Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/bt19kOEyfs3QGRVlFGR_4LUMLec.roa
File:                     bt19kOEyfs3QGRVlFGR_4LUMLec.roa (raw, json)
Hash identifier:          9qpoRsjN16Y+BhKYQU7cprAl1Mg9egcZI8O5yWWEWiI=
Subject key identifier:   6E:DD:7D:90:E1:32:7E:CD:D0:19:15:65:14:64:7F:E0:B5:0C:2D:E7
Certificate issuer:       /CN=aab78616f3b39ed4820d04ce098ea7c20655314b
Certificate serial:       018CC42463A4BBC40818836D9722C16680E2
Authority key identifier: AA:B7:86:16:F3:B3:9E:D4:82:0D:04:CE:09:8E:A7:C2:06:55:31:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qreGFvOzntSCDQTOCY6nwgZVMUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/bt19kOEyfs3QGRVlFGR_4LUMLec.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202682
IP address blocks:        92.119.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/qreGFvOzntSCDQTOCY6nwgZVMUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/qreGFvOzntSCDQTOCY6nwgZVMUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qreGFvOzntSCDQTOCY6nwgZVMUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:63:a4:bb:c4:08:18:83:6d:97:22:c1:66:80:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aab78616f3b39ed4820d04ce098ea7c20655314b
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6edd7d90e1327ecdd019156514647fe0b50c2de7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d4:6a:f3:27:1b:4e:70:c5:7e:a3:ed:20:3d:
                    99:fc:57:b2:2d:f5:54:16:2e:54:e3:f7:68:c2:27:
                    3f:a0:51:1a:3b:cd:06:39:a2:ff:e0:ce:a3:ce:22:
                    4f:76:f6:0e:55:58:a1:ac:01:dd:3b:27:00:b7:da:
                    12:d8:cd:22:82:63:aa:35:4d:cb:35:c3:69:a6:e6:
                    85:bc:af:79:6b:6e:0f:db:97:d2:84:0e:5e:4b:94:
                    f7:52:69:d2:03:07:ae:22:20:02:a3:65:1f:6e:a4:
                    1b:8f:3a:b7:f6:4f:36:69:33:c1:ef:3a:55:36:69:
                    e6:94:11:a7:d1:28:7e:56:e3:3c:51:a2:16:cc:43:
                    5c:55:bb:ae:a9:f7:5a:9a:e3:0f:95:9a:5c:2b:1d:
                    e7:64:5c:85:39:b2:e8:bc:f1:e9:23:bd:cf:3d:42:
                    e8:c1:e9:94:ec:18:f9:94:f8:e7:07:09:09:f3:57:
                    25:db:c8:54:94:e0:42:94:d4:9b:6d:30:ce:38:2a:
                    a6:82:46:19:b0:46:67:d2:6c:b1:b9:f1:cc:1a:46:
                    5b:64:c7:1b:0e:06:77:8f:e3:91:f7:1c:99:16:9f:
                    8b:22:0c:75:f5:e7:4e:96:88:12:ec:ae:30:39:e0:
                    1d:eb:28:d0:c2:96:36:7b:58:3f:99:10:ed:b4:7f:
                    21:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DD:7D:90:E1:32:7E:CD:D0:19:15:65:14:64:7F:E0:B5:0C:2D:E7
            X509v3 Authority Key Identifier:
                keyid:AA:B7:86:16:F3:B3:9E:D4:82:0D:04:CE:09:8E:A7:C2:06:55:31:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qreGFvOzntSCDQTOCY6nwgZVMUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/bt19kOEyfs3QGRVlFGR_4LUMLec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/c38b6b-ab09-46aa-87ef-ebaa6ff7d886/1/qreGFvOzntSCDQTOCY6nwgZVMUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:10:98:17:07:86:15:a9:e0:d9:7a:a4:5d:ee:b8:27:5d:44:
         5a:de:c4:2b:ef:5e:99:e9:36:1f:7e:02:3f:31:e3:f4:16:cf:
         e4:b0:10:d2:15:d6:60:25:eb:5f:69:18:b0:2a:d1:0a:c7:d2:
         90:95:64:10:81:58:c0:9d:98:b5:51:ae:fa:2c:36:94:82:33:
         af:09:ff:c9:89:f5:27:5e:c4:ee:3d:7c:11:2b:a8:b7:18:35:
         ee:e6:c8:02:fc:37:82:3d:d0:f0:18:cc:bf:d4:2c:eb:c7:b6:
         c9:56:89:fc:24:db:45:17:62:8f:b7:5b:cc:2a:7e:98:31:65:
         aa:3d:a3:0d:e5:24:b9:13:ce:25:0f:6b:6a:8e:a8:56:8a:6f:
         4c:81:29:6e:82:cb:16:70:35:72:9a:5d:1c:c2:63:93:62:73:
         6c:b6:1d:e9:fb:30:82:5d:3f:b4:fb:41:8e:b8:50:68:4d:8a:
         22:88:dc:2b:2b:c5:04:54:89:9e:f9:9f:c6:54:19:2e:6c:37:
         c2:0b:b9:b8:fa:83:2d:f0:36:ec:97:fc:67:60:55:ac:27:c1:
         f3:b0:26:26:b0:0d:d9:ad:93:bf:06:9a:43:92:10:be:aa:b6:
         f1:39:de:70:01:ea:03:77:7e:52:fb:02:4a:ce:5a:1a:ed:04:
         9f:28:8a:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGOku8QIGINtlyLBZoDiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjc4NjE2ZjNiMzllZDQ4MjBkMDRjZTA5OGVhN2MyMDY1
NTMxNGIwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRkN2Q5MGUxMzI3ZWNkZDAxOTE1NjUxNDY0N2ZlMGI1MGMyZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitRq8ycbTnDFfqPtID2Z/FeyLfVU
Fi5U4/dowic/oFEaO80GOaL/4M6jziJPdvYOVVihrAHdOycAt9oS2M0igmOqNU3L
NcNppuaFvK95a24P25fShA5eS5T3UmnSAweuIiACo2UfbqQbjzq39k82aTPB7zpV
NmnmlBGn0Sh+VuM8UaIWzENcVbuuqfdamuMPlZpcKx3nZFyFObLovPHpI73PPULo
wemU7Bj5lPjnBwkJ81cl28hUlOBClNSbbTDOOCqmgkYZsEZn0myxufHMGkZbZMcb
DgZ3j+OR9xyZFp+LIgx19edOlogS7K4wOeAd6yjQwpY2e1g/mRDttH8hfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7dfZDhMn7N0BkVZRRkf+C1DC3nMB8GA1UdIwQY
MBaAFKq3hhbzs57Ugg0EzgmOp8IGVTFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJlR0Z2T3pudFNDRFFUT0NZNm53Z1pWTVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9jMzhiNmItYWIwOS00NmFhLTg3ZWYt
ZWJhYTZmZjdkODg2LzEvYnQxOWtPRXlmczNRR1JWbEZHUl80TFVNTGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9jMzhiNmItYWIwOS00NmFhLTg3ZWYtZWJhYTZmZjdkODg2
LzEvcXJlR0Z2T3pudFNDRFFUT0NZNm53Z1pWTVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHdAMA0G
CSqGSIb3DQEBCwUAA4IBAQCiEJgXB4YVqeDZeqRd7rgnXURa3sQr716Z6TYffgI/
MeP0Fs/ksBDSFdZgJetfaRiwKtEKx9KQlWQQgVjAnZi1Ua76LDaUgjOvCf/JifUn
XsTuPXwRK6i3GDXu5sgC/DeCPdDwGMy/1Czrx7bJVon8JNtFF2KPt1vMKn6YMWWq
PaMN5SS5E84lD2tqjqhWim9MgSlugssWcDVyml0cwmOTYnNsth3p+zCCXT+0+0GO
uFBoTYoiiNwrK8UEVIme+Z/GVBkubDfCC7m4+oMt8Dbsl/xnYFWsJ8HzsCYmsA3Z
rZO/BppDkhC+qrbxOd5wAeoDd35S+wJKzloa7QSfKIrL
-----END CERTIFICATE-----