Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/45d97e-40fe-47e0-b2e6-8a72a1b6af85/1/839xkpeKNuy84i8X4AkiBw2GJS0.roa
File:                     839xkpeKNuy84i8X4AkiBw2GJS0.roa (raw, json)
Hash identifier:          GdoZFHkiwsLL8gm2t0ibCuQsPTe00UKgY2KIRawUe7g=
Subject key identifier:   F3:7F:71:92:97:8A:36:EC:BC:E2:2F:17:E0:09:22:07:0D:86:25:2D
Certificate issuer:       /CN=392f6ee6ee346c31912b7630dab14ce53c4e0c99
Certificate serial:       019208E27D54155380B70027C7732D46ACBD
Authority key identifier: 39:2F:6E:E6:EE:34:6C:31:91:2B:76:30:DA:B1:4C:E5:3C:4E:0C:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OS9u5u40bDGRK3Yw2rFM5TxODJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/45d97e-40fe-47e0-b2e6-8a72a1b6af85/1/839xkpeKNuy84i8X4AkiBw2GJS0.roa
Signing time:             Thu 19 Sep 2024 06:05:13 +0000
ROA not before:           Thu 19 Sep 2024 06:05:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60475
IP address blocks:        193.168.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/45d97e-40fe-47e0-b2e6-8a72a1b6af85/1/OS9u5u40bDGRK3Yw2rFM5TxODJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/45d97e-40fe-47e0-b2e6-8a72a1b6af85/1/OS9u5u40bDGRK3Yw2rFM5TxODJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OS9u5u40bDGRK3Yw2rFM5TxODJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:08:e2:7d:54:15:53:80:b7:00:27:c7:73:2d:46:ac:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=392f6ee6ee346c31912b7630dab14ce53c4e0c99
        Validity
            Not Before: Sep 19 06:05:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f37f7192978a36ecbce22f17e00922070d86252d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:54:4e:8b:f3:db:3a:37:70:7b:2c:1e:5b:e1:
                    c0:9a:03:51:67:4b:46:f9:ca:4e:6f:de:41:12:64:
                    4b:8f:24:58:ae:5f:f0:1c:52:52:58:04:dd:72:0d:
                    0c:e0:54:81:88:53:cf:4e:fa:54:be:44:d5:e7:95:
                    92:1a:15:10:c6:ad:ef:a6:e1:93:60:24:d2:93:06:
                    15:10:39:e6:42:76:bf:63:6d:f9:19:2a:26:ee:e8:
                    bd:ff:b5:d8:dc:cf:a9:59:7b:9b:29:ad:49:31:7c:
                    13:f6:9d:52:1c:05:45:06:be:cf:af:e0:68:94:64:
                    83:95:7e:54:14:52:77:52:8f:50:95:65:b1:e0:88:
                    10:81:b4:36:64:fb:63:69:bc:bd:2e:8e:7d:63:36:
                    c3:f7:e7:66:11:3d:98:e9:09:b8:3a:b9:e9:a8:33:
                    55:e5:9f:f5:06:19:5d:6d:7e:cf:89:bf:9e:2f:ff:
                    82:1e:b6:1a:60:dc:5a:73:9f:8d:e0:14:c9:ee:d3:
                    5e:47:3b:4d:3f:70:cf:ad:db:5d:62:6a:cc:17:df:
                    89:4e:1a:94:cb:15:eb:c3:d2:e4:44:59:af:b2:b6:
                    8e:73:d0:9e:ff:e0:06:3a:9e:04:6e:35:97:58:06:
                    e8:63:93:a7:dc:8d:19:c3:af:ff:39:86:0a:06:3a:
                    5c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:7F:71:92:97:8A:36:EC:BC:E2:2F:17:E0:09:22:07:0D:86:25:2D
            X509v3 Authority Key Identifier:
                keyid:39:2F:6E:E6:EE:34:6C:31:91:2B:76:30:DA:B1:4C:E5:3C:4E:0C:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OS9u5u40bDGRK3Yw2rFM5TxODJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/45d97e-40fe-47e0-b2e6-8a72a1b6af85/1/839xkpeKNuy84i8X4AkiBw2GJS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/45d97e-40fe-47e0-b2e6-8a72a1b6af85/1/OS9u5u40bDGRK3Yw2rFM5TxODJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b4:fb:16:2f:11:f0:48:d3:b2:df:d2:39:20:09:86:25:7e:
         10:95:2d:ac:c6:86:6c:bf:e3:57:ad:53:14:f5:ab:ee:b0:68:
         fc:42:44:91:70:22:b5:92:49:d3:e9:cf:cb:2c:b7:07:20:14:
         73:41:dd:49:ce:dc:83:3f:0b:ec:0c:8b:46:3b:47:b6:ee:42:
         ba:11:c3:20:d0:fd:8b:a5:cc:af:0d:63:8c:59:4e:c6:38:1a:
         8a:aa:60:95:3f:39:14:d9:12:a1:28:e6:31:e7:46:9a:84:72:
         e8:00:3e:40:2a:9c:97:1a:38:37:d3:41:c4:25:2e:db:28:42:
         e9:e1:fd:53:3a:17:24:06:26:10:01:5e:1f:3f:02:fe:14:70:
         82:94:c0:c3:4e:34:26:ca:90:a0:cc:f9:c9:f4:93:b6:3a:96:
         53:1b:ba:fc:43:8c:8a:02:9d:79:35:16:ed:2b:26:18:8d:b4:
         5a:e7:a8:cf:49:95:bd:8a:e9:52:9a:3e:90:7d:42:6e:2e:4d:
         03:65:aa:8f:48:58:4e:fc:38:77:5e:e6:9e:c3:e2:8b:f5:f1:
         ea:52:e7:1e:33:a4:1d:11:4c:00:d4:a9:a9:2e:28:42:f9:27:
         cf:18:e5:32:de:f9:72:85:f7:ff:44:c6:cf:1f:a4:a8:c6:de:
         18:8c:99:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZII4n1UFVOAtwAnx3MtRqy9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MmY2ZWU2ZWUzNDZjMzE5MTJiNzYzMGRhYjE0Y2U1M2M0
ZTBjOTkwHhcNMjQwOTE5MDYwNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzdmNzE5Mjk3OGEzNmVjYmNlMjJmMTdlMDA5MjIwNzBkODYyNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01ROi/PbOjdweyweW+HAmgNRZ0tG
+cpOb95BEmRLjyRYrl/wHFJSWATdcg0M4FSBiFPPTvpUvkTV55WSGhUQxq3vpuGT
YCTSkwYVEDnmQna/Y235GSom7ui9/7XY3M+pWXubKa1JMXwT9p1SHAVFBr7Pr+Bo
lGSDlX5UFFJ3Uo9QlWWx4IgQgbQ2ZPtjaby9Lo59YzbD9+dmET2Y6Qm4OrnpqDNV
5Z/1BhldbX7Pib+eL/+CHrYaYNxac5+N4BTJ7tNeRztNP3DPrdtdYmrMF9+JThqU
yxXrw9LkRFmvsraOc9Ce/+AGOp4EbjWXWAboY5On3I0Zw6//OYYKBjpcywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPN/cZKXijbsvOIvF+AJIgcNhiUtMB8GA1UdIwQY
MBaAFDkvbubuNGwxkSt2MNqxTOU8TgyZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1M5dTV1NDBiREdSSzNZdzJyRk01VHhPREprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80NWQ5N2UtNDBmZS00N2UwLWIyZTYt
OGE3MmExYjZhZjg1LzEvODM5eGtwZUtOdXk4NGk4WDRBa2lCdzJHSlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80NWQ5N2UtNDBmZS00N2UwLWIyZTYtOGE3MmExYjZhZjg1
LzEvT1M5dTV1NDBiREdSSzNZdzJyRk01VHhPREprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwag0MA0G
CSqGSIb3DQEBCwUAA4IBAQCZtPsWLxHwSNOy39I5IAmGJX4QlS2sxoZsv+NXrVMU
9avusGj8QkSRcCK1kknT6c/LLLcHIBRzQd1JztyDPwvsDItGO0e27kK6EcMg0P2L
pcyvDWOMWU7GOBqKqmCVPzkU2RKhKOYx50aahHLoAD5AKpyXGjg300HEJS7bKELp
4f1TOhckBiYQAV4fPwL+FHCClMDDTjQmypCgzPnJ9JO2OpZTG7r8Q4yKAp15NRbt
KyYYjbRa56jPSZW9iulSmj6QfUJuLk0DZaqPSFhO/Dh3Xuaew+KL9fHqUuceM6Qd
EUwA1KmpLihC+SfPGOUy3vlyhff/RMbPH6Soxt4YjJln
-----END CERTIFICATE-----