Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/9364bf-01ab-447b-ab1a-1d772e2e6438/1/rOwp4EEdXg6LDTSQ0vKwhdv6jlA.roa
File:                     rOwp4EEdXg6LDTSQ0vKwhdv6jlA.roa (raw, json)
Hash identifier:          GRZCNLtPKsPA6POGMydW8xxkB4XDVI2vNMs1Ud2kuDg=
Subject key identifier:   AC:EC:29:E0:41:1D:5E:0E:8B:0D:34:90:D2:F2:B0:85:DB:FA:8E:50
Certificate issuer:       /CN=12731f6d7e3e20ad9bf31b8acd606f0893b9fe04
Certificate serial:       0194266AB63500B39CFE4B01D2441841FF7B
Authority key identifier: 12:73:1F:6D:7E:3E:20:AD:9B:F3:1B:8A:CD:60:6F:08:93:B9:FE:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EnMfbX4-IK2b8xuKzWBvCJO5_gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/9364bf-01ab-447b-ab1a-1d772e2e6438/1/rOwp4EEdXg6LDTSQ0vKwhdv6jlA.roa
Signing time:             Thu 02 Jan 2025 09:48:35 +0000
ROA not before:           Thu 02 Jan 2025 09:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8820
IP address blocks:        92.119.104.0/22 maxlen: 24
                          2a09:b0c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/9364bf-01ab-447b-ab1a-1d772e2e6438/1/EnMfbX4-IK2b8xuKzWBvCJO5_gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/9364bf-01ab-447b-ab1a-1d772e2e6438/1/EnMfbX4-IK2b8xuKzWBvCJO5_gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EnMfbX4-IK2b8xuKzWBvCJO5_gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:b6:35:00:b3:9c:fe:4b:01:d2:44:18:41:ff:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12731f6d7e3e20ad9bf31b8acd606f0893b9fe04
        Validity
            Not Before: Jan  2 09:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acec29e0411d5e0e8b0d3490d2f2b085dbfa8e50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cc:af:96:ad:81:7e:d9:27:7a:b5:e2:d6:62:
                    76:43:9c:10:8e:77:3b:11:04:42:9a:cb:37:4b:c7:
                    18:00:cd:55:98:bd:dd:d8:0d:36:31:00:6b:35:c6:
                    c8:70:3a:34:04:dc:69:c1:56:83:0b:8e:7c:67:5a:
                    2d:c7:66:7d:ae:e2:d1:21:7f:21:7f:7f:72:1d:08:
                    a0:7a:03:ae:c3:a2:df:4d:5d:90:87:7f:af:4f:b6:
                    75:05:e4:37:3d:a1:f4:ba:2d:4f:73:f8:14:8c:34:
                    4b:27:5d:22:53:94:be:8b:b7:8e:21:96:7d:a9:55:
                    e8:7e:65:61:0b:c6:2e:a9:f2:c9:5f:44:b5:02:ca:
                    72:62:d3:e2:1d:0d:0d:f3:2b:ee:06:b9:c5:d7:43:
                    64:27:33:30:27:61:43:11:20:56:c5:a0:bb:5f:22:
                    45:5e:9f:ff:32:72:f1:57:e0:e5:21:9e:55:1d:19:
                    4c:62:f0:34:56:0b:12:f5:68:b5:8f:37:cb:d9:54:
                    98:b0:f8:fe:23:ac:fe:ca:c4:e9:84:d3:f8:01:66:
                    3a:fb:82:69:b7:a2:1e:32:29:56:cd:36:34:7e:ec:
                    01:af:42:11:e6:c7:b8:de:7f:c8:f0:e1:da:2a:61:
                    fe:8e:a5:54:3d:0a:bc:db:91:85:19:cc:60:7c:6d:
                    d3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EC:29:E0:41:1D:5E:0E:8B:0D:34:90:D2:F2:B0:85:DB:FA:8E:50
            X509v3 Authority Key Identifier:
                keyid:12:73:1F:6D:7E:3E:20:AD:9B:F3:1B:8A:CD:60:6F:08:93:B9:FE:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EnMfbX4-IK2b8xuKzWBvCJO5_gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/9364bf-01ab-447b-ab1a-1d772e2e6438/1/rOwp4EEdXg6LDTSQ0vKwhdv6jlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/9364bf-01ab-447b-ab1a-1d772e2e6438/1/EnMfbX4-IK2b8xuKzWBvCJO5_gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.104.0/22
                IPv6:
                  2a09:b0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:21:3d:15:59:7e:6f:26:50:29:23:01:e6:a3:8c:b4:27:08:
         e2:87:48:20:ed:e6:43:c6:46:81:91:64:f8:4f:13:a5:84:63:
         a2:0b:ad:3a:1e:81:cb:5d:46:dd:a8:d1:9e:16:a5:3e:0e:b1:
         4e:04:1f:13:e5:78:81:0c:54:f3:74:73:be:38:fe:f9:e8:a1:
         d7:04:0a:43:97:0c:fa:59:d2:c3:fd:2d:6f:ef:56:78:c5:0c:
         82:a3:ef:bc:e8:f1:f9:51:32:78:91:d6:13:8e:ac:85:c8:f6:
         a7:03:6a:05:3a:ab:9f:f5:e4:e8:bc:7c:57:30:d8:c1:3d:44:
         b6:3b:69:87:52:f4:e8:2f:4b:95:1a:ac:d5:1e:c6:47:f3:2d:
         c7:03:05:e6:be:68:23:c0:42:df:2c:6a:53:de:49:c5:28:20:
         74:60:16:5a:e0:3c:44:5e:db:f3:49:a2:19:e3:18:2e:b5:59:
         25:1a:44:fb:39:2f:8f:b0:60:62:d0:0a:9f:3d:03:f5:e1:03:
         14:b0:5a:51:f6:3b:a8:9d:a0:d5:b5:7d:cd:b4:c2:d0:86:96:
         d3:7e:73:68:71:91:ab:d4:a6:0f:0c:62:6f:9e:8f:09:03:1f:
         4e:1f:32:e3:c4:a9:c1:2b:bc:cb:01:b5:2f:63:d7:ef:07:82:
         71:16:ed:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmarY1ALOc/ksB0kQYQf97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNzMxZjZkN2UzZTIwYWQ5YmYzMWI4YWNkNjA2ZjA4OTNi
OWZlMDQwHhcNMjUwMTAyMDk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VjMjllMDQxMWQ1ZTBlOGIwZDM0OTBkMmYyYjA4NWRiZmE4ZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsyvlq2BftknerXi1mJ2Q5wQjnc7
EQRCmss3S8cYAM1VmL3d2A02MQBrNcbIcDo0BNxpwVaDC458Z1otx2Z9ruLRIX8h
f39yHQigegOuw6LfTV2Qh3+vT7Z1BeQ3PaH0ui1Pc/gUjDRLJ10iU5S+i7eOIZZ9
qVXofmVhC8YuqfLJX0S1AspyYtPiHQ0N8yvuBrnF10NkJzMwJ2FDESBWxaC7XyJF
Xp//MnLxV+DlIZ5VHRlMYvA0VgsS9Wi1jzfL2VSYsPj+I6z+ysTphNP4AWY6+4Jp
t6IeMilWzTY0fuwBr0IR5se43n/I8OHaKmH+jqVUPQq825GFGcxgfG3TVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKzsKeBBHV4Oiw00kNLysIXb+o5QMB8GA1UdIwQY
MBaAFBJzH21+PiCtm/Mbis1gbwiTuf4EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW5NZmJYNC1JSzJiOHh1S3pXQnZDSk81X2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC85MzY0YmYtMDFhYi00NDdiLWFiMWEt
MWQ3NzJlMmU2NDM4LzEvck93cDRFRWRYZzZMRFRTUTB2S3doZHY2amxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC85MzY0YmYtMDFhYi00NDdiLWFiMWEtMWQ3NzJlMmU2NDM4
LzEvRW5NZmJYNC1JSzJiOHh1S3pXQnZDSk81X2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXHdoMA0E
AgACMAcDBQAqCbDAMA0GCSqGSIb3DQEBCwUAA4IBAQC9IT0VWX5vJlApIwHmo4y0
Jwjih0gg7eZDxkaBkWT4TxOlhGOiC606HoHLXUbdqNGeFqU+DrFOBB8T5XiBDFTz
dHO+OP756KHXBApDlwz6WdLD/S1v71Z4xQyCo++86PH5UTJ4kdYTjqyFyPanA2oF
Oquf9eTovHxXMNjBPUS2O2mHUvToL0uVGqzVHsZH8y3HAwXmvmgjwELfLGpT3knF
KCB0YBZa4DxEXtvzSaIZ4xgutVklGkT7OS+PsGBi0AqfPQP14QMUsFpR9juonaDV
tX3NtMLQhpbTfnNocZGr1KYPDGJvno8JAx9OHzLjxKnBK7zLAbUvY9fvB4JxFu25
-----END CERTIFICATE-----