Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/dd981d-e1f5-4837-9027-c9bf55d9d1ba/1/ADOxB9Gim1uDJXbZwYcxLGFJZ_g.roa
File:                     ADOxB9Gim1uDJXbZwYcxLGFJZ_g.roa (raw, json)
Hash identifier:          JXqzQjJ6IxxwVm9urG07jOEUwT52gCcGLVN7BoFOIM0=
Subject key identifier:   00:33:B1:07:D1:A2:9B:5B:83:25:76:D9:C1:87:31:2C:61:49:67:F8
Certificate issuer:       /CN=53c77312e0d2cec845a04613845f8a1be263c399
Certificate serial:       018CC56E2922350F8487161890A6DDDD43C9
Authority key identifier: 53:C7:73:12:E0:D2:CE:C8:45:A0:46:13:84:5F:8A:1B:E2:63:C3:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8dzEuDSzshFoEYThF-KG-Jjw5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/dd981d-e1f5-4837-9027-c9bf55d9d1ba/1/ADOxB9Gim1uDJXbZwYcxLGFJZ_g.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209240
IP address blocks:        92.119.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/dd981d-e1f5-4837-9027-c9bf55d9d1ba/1/U8dzEuDSzshFoEYThF-KG-Jjw5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/dd981d-e1f5-4837-9027-c9bf55d9d1ba/1/U8dzEuDSzshFoEYThF-KG-Jjw5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8dzEuDSzshFoEYThF-KG-Jjw5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:29:22:35:0f:84:87:16:18:90:a6:dd:dd:43:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c77312e0d2cec845a04613845f8a1be263c399
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0033b107d1a29b5b832576d9c187312c614967f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3f:97:fb:25:9d:d1:76:41:7f:df:79:23:3f:
                    9f:8e:99:43:29:94:eb:9b:fb:e5:f8:76:0e:1c:6f:
                    2f:21:81:a5:ac:47:33:db:32:7e:25:06:80:2b:c5:
                    4a:2a:68:91:9a:62:15:de:a3:1a:3f:2a:1b:ae:48:
                    cd:96:31:50:71:b9:83:9f:7c:eb:f5:9e:f9:5c:15:
                    f8:64:7f:fb:b3:99:13:03:ed:2c:d9:1d:3e:bc:e7:
                    64:da:26:dd:02:0c:13:08:9c:10:88:6c:7c:a8:03:
                    c7:54:4a:f2:60:17:2b:ba:10:1a:5b:0a:18:d8:2f:
                    1f:02:81:1f:dd:c2:12:d6:14:df:a0:f7:4e:f4:5f:
                    1c:78:e6:30:c6:ce:3c:33:f5:79:64:e3:19:b7:94:
                    9a:83:58:5a:d5:26:6b:f7:08:d2:91:33:2e:8e:e8:
                    f2:57:3a:4b:80:b8:b7:22:91:ca:2b:1c:8e:f1:2d:
                    0c:af:80:9a:57:b6:9c:f5:de:b8:6e:d7:05:e2:c0:
                    e3:6e:5b:ef:8f:60:d8:fd:4f:01:cc:32:eb:60:26:
                    0c:f9:e8:85:9e:de:6f:6c:ed:40:3c:d8:0b:cf:75:
                    91:9e:6b:51:86:17:46:d5:8b:e8:26:c3:22:37:2c:
                    42:66:9f:cf:72:e4:b3:15:1a:0e:5d:44:f2:7e:d7:
                    7d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:33:B1:07:D1:A2:9B:5B:83:25:76:D9:C1:87:31:2C:61:49:67:F8
            X509v3 Authority Key Identifier:
                keyid:53:C7:73:12:E0:D2:CE:C8:45:A0:46:13:84:5F:8A:1B:E2:63:C3:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8dzEuDSzshFoEYThF-KG-Jjw5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/dd981d-e1f5-4837-9027-c9bf55d9d1ba/1/ADOxB9Gim1uDJXbZwYcxLGFJZ_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/dd981d-e1f5-4837-9027-c9bf55d9d1ba/1/U8dzEuDSzshFoEYThF-KG-Jjw5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:a0:94:32:65:87:a5:97:a7:e0:88:36:c6:48:5f:0e:f6:2a:
         6b:1d:69:a4:fc:ba:24:7b:69:56:9e:07:ed:d0:30:db:d4:ac:
         c4:3d:92:27:20:9c:62:a9:d3:bd:cb:b4:73:d4:f9:5d:8e:90:
         2f:46:10:1e:7b:76:1e:31:42:ff:69:3a:4d:e3:a2:ae:2e:e3:
         a8:0b:b0:d5:84:35:07:f6:d5:f0:8d:a3:da:e3:b4:6f:87:8f:
         10:f7:dc:57:5d:72:44:fa:a6:74:ed:3f:43:7f:5c:eb:bc:f0:
         78:40:da:8f:27:89:a5:7e:15:2e:80:3b:13:6e:94:4e:0d:56:
         26:85:56:b7:7e:93:c3:b3:db:bf:65:02:ab:2c:e5:68:1f:f1:
         09:47:86:f9:87:a7:13:a5:4b:28:94:ba:c0:95:7f:17:0c:b9:
         b4:0b:9f:45:93:cc:0a:f5:4a:00:55:3e:d8:2e:7b:64:9b:68:
         a1:fa:59:59:d2:43:7e:c4:ae:ca:51:20:85:69:2f:c6:60:46:
         f1:e0:6e:b6:a2:78:9a:3e:ad:f8:be:f5:06:67:49:1c:0d:ec:
         5d:b5:d7:27:6f:23:e7:fe:d5:00:c9:d6:59:f8:1d:46:d6:06:
         fe:38:b2:16:1b:4b:f6:fa:00:2a:52:51:c0:bb:71:9b:02:b9:
         b6:6f:a0:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbikiNQ+EhxYYkKbd3UPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzc3MzEyZTBkMmNlYzg0NWEwNDYxMzg0NWY4YTFiZTI2
M2MzOTkwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDMzYjEwN2QxYTI5YjViODMyNTc2ZDljMTg3MzEyYzYxNDk2N2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2z+X+yWd0XZBf995Iz+fjplDKZTr
m/vl+HYOHG8vIYGlrEcz2zJ+JQaAK8VKKmiRmmIV3qMaPyobrkjNljFQcbmDn3zr
9Z75XBX4ZH/7s5kTA+0s2R0+vOdk2ibdAgwTCJwQiGx8qAPHVEryYBcruhAaWwoY
2C8fAoEf3cIS1hTfoPdO9F8ceOYwxs48M/V5ZOMZt5Sag1ha1SZr9wjSkTMujujy
VzpLgLi3IpHKKxyO8S0Mr4CaV7ac9d64btcF4sDjblvvj2DY/U8BzDLrYCYM+eiF
nt5vbO1APNgLz3WRnmtRhhdG1YvoJsMiNyxCZp/PcuSzFRoOXUTyftd93wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAzsQfRoptbgyV22cGHMSxhSWf4MB8GA1UdIwQY
MBaAFFPHcxLg0s7IRaBGE4RfihviY8OZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThkekV1RFN6c2hGb0VZVGhGLUtHLUpqdzVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9kZDk4MWQtZTFmNS00ODM3LTkwMjct
YzliZjU1ZDlkMWJhLzEvQURPeEI5R2ltMXVESlhiWndZY3hMR0ZKWl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9kZDk4MWQtZTFmNS00ODM3LTkwMjctYzliZjU1ZDlkMWJh
LzEvVThkekV1RFN6c2hGb0VZVGhGLUtHLUpqdzVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHfsMA0G
CSqGSIb3DQEBCwUAA4IBAQARoJQyZYell6fgiDbGSF8O9iprHWmk/Loke2lWngft
0DDb1KzEPZInIJxiqdO9y7Rz1PldjpAvRhAee3YeMUL/aTpN46KuLuOoC7DVhDUH
9tXwjaPa47Rvh48Q99xXXXJE+qZ07T9Df1zrvPB4QNqPJ4mlfhUugDsTbpRODVYm
hVa3fpPDs9u/ZQKrLOVoH/EJR4b5h6cTpUsolLrAlX8XDLm0C59Fk8wK9UoAVT7Y
Lntkm2ih+llZ0kN+xK7KUSCFaS/GYEbx4G62oniaPq34vvUGZ0kcDexdtdcnbyPn
/tUAydZZ+B1G1gb+OLIWG0v2+gAqUlHAu3GbArm2b6AD
-----END CERTIFICATE-----