Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ITfG3HzjOa2oWroSC0Xyd4caSZs.roa
File:                     ITfG3HzjOa2oWroSC0Xyd4caSZs.roa (raw, json)
Hash identifier:          N0qhz0LoC/NEnJuxHx6ReauvcXuKpxqXZOq1xqaxCZw=
Subject key identifier:   21:37:C6:DC:7C:E3:39:AD:A8:5A:BA:12:0B:45:F2:77:87:1A:49:9B
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       01926799DAA896206AAB779843B613D5D05D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ITfG3HzjOa2oWroSC0Xyd4caSZs.roa
Signing time:             Mon 07 Oct 2024 15:29:49 +0000
ROA not before:           Mon 07 Oct 2024 15:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        92.38.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:67:99:da:a8:96:20:6a:ab:77:98:43:b6:13:d5:d0:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Oct  7 15:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2137c6dc7ce339ada85aba120b45f277871a499b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c3:2f:f3:bc:92:60:80:5a:1a:0c:80:2a:8d:
                    df:64:60:3a:fe:46:b2:8d:63:19:66:af:2f:70:57:
                    d1:21:fd:07:8c:1d:02:0d:06:ea:af:5e:4a:ac:ba:
                    aa:f2:00:59:87:70:04:20:2e:bb:21:fd:14:87:9c:
                    07:38:f3:74:b8:58:35:e6:28:45:3b:e2:63:0d:a8:
                    29:18:5a:8f:21:2b:d2:43:13:bf:25:e3:6b:2b:a7:
                    43:0c:0e:09:3c:40:72:72:5c:bf:5f:b5:33:3f:1b:
                    2b:45:9c:b2:83:65:ea:6b:19:34:c6:88:99:dd:2c:
                    d1:2c:73:e6:0f:5c:05:f6:6b:c9:0e:fd:bb:0e:20:
                    56:5a:39:c1:52:74:54:98:e1:92:7b:c0:63:1b:bf:
                    a9:80:b6:34:79:49:21:46:3d:63:a2:93:69:f1:de:
                    36:f6:6e:80:1f:67:90:67:a0:d1:7b:39:10:a4:dd:
                    b6:ad:5d:60:ca:e3:89:86:0f:70:58:41:77:15:08:
                    8a:22:e3:29:b5:e7:83:a5:7e:61:b2:16:76:6c:f6:
                    49:13:bc:5d:6e:3a:dd:3a:d2:28:2e:e9:ed:81:22:
                    46:72:4c:79:06:09:7e:ff:67:fc:84:1f:56:0e:41:
                    42:32:3b:d4:c7:ae:ef:28:78:93:bf:ab:94:ff:54:
                    69:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:37:C6:DC:7C:E3:39:AD:A8:5A:BA:12:0B:45:F2:77:87:1A:49:9B
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ITfG3HzjOa2oWroSC0Xyd4caSZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:d2:a5:97:df:6e:e6:13:f6:de:22:1a:c1:01:2e:40:28:71:
         0a:55:ea:3b:38:c2:d2:1c:34:6c:c9:af:8e:ad:c6:e1:3a:36:
         41:16:b1:0c:d1:d9:5f:31:4b:b6:69:c3:30:3d:85:41:ee:84:
         5a:38:9c:7e:a0:73:32:74:8e:69:ea:db:1c:04:c5:6f:13:0a:
         79:7d:c3:ce:bd:f8:3d:36:16:84:69:ec:57:cc:0d:fb:eb:72:
         07:8b:87:19:42:be:8b:4f:f9:a7:45:0a:af:55:75:bf:05:93:
         32:5a:f0:d3:6c:bf:49:55:21:06:9f:da:69:d8:df:d2:72:b9:
         4e:b1:22:25:dd:9f:89:f1:c5:99:9b:06:6e:5e:87:14:0d:32:
         c2:7c:93:9e:8b:09:26:0a:fa:59:e3:90:69:69:e5:42:95:6d:
         27:6a:d3:a9:8a:22:d1:6f:52:67:48:1b:eb:0a:3b:25:5b:61:
         46:70:ad:ce:88:5b:12:29:5a:84:3c:0a:9b:36:25:61:cd:e3:
         eb:44:c3:e1:fd:4b:e8:0f:c1:e8:5d:62:ee:39:48:0f:9a:ba:
         c6:52:34:40:1e:b5:e0:a9:9d:a0:33:32:64:5d:12:7b:51:e2:
         e7:b8:b2:1b:fc:dd:7a:7a:0c:fd:5c:2a:eb:5a:7a:ce:bf:11:
         26:d8:10:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJnmdqoliBqq3eYQ7YT1dBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQxMDA3MTUyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTM3YzZkYzdjZTMzOWFkYTg1YWJhMTIwYjQ1ZjI3Nzg3MWE0OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusMv87ySYIBaGgyAKo3fZGA6/kay
jWMZZq8vcFfRIf0HjB0CDQbqr15KrLqq8gBZh3AEIC67If0Uh5wHOPN0uFg15ihF
O+JjDagpGFqPISvSQxO/JeNrK6dDDA4JPEBycly/X7UzPxsrRZyyg2Xqaxk0xoiZ
3SzRLHPmD1wF9mvJDv27DiBWWjnBUnRUmOGSe8BjG7+pgLY0eUkhRj1jopNp8d42
9m6AH2eQZ6DRezkQpN22rV1gyuOJhg9wWEF3FQiKIuMpteeDpX5hshZ2bPZJE7xd
bjrdOtIoLuntgSJGckx5Bgl+/2f8hB9WDkFCMjvUx67vKHiTv6uU/1RpgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE3xtx84zmtqFq6EgtF8neHGkmbMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvSVRmRzNIempPYTJvV3JvU0MwWHlkNGNhU1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCYGMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ0qWX327mE/beIhrBAS5AKHEKVeo7OMLSHDRsya+O
rcbhOjZBFrEM0dlfMUu2acMwPYVB7oRaOJx+oHMydI5p6tscBMVvEwp5fcPOvfg9
NhaEaexXzA3763IHi4cZQr6LT/mnRQqvVXW/BZMyWvDTbL9JVSEGn9pp2N/ScrlO
sSIl3Z+J8cWZmwZuXocUDTLCfJOeiwkmCvpZ45BpaeVClW0natOpiiLRb1JnSBvr
CjslW2FGcK3OiFsSKVqEPAqbNiVhzePrRMPh/UvoD8HoXWLuOUgPmrrGUjRAHrXg
qZ2gMzJkXRJ7UeLnuLIb/N16egz9XCrrWnrOvxEm2BAb
-----END CERTIFICATE-----