Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/1-x5DJo8xfp6zLDtgNLDcdSwHBk8.roa
File:                     1-x5DJo8xfp6zLDtgNLDcdSwHBk8.roa (raw, json)
Hash identifier:          /5hnRVyQzYM2kmmQSeTTvWQn5JjeDxzAjBXQlf5zkX4=
Subject key identifier:   FB:1E:43:26:8F:31:7E:9E:B3:2C:3B:60:34:B0:DC:75:2C:07:06:4F
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       018CC64B45C0AE8EA13D0FFAF4173FB3FF15
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/1-x5DJo8xfp6zLDtgNLDcdSwHBk8.roa
Signing time:             Mon 01 Jan 2024 18:31:10 +0000
ROA not before:           Mon 01 Jan 2024 18:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50316
IP address blocks:        92.245.184.0/24 maxlen: 24
                          92.245.185.0/24 maxlen: 24
                          92.245.186.0/24 maxlen: 24
                          92.245.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:45:c0:ae:8e:a1:3d:0f:fa:f4:17:3f:b3:ff:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Jan  1 18:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb1e43268f317e9eb32c3b6034b0dc752c07064f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4f:93:5c:3e:ac:c5:7b:1e:d5:e7:3d:4e:c4:
                    37:03:9b:17:4c:84:b7:36:cb:6b:0a:ef:33:f3:17:
                    4d:85:b8:4f:53:cd:46:5a:9c:46:13:b6:98:1a:b2:
                    65:fe:65:2e:91:35:5f:c2:2c:5f:22:74:40:43:31:
                    f7:5c:d0:37:6b:0a:de:23:71:3e:79:b7:3e:89:01:
                    06:c9:60:b9:65:34:77:39:56:ff:99:05:1e:51:f4:
                    04:a1:4a:db:a5:40:1c:39:fb:bf:f0:9f:7b:c2:cb:
                    e3:d8:82:83:22:16:95:66:46:aa:75:76:4b:0e:af:
                    fa:7b:3b:3e:2a:64:5b:d1:2c:1d:48:30:3c:47:14:
                    95:6c:79:60:92:09:cd:24:c9:c6:c7:9e:5c:9b:84:
                    1a:98:a8:45:5f:0e:b8:0c:12:3c:f6:19:29:f4:49:
                    31:3a:b4:23:22:0c:de:47:c4:68:05:1c:2b:17:0b:
                    62:2f:10:88:98:69:37:f9:72:47:0b:f6:c8:0b:1d:
                    7c:4d:30:c0:f8:cb:6f:81:2a:79:a7:4a:d0:f6:0d:
                    ac:ab:25:16:3e:ec:3d:ac:6f:ea:33:14:31:a6:f8:
                    2b:e1:0b:34:33:c0:3e:5b:e9:89:4c:82:79:b8:ee:
                    e3:a9:47:e7:22:a2:c8:5c:fb:30:ab:5a:12:99:71:
                    f4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:1E:43:26:8F:31:7E:9E:B3:2C:3B:60:34:B0:DC:75:2C:07:06:4F
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/1-x5DJo8xfp6zLDtgNLDcdSwHBk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.245.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:09:95:de:8e:74:aa:6d:27:be:50:72:b2:d7:51:8b:65:4e:
         4e:45:2e:3f:39:de:fe:20:e9:87:2f:58:78:35:f5:7b:66:4b:
         39:e6:1d:90:19:68:99:25:19:ac:7d:54:04:8e:61:9c:90:29:
         c0:9e:3e:04:68:a6:9b:8b:18:1f:e0:8a:8c:7a:f0:0b:6f:ff:
         82:07:18:57:20:49:f8:49:1f:a8:0a:60:90:c4:c6:8f:42:b9:
         bd:fa:15:15:71:a1:fd:75:20:b0:9b:f8:e5:46:b9:3d:4c:5f:
         01:66:88:79:cb:ae:52:2f:88:aa:12:80:8e:c4:97:23:99:e7:
         8e:6b:cd:f0:dc:57:84:9d:e6:fd:aa:c5:83:d1:7c:98:b4:f1:
         0b:45:60:97:9e:9b:51:04:a4:42:16:e1:15:f8:c0:c7:d0:a8:
         10:2a:39:8d:71:d8:64:38:60:75:04:b2:e0:07:d9:af:cf:c2:
         f4:70:79:5d:b2:20:fd:10:a4:5d:51:d9:08:72:31:64:21:5d:
         30:43:7d:bd:64:e7:ed:2d:33:24:ef:a5:f7:ee:fd:3f:4a:42:
         09:69:b7:8b:05:96:58:f7:32:b8:d9:f5:7e:34:c9:ad:71:c2:
         3c:25:31:6c:e3:ac:87:8e:9b:fe:df:53:d5:51:40:3e:f0:ed:
         68:3c:14:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGS0XAro6hPQ/69Bc/s/8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjQwMTAxMTgzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjFlNDMyNjhmMzE3ZTllYjMyYzNiNjAzNGIwZGM3NTJjMDcwNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk+TXD6sxXse1ec9TsQ3A5sXTIS3
NstrCu8z8xdNhbhPU81GWpxGE7aYGrJl/mUukTVfwixfInRAQzH3XNA3awreI3E+
ebc+iQEGyWC5ZTR3OVb/mQUeUfQEoUrbpUAcOfu/8J97wsvj2IKDIhaVZkaqdXZL
Dq/6ezs+KmRb0SwdSDA8RxSVbHlgkgnNJMnGx55cm4QamKhFXw64DBI89hkp9Ekx
OrQjIgzeR8RoBRwrFwtiLxCImGk3+XJHC/bICx18TTDA+MtvgSp5p0rQ9g2sqyUW
Puw9rG/qMxQxpvgr4Qs0M8A+W+mJTIJ5uO7jqUfnIqLIXPswq1oSmXH0fwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPseQyaPMX6esyw7YDSw3HUsBwZPMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvMS14NURKbzh4ZnA2ekxEdGdOTERjZFN3SEJrOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTUvZGQ1NWU4LWZlYmQtNDlkMC1hNWE3LTFjZjE1YjJiYTdi
ZS8xL3JIekROUFVkSzI2MDRuMXRWcm04NC1oVllNdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlz1uDAN
BgkqhkiG9w0BAQsFAAOCAQEAdQmV3o50qm0nvlBystdRi2VOTkUuPzne/iDphy9Y
eDX1e2ZLOeYdkBlomSUZrH1UBI5hnJApwJ4+BGimm4sYH+CKjHrwC2//ggcYVyBJ
+EkfqApgkMTGj0K5vfoVFXGh/XUgsJv45Ua5PUxfAWaIecuuUi+IqhKAjsSXI5nn
jmvN8NxXhJ3m/arFg9F8mLTxC0Vgl56bUQSkQhbhFfjAx9CoECo5jXHYZDhgdQSy
4AfZr8/C9HB5XbIg/RCkXVHZCHIxZCFdMEN9vWTn7S0zJO+l9+79P0pCCWm3iwWW
WPcyuNn1fjTJrXHCPCUxbOOsh46b/t9T1VFAPvDtaDwUEg==
-----END CERTIFICATE-----