Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Clh59qbFk87HB1hStYjpCYPWYPk.roa
File:                     Clh59qbFk87HB1hStYjpCYPWYPk.roa (raw, json)
Hash identifier:          SZP/GWHvVT/kBate2YzVVZAZXuTp21FWytFNyzKpByg=
Subject key identifier:   0A:58:79:F6:A6:C5:93:CE:C7:07:58:52:B5:88:E9:09:83:D6:60:F9
Certificate issuer:       /CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
Certificate serial:       01941FFA19BE83298384748D054422D0C46E
Authority key identifier: 1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Clh59qbFk87HB1hStYjpCYPWYPk.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209927
IP address blocks:        92.118.132.0/24 maxlen: 24
                          92.118.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:19:be:83:29:83:84:74:8d:05:44:22:d0:c4:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eaf5c2e5edc197834d07f345962b0745bee66d7
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a5879f6a6c593cec7075852b588e90983d660f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ed:f9:76:5b:9a:2c:ad:67:43:79:12:b0:61:
                    19:9a:2b:26:0d:8d:9e:f6:45:da:e7:c8:8c:15:3c:
                    65:59:ec:ba:9a:ea:80:fa:f7:d3:5d:4b:12:77:08:
                    99:4d:de:6d:d1:af:cf:67:d7:8a:b0:09:b4:2f:36:
                    48:c7:7f:b9:fc:25:15:e9:3a:18:2f:2b:78:49:f7:
                    22:01:28:d7:d7:09:6a:0f:32:5a:63:c2:52:ac:64:
                    4b:79:7b:6d:81:fe:90:ec:f3:ab:ff:71:7c:f0:00:
                    57:14:65:d9:75:58:d0:35:a5:cd:bc:e7:21:be:7f:
                    4f:6d:19:2a:a5:0e:59:fb:4e:33:d3:99:d9:c5:06:
                    6d:d5:74:82:69:b3:0a:b8:e5:55:25:68:16:5f:5c:
                    bc:61:6c:1b:fe:8a:3d:e1:a1:a0:53:d2:2b:a7:a7:
                    b8:4c:b2:08:ac:ba:ff:53:a8:91:91:44:a3:f3:84:
                    87:00:05:53:4f:b8:00:3c:a7:98:ac:02:f5:ed:15:
                    22:90:06:a7:b2:0a:9e:db:21:90:94:f7:5a:57:dd:
                    b4:96:f6:5a:d0:97:07:58:03:a7:0c:aa:c5:25:f4:
                    ce:28:4a:fa:73:f1:a5:b4:e9:40:50:61:85:1e:14:
                    b8:27:3b:c4:55:2c:ee:4f:2f:57:21:57:c9:18:72:
                    7d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:58:79:F6:A6:C5:93:CE:C7:07:58:52:B5:88:E9:09:83:D6:60:F9
            X509v3 Authority Key Identifier:
                keyid:1E:AF:5C:2E:5E:DC:19:78:34:D0:7F:34:59:62:B0:74:5B:EE:66:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hq9cLl7cGXg00H80WWKwdFvuZtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Clh59qbFk87HB1hStYjpCYPWYPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1cfb92-9c31-464f-9382-4a34c1bbab2b/1/Hq9cLl7cGXg00H80WWKwdFvuZtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:58:46:76:de:2e:59:19:5e:81:b5:b9:3c:30:6c:88:93:3c:
         4a:a0:1f:8d:07:ab:2e:40:1c:55:12:b8:f8:49:23:de:93:55:
         0e:ec:cd:0d:1d:b1:78:06:a6:e7:96:8c:11:9f:0b:87:c5:e6:
         f2:f7:c6:3a:df:0b:02:11:3e:cf:84:3f:95:01:fc:ee:7a:56:
         49:71:fc:eb:b4:fb:a8:fa:db:a5:0f:e4:30:09:39:83:66:c0:
         c0:35:6b:de:aa:c9:85:ea:4e:77:c6:85:3e:a6:8f:9a:c2:6d:
         3a:a3:30:e8:e2:15:d0:21:0e:21:f9:ee:dd:71:2d:ad:e0:56:
         f3:a8:92:71:3d:d6:12:a9:b8:31:46:46:63:b9:35:4e:eb:1a:
         cb:20:79:a7:99:b2:be:16:77:3f:46:63:6f:49:17:83:2c:9a:
         ab:eb:af:7a:30:e3:ab:4c:6e:64:2d:f4:f0:99:f6:4b:d6:37:
         00:a6:ba:a6:b9:bc:4f:c5:8e:7c:35:fd:a8:a9:4a:ed:f3:02:
         04:a5:d0:e5:e3:e8:a8:e8:ff:b7:6b:88:d4:46:5a:01:ab:f6:
         3e:68:4b:66:5e:a5:65:15:c8:9a:00:2c:37:d7:68:75:fd:9c:
         01:3e:a7:58:8d:39:f9:e6:14:62:98:7e:e0:c0:74:4c:d3:b4:
         f8:f0:3f:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hm+gymDhHSNBUQi0MRuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWY1YzJlNWVkYzE5NzgzNGQwN2YzNDU5NjJiMDc0NWJl
ZTY2ZDcwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTU4NzlmNmE2YzU5M2NlYzcwNzU4NTJiNTg4ZTkwOTgzZDY2MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e35dluaLK1nQ3kSsGEZmismDY2e
9kXa58iMFTxlWey6muqA+vfTXUsSdwiZTd5t0a/PZ9eKsAm0LzZIx3+5/CUV6ToY
Lyt4SfciASjX1wlqDzJaY8JSrGRLeXttgf6Q7POr/3F88ABXFGXZdVjQNaXNvOch
vn9PbRkqpQ5Z+04z05nZxQZt1XSCabMKuOVVJWgWX1y8YWwb/oo94aGgU9Irp6e4
TLIIrLr/U6iRkUSj84SHAAVTT7gAPKeYrAL17RUikAansgqe2yGQlPdaV920lvZa
0JcHWAOnDKrFJfTOKEr6c/GltOlAUGGFHhS4JzvEVSzuTy9XIVfJGHJ96QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApYefamxZPOxwdYUrWI6QmD1mD5MB8GA1UdIwQY
MBaAFB6vXC5e3Bl4NNB/NFlisHRb7mbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODIt
NGEzNGMxYmJhYjJiLzEvQ2xoNTlxYkZrODdIQjFoU3RZanBDWVBXWVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xY2ZiOTItOWMzMS00NjRmLTkzODItNGEzNGMxYmJhYjJi
LzEvSHE5Y0xsN2NHWGcwMEg4MFdXS3dkRnZ1WnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXHaEMA0G
CSqGSIb3DQEBCwUAA4IBAQBbWEZ23i5ZGV6Btbk8MGyIkzxKoB+NB6suQBxVErj4
SSPek1UO7M0NHbF4BqbnlowRnwuHxeby98Y63wsCET7PhD+VAfzuelZJcfzrtPuo
+tulD+QwCTmDZsDANWveqsmF6k53xoU+po+awm06ozDo4hXQIQ4h+e7dcS2t4Fbz
qJJxPdYSqbgxRkZjuTVO6xrLIHmnmbK+Fnc/RmNvSReDLJqr6696MOOrTG5kLfTw
mfZL1jcAprqmubxPxY58Nf2oqUrt8wIEpdDl4+io6P+3a4jURloBq/Y+aEtmXqVl
FciaACw312h1/ZwBPqdYjTn55hRimH7gwHRM07T48D8t
-----END CERTIFICATE-----