Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/279VdnG-Fdszjb2yG7-2IjnNQq8.roa
File:                     279VdnG-Fdszjb2yG7-2IjnNQq8.roa (raw, json)
Hash identifier:          39BYbVFVCqd2qENpfGmBlifLRcfQzLv4w9dE1us6VMw=
Subject key identifier:   DB:BF:55:76:71:BE:15:DB:33:8D:BD:B2:1B:BF:B6:22:39:CD:42:AF
Certificate issuer:       /CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
Certificate serial:       019427488CC18BEF1F296B999FA9D62A7A81
Authority key identifier: 5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/279VdnG-Fdszjb2yG7-2IjnNQq8.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200081
IP address blocks:        92.246.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 16:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8c:c1:8b:ef:1f:29:6b:99:9f:a9:d6:2a:7a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbbf557671be15db338dbdb21bbfb62239cd42af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:91:30:fd:db:e3:49:bb:e4:31:64:f5:d4:f8:
                    67:3f:bd:5c:7b:97:f8:82:15:c5:c6:9a:51:0a:3f:
                    d3:21:9f:50:e8:4f:fb:90:9d:02:81:99:4b:fe:d0:
                    e1:a2:09:23:29:b8:aa:8a:24:d7:87:9e:57:43:00:
                    b7:cf:5b:5e:e9:b4:38:7b:9e:52:2a:72:06:35:92:
                    a2:0c:ac:ac:01:31:f7:63:5b:4d:0a:bf:cb:3d:9b:
                    60:c3:bc:97:63:78:3b:f6:63:fd:55:a9:22:b3:24:
                    f9:99:45:27:aa:9e:d3:30:b1:5f:cd:10:9d:9b:c9:
                    2f:4f:e9:89:e0:b6:98:5f:a4:a5:c8:6c:aa:15:6d:
                    67:f9:06:7b:bf:1d:de:1b:18:07:fa:d8:31:c1:e1:
                    95:43:b0:4b:13:f6:a1:9e:3c:25:15:df:c5:a7:c0:
                    63:82:57:d5:56:1d:aa:cc:f0:84:4f:ad:72:40:c0:
                    1e:d0:fe:b6:f0:74:cc:5e:b5:57:50:b4:78:29:16:
                    aa:1e:bd:55:62:fd:0d:d3:e0:f2:5d:f7:af:c1:fd:
                    c8:02:e4:9c:b2:d1:ef:66:fd:dd:c3:41:73:90:76:
                    67:b5:b3:aa:ad:99:12:40:d5:60:d1:1c:ff:15:e9:
                    7d:df:5a:81:6f:46:6d:aa:b5:1d:9f:ab:d5:57:ad:
                    8c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:BF:55:76:71:BE:15:DB:33:8D:BD:B2:1B:BF:B6:22:39:CD:42:AF
            X509v3 Authority Key Identifier:
                keyid:5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/279VdnG-Fdszjb2yG7-2IjnNQq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.246.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:d9:1a:32:66:b7:d4:39:5a:f7:2a:ad:33:3e:ec:e4:ce:64:
         3f:f0:f0:17:a2:19:f6:00:b9:b7:31:a3:a8:83:13:d3:6f:9b:
         03:66:86:42:ea:50:33:b3:89:3e:eb:01:35:3c:cb:8d:74:7b:
         dd:5f:2e:96:ec:b0:dc:ce:29:ae:f2:ec:67:7c:10:09:8e:46:
         dc:01:6a:b5:6e:37:1b:b6:8b:dd:2e:04:ae:2d:3c:22:c5:1c:
         ab:05:17:49:3c:f9:f2:92:50:95:e0:ec:c5:a2:e1:52:d8:04:
         69:78:de:6e:66:95:e3:22:5e:89:78:8a:d9:18:70:8b:7b:0b:
         57:2e:1b:43:e6:11:0b:97:1f:03:a2:72:64:10:87:30:39:af:
         64:49:43:f3:f3:99:06:8b:fd:d4:b5:0c:3f:5c:b5:ab:18:87:
         d2:52:d8:7b:47:d5:cc:28:f4:cf:0a:ef:2e:48:19:c7:aa:01:
         f5:a6:62:1c:fe:85:39:53:36:28:be:70:9f:fb:de:97:83:4e:
         1d:4c:84:f9:bc:28:c4:7c:44:bd:17:e0:98:44:b1:67:b0:9a:
         b8:59:12:34:46:db:24:1a:34:11:c0:57:1d:72:17:33:fb:68:
         22:f8:4f:66:97:64:a5:41:86:26:68:bd:9d:35:36:1d:c3:be:
         97:7c:70:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSIzBi+8fKWuZn6nWKnqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWUwNTFhOTM5MDFlY2MwMTc0NDA3OWFhNGFjMmZiMDc3
YjlmYzEwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmJmNTU3NjcxYmUxNWRiMzM4ZGJkYjIxYmJmYjYyMjM5Y2Q0MmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZEw/dvjSbvkMWT11PhnP71ce5f4
ghXFxppRCj/TIZ9Q6E/7kJ0CgZlL/tDhogkjKbiqiiTXh55XQwC3z1te6bQ4e55S
KnIGNZKiDKysATH3Y1tNCr/LPZtgw7yXY3g79mP9VakisyT5mUUnqp7TMLFfzRCd
m8kvT+mJ4LaYX6SlyGyqFW1n+QZ7vx3eGxgH+tgxweGVQ7BLE/ahnjwlFd/Fp8Bj
glfVVh2qzPCET61yQMAe0P628HTMXrVXULR4KRaqHr1VYv0N0+DyXfevwf3IAuSc
stHvZv3dw0FzkHZntbOqrZkSQNVg0Rz/Fel931qBb0ZtqrUdn6vVV62MOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNu/VXZxvhXbM429shu/tiI5zUKvMB8GA1UdIwQY
MBaAFFvuBRqTkB7MAXRAeapKwvsHe5/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjIt
YTUyYTg3OTVkOTU2LzEvMjc5VmRuRy1GZHN6amIyeUc3LTJJam5OUXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjItYTUyYTg3OTVkOTU2
LzEvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXPZYMA0G
CSqGSIb3DQEBCwUAA4IBAQC+2RoyZrfUOVr3Kq0zPuzkzmQ/8PAXohn2ALm3MaOo
gxPTb5sDZoZC6lAzs4k+6wE1PMuNdHvdXy6W7LDczimu8uxnfBAJjkbcAWq1bjcb
tovdLgSuLTwixRyrBRdJPPnyklCV4OzFouFS2ARpeN5uZpXjIl6JeIrZGHCLewtX
LhtD5hELlx8DonJkEIcwOa9kSUPz85kGi/3UtQw/XLWrGIfSUth7R9XMKPTPCu8u
SBnHqgH1pmIc/oU5UzYovnCf+96Xg04dTIT5vCjEfES9F+CYRLFnsJq4WRI0Rtsk
GjQRwFcdchcz+2gi+E9ml2SlQYYmaL2dNTYdw76XfHDl
-----END CERTIFICATE-----