Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/fa707a-b334-4b05-83fa-1420b84134d3/1/iagOQJs8MTgSjzaiDOHguxxq8e8.roa
File:                     iagOQJs8MTgSjzaiDOHguxxq8e8.roa (raw, json)
Hash identifier:          71Kzvl7l7/a6uSh/s6887w9IlWcc2bnR4vYZxol40vM=
Subject key identifier:   89:A8:0E:40:9B:3C:31:38:12:8F:36:A2:0C:E1:E0:BB:1C:6A:F1:EF
Certificate issuer:       /CN=f6b0366bbaeac7b5884e426df8009ec27a2c602e
Certificate serial:       018EBEA02E756521CB6BB887ABB2DA0D811B
Authority key identifier: F6:B0:36:6B:BA:EA:C7:B5:88:4E:42:6D:F8:00:9E:C2:7A:2C:60:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9rA2a7rqx7WITkJt-ACewnosYC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/fa707a-b334-4b05-83fa-1420b84134d3/1/iagOQJs8MTgSjzaiDOHguxxq8e8.roa
Signing time:             Mon 08 Apr 2024 16:52:32 +0000
ROA not before:           Mon 08 Apr 2024 16:52:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        92.42.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/fa707a-b334-4b05-83fa-1420b84134d3/1/9rA2a7rqx7WITkJt-ACewnosYC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/fa707a-b334-4b05-83fa-1420b84134d3/1/9rA2a7rqx7WITkJt-ACewnosYC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9rA2a7rqx7WITkJt-ACewnosYC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:a0:2e:75:65:21:cb:6b:b8:87:ab:b2:da:0d:81:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6b0366bbaeac7b5884e426df8009ec27a2c602e
        Validity
            Not Before: Apr  8 16:52:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a80e409b3c3138128f36a20ce1e0bb1c6af1ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:75:29:48:ae:ac:ca:dd:50:e2:ad:2f:e6:36:
                    f9:05:c9:ba:68:dc:de:d6:e0:cb:1b:9b:6e:7a:d5:
                    d9:70:65:b2:68:ae:b3:e9:f0:b7:84:df:8b:a8:6f:
                    9c:e5:84:7e:7a:fc:d6:a8:51:6a:2e:98:2b:c8:c9:
                    97:e0:7e:da:a0:8f:bb:c4:10:10:31:54:db:8e:30:
                    b4:88:4d:5f:ec:d0:30:4b:4b:58:0d:78:19:a6:0e:
                    88:a9:d0:fa:fb:a2:79:28:46:7b:9a:9a:32:c0:8e:
                    d2:ba:2c:fd:9e:ae:d0:64:f1:2b:d9:c7:e2:99:67:
                    8d:34:0a:bf:87:d9:80:ff:32:a6:36:3c:bc:6d:26:
                    64:c0:67:ba:c6:b2:9b:d7:78:37:2c:27:67:4e:ce:
                    78:62:ec:f5:b3:cd:96:83:d1:94:a2:0c:f8:16:89:
                    73:9c:9e:eb:a1:a0:a6:09:24:2a:34:9a:21:51:0c:
                    1f:f7:68:2d:62:05:8f:99:82:38:c4:86:62:14:db:
                    e3:db:a9:20:eb:91:ee:c0:32:a7:dc:31:7c:26:aa:
                    cc:e4:46:22:28:fd:a1:5c:e6:fd:c3:3c:9b:f8:4a:
                    18:a6:30:3f:0e:c1:b1:a3:b5:04:36:77:b5:ad:4c:
                    71:36:75:46:fc:a2:4e:2f:e6:e5:a0:84:79:ed:49:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A8:0E:40:9B:3C:31:38:12:8F:36:A2:0C:E1:E0:BB:1C:6A:F1:EF
            X509v3 Authority Key Identifier:
                keyid:F6:B0:36:6B:BA:EA:C7:B5:88:4E:42:6D:F8:00:9E:C2:7A:2C:60:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9rA2a7rqx7WITkJt-ACewnosYC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fa707a-b334-4b05-83fa-1420b84134d3/1/iagOQJs8MTgSjzaiDOHguxxq8e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fa707a-b334-4b05-83fa-1420b84134d3/1/9rA2a7rqx7WITkJt-ACewnosYC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:4a:a1:44:99:c1:39:2d:f8:1a:96:78:b7:f9:27:37:2e:ac:
         a3:d8:a5:44:61:ed:f3:45:c2:6a:01:3f:8e:6a:15:5a:11:be:
         b7:e0:87:42:81:28:cd:46:0d:d2:7a:e1:60:7c:fe:85:63:17:
         35:e8:dc:45:80:8c:c2:53:27:35:80:aa:8e:96:4f:3e:53:0d:
         56:01:70:71:d5:34:ba:ec:c5:f5:e1:0e:9f:76:ed:b3:4a:fb:
         44:b7:76:12:31:ee:1a:0e:5d:aa:86:b6:0e:90:3c:f5:52:de:
         66:81:28:04:81:34:f9:3d:43:bc:e3:8d:91:b9:c5:0c:bf:33:
         71:18:3f:4d:bf:10:91:64:a1:dc:f7:24:38:e2:ed:58:42:fa:
         d9:59:ac:e2:1a:18:27:4c:c1:bf:52:ec:cf:7f:cc:2e:3d:54:
         7f:38:29:47:f1:41:7c:aa:f0:e0:60:7f:75:25:e8:b3:f3:73:
         1b:f0:0a:c9:e5:c9:72:ae:63:d9:92:6a:a8:96:9f:74:81:80:
         e7:c9:16:d2:cc:17:23:88:7b:40:cb:be:bf:08:18:15:44:e0:
         e6:d4:46:fc:f5:51:f5:c1:c7:b9:c4:be:9a:93:b4:05:70:bb:
         7e:f6:69:3f:cc:ba:46:d2:ec:a4:47:1f:45:32:8c:a0:a1:d6:
         8f:21:2e:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+oC51ZSHLa7iHq7LaDYEbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YjAzNjZiYmFlYWM3YjU4ODRlNDI2ZGY4MDA5ZWMyN2Ey
YzYwMmUwHhcNMjQwNDA4MTY1MjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE4MGU0MDliM2MzMTM4MTI4ZjM2YTIwY2UxZTBiYjFjNmFmMWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHUpSK6syt1Q4q0v5jb5Bcm6aNze
1uDLG5tuetXZcGWyaK6z6fC3hN+LqG+c5YR+evzWqFFqLpgryMmX4H7aoI+7xBAQ
MVTbjjC0iE1f7NAwS0tYDXgZpg6IqdD6+6J5KEZ7mpoywI7Suiz9nq7QZPEr2cfi
mWeNNAq/h9mA/zKmNjy8bSZkwGe6xrKb13g3LCdnTs54Yuz1s82Wg9GUogz4Folz
nJ7roaCmCSQqNJohUQwf92gtYgWPmYI4xIZiFNvj26kg65HuwDKn3DF8JqrM5EYi
KP2hXOb9wzyb+EoYpjA/DsGxo7UENne1rUxxNnVG/KJOL+bloIR57UnQCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImoDkCbPDE4Eo82ogzh4LscavHvMB8GA1UdIwQY
MBaAFPawNmu66se1iE5CbfgAnsJ6LGAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXJBMmE3cnF4N1dJVGtKdC1BQ2V3bm9zWUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9mYTcwN2EtYjMzNC00YjA1LTgzZmEt
MTQyMGI4NDEzNGQzLzEvaWFnT1FKczhNVGdTanphaURPSGd1eHhxOGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9mYTcwN2EtYjMzNC00YjA1LTgzZmEtMTQyMGI4NDEzNGQz
LzEvOXJBMmE3cnF4N1dJVGtKdC1BQ2V3bm9zWUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCoAMA0G
CSqGSIb3DQEBCwUAA4IBAQBISqFEmcE5Lfgalni3+Sc3Lqyj2KVEYe3zRcJqAT+O
ahVaEb634IdCgSjNRg3SeuFgfP6FYxc16NxFgIzCUyc1gKqOlk8+Uw1WAXBx1TS6
7MX14Q6fdu2zSvtEt3YSMe4aDl2qhrYOkDz1Ut5mgSgEgTT5PUO8442RucUMvzNx
GD9NvxCRZKHc9yQ44u1YQvrZWaziGhgnTMG/UuzPf8wuPVR/OClH8UF8qvDgYH91
Jeiz83Mb8ArJ5clyrmPZkmqolp90gYDnyRbSzBcjiHtAy76/CBgVRODm1Eb89VH1
wce5xL6ak7QFcLt+9mk/zLpG0uykRx9FMoygodaPIS7k
-----END CERTIFICATE-----