:34:49:99:23:a1:37:de:a1:
         af:cd:66:0e:cc:80:f9:7b:9c:48:2e:62:58:89:63:25:27:dd:
         0a:51:33:89:b6:0b:a1:f8:7e:52:42:85:fb:e8:06:9f:a9:27:
         a5:63:d4:12:03:57:5c:ed:b3:aa:ea:10:67:70:f4:22:c5:d2:
         8f:4e:04:a5:96:df:d3:00:05:c7:41:7d:f0:7c:18:9e:fd:3c:
         06:58:30:83:8a:c1:12:ea:bd:5e:bc:6b:bf:bc:4f:de:3e:ee:
         a0:01:7f:bf:dd:26:3c:3b:ed:79:f1:48:20:d7:11:5f:ed:cc:
         e4:49:8c:35:76:ce:04:05:d4:85:59:6c:f8:a5:a2:b4:b0:07:
         f8:1c:ba:ca:49:83:6d:63:b9:12:ce:31:7b:ee:1d:51:b6:5a:
         03:89:be:f1:05:f2:af:9b:95:77:cb:72:22:c9:08:ac:fe:61:
         41:aa:59:66:a0:d0:70:f9:d8:a6:62:75:b4:a2:4d:7c:37:ae:
         dc:7d:a9:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKvLLqPwtuVFbsnaoDff8HcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOTJhYTUzZDMyOTBhYTgwMzc5OTM1MzM1ZGI5ZmNjM2Zm
ZDI5YWEwHhcNMjQxMDIxMTMwMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjE5YTU5NjZkMTA4N2JmNDA1NWMwOWE5MGE1NGZhNTBkZGI4MTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQPU77xLoi9auAfK717uQVYBNbMh
bmvBA/H1GfF/nD3tYYtMrYuChKN5x0Sn1Ub9/uevRi7dTR7OxFwOq/ITiX3Pl+TQ
qbNoTeqXBackMmmS0qnFEzWpUXaTojmgiA1ueeEKXWneQ3SVaIkWrVID5D8DszX5
+gka7dDIwBjceLZH0Ct/X06VWbBWtBHL2LpUy5Ybx30zsB6yCsqiLzymwfYsnXYS
aMeeHC9zFqsaisI586pru2XHpZTdZJqCmDQ0Hd6D9/N7D2Mg19fMI83q2mnvbF2F
ASZRLav061wnZy3xq43Saqdd+AM1hMjW6mtQAWFBCXwnlBN2v9GpzEit3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsZpZZtEIe/QFXAmpClT6UN24GUMB8GA1UdIwQY
MBaAFJySqlPTKQqoA3mTUzXbn8w//SmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkpLcVU5TXBDcWdEZVpOVE5kdWZ6RF85S2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lYWE0ZDAtOGQxZC00Y2MxLThiMjIt
NDUwMzk1ZmI4OGZhLzEveXhtbGxtMFFoNzlBVmNDYWtLVlBwUTNiZ1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lYWE0ZDAtOGQxZC00Y2MxLThiMjItNDUwMzk1ZmI4OGZh
LzEvbkpLcVU5TXBDcWdEZVpOVE5kdWZ6RF85S2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUcoMA0G
CSqGSIb3DQEBCwUAA4IBAQAAjGd923DObzs/4HgB+OxJz83TgVBH8nH6RuB+yk/S
sxaLgK4q0F78K1ZlMtSOHSLfhUUwrZFvdyxn3ieil0p6NEmZI6E33qGvzWYOzID5
e5xILmJYiWMlJ90KUTOJtguh+H5SQoX76AafqSelY9QSA1dc7bOq6hBncPQixdKP
TgSllt/TAAXHQX3wfBie/TwGWDCDisES6r1evGu/vE/ePu6gAX+/3SY8O+158Ugg
1xFf7czkSYw1ds4EBdSFWWz4paK0sAf4HLrKSYNtY7kSzjF77h1RtloDib7xBfKv
m5V3y3IiyQis/mFBqllmoNBw+dimYnW0ok18N67cfal5
-----END CERTIFICATE-----