Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/oxoCgwVUUfyql_HY9r9zViZ0PSs.roa
File:                     oxoCgwVUUfyql_HY9r9zViZ0PSs.roa (raw, json)
Hash identifier:          t6iQhbBGcDxyByT+ndZTkfld3jPaC1oNDnSRYIr1yc8=
Subject key identifier:   A3:1A:02:83:05:54:51:FC:AA:97:F1:D8:F6:BF:73:56:26:74:3D:2B
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01932959C90986ACA51623AB53E717BE2D59
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/oxoCgwVUUfyql_HY9r9zViZ0PSs.roa
Signing time:             Thu 14 Nov 2024 06:26:10 +0000
ROA not before:           Thu 14 Nov 2024 06:26:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398779
IP address blocks:        92.114.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:59:c9:09:86:ac:a5:16:23:ab:53:e7:17:be:2d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Nov 14 06:26:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a31a0283055451fcaa97f1d8f6bf735626743d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:29:92:57:83:10:f8:97:01:5d:56:49:6e:72:
                    8a:99:4c:0f:cb:f3:40:40:65:bd:91:55:c9:0c:45:
                    7c:b8:d3:95:c6:77:e9:ba:22:0a:c4:bf:c2:c6:86:
                    81:c2:6b:cd:1c:90:88:b5:2a:8f:5d:38:78:6b:2d:
                    10:48:3f:0d:5e:6c:e7:40:2a:b6:52:35:d6:6e:fb:
                    6d:07:43:18:c7:4d:90:78:8b:40:d8:b7:6f:74:e3:
                    76:e9:14:10:d0:ab:0f:29:c7:44:8e:e4:d1:9f:a8:
                    14:92:80:86:f4:37:63:6c:fd:c2:75:bf:8d:56:4f:
                    b0:3c:a9:89:64:07:dd:1e:0e:69:41:3b:dc:31:97:
                    79:66:33:84:bd:10:52:f5:8b:1c:97:84:c1:06:56:
                    45:21:a2:34:e1:e4:ee:b0:84:75:57:24:2d:a0:03:
                    82:ab:65:4d:f2:aa:17:35:54:2a:3c:fa:fc:2e:ae:
                    24:91:b8:b4:5f:65:29:c9:e2:9d:5d:d8:d7:29:71:
                    42:08:70:86:69:05:ad:ed:9e:09:a9:0f:10:33:f9:
                    e1:4a:b9:a7:1b:ee:d5:1b:be:fe:a5:b2:13:ea:9d:
                    95:c1:17:2e:90:e4:37:73:12:54:f4:4d:1b:f2:f9:
                    cb:c0:2d:ec:4c:4c:b9:d3:b0:88:3e:5a:05:09:40:
                    64:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:1A:02:83:05:54:51:FC:AA:97:F1:D8:F6:BF:73:56:26:74:3D:2B
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/oxoCgwVUUfyql_HY9r9zViZ0PSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:5e:e8:d8:c1:b7:cf:e3:17:6c:fc:b9:1d:9f:0c:c9:8b:f1:
         e2:fe:34:ed:28:40:26:b5:98:e3:ab:aa:46:b9:07:33:8a:81:
         ca:4d:be:89:da:0e:de:77:fe:c3:1b:59:56:e4:80:08:77:ad:
         2a:71:3d:a4:e5:48:6f:ce:8f:0c:d9:12:77:f5:f6:66:30:6b:
         b4:cf:0e:38:3b:ff:05:d0:82:14:f5:42:2a:b4:9b:58:6a:cd:
         1e:09:c5:6c:d7:cb:91:c6:79:5f:32:b1:6c:fe:ff:a1:37:00:
         33:7b:16:94:d8:09:c3:cc:8c:a9:72:c4:83:71:06:26:38:f1:
         b2:b5:56:5d:7d:ad:9e:d1:d4:96:95:7c:eb:5f:14:c6:08:22:
         b3:90:bc:ec:88:a3:4d:91:42:88:18:ac:ac:61:89:67:b9:19:
         bf:08:ac:3d:99:ef:c1:b5:48:34:41:bb:6e:71:f9:6c:55:5f:
         27:96:6f:1c:39:3f:2c:55:37:fd:b5:9e:75:58:6a:bf:fb:66:
         df:bc:71:e5:4d:40:99:d8:15:a1:f7:ad:f4:76:95:f2:e5:11:
         59:6d:09:3c:f5:c1:18:09:56:fc:15:dd:b4:cb:64:25:2e:7b:
         a3:2f:69:56:c5:29:46:17:05:5a:8d:9b:94:c7:34:89:c5:d3:
         3a:04:e4:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMpWckJhqylFiOrU+cXvi1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMTE0MDYyNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzFhMDI4MzA1NTQ1MWZjYWE5N2YxZDhmNmJmNzM1NjI2NzQzZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSmSV4MQ+JcBXVZJbnKKmUwPy/NA
QGW9kVXJDEV8uNOVxnfpuiIKxL/CxoaBwmvNHJCItSqPXTh4ay0QSD8NXmznQCq2
UjXWbvttB0MYx02QeItA2LdvdON26RQQ0KsPKcdEjuTRn6gUkoCG9DdjbP3Cdb+N
Vk+wPKmJZAfdHg5pQTvcMZd5ZjOEvRBS9Yscl4TBBlZFIaI04eTusIR1VyQtoAOC
q2VN8qoXNVQqPPr8Lq4kkbi0X2UpyeKdXdjXKXFCCHCGaQWt7Z4JqQ8QM/nhSrmn
G+7VG77+pbIT6p2VwRcukOQ3cxJU9E0b8vnLwC3sTEy507CIPloFCUBkZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMaAoMFVFH8qpfx2Pa/c1YmdD0rMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvb3hvQ2d3VlVVZnlxbF9IWTlyOXpWaVowUFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHIoMA0G
CSqGSIb3DQEBCwUAA4IBAQBBXujYwbfP4xds/LkdnwzJi/Hi/jTtKEAmtZjjq6pG
uQczioHKTb6J2g7ed/7DG1lW5IAId60qcT2k5Uhvzo8M2RJ39fZmMGu0zw44O/8F
0IIU9UIqtJtYas0eCcVs18uRxnlfMrFs/v+hNwAzexaU2AnDzIypcsSDcQYmOPGy
tVZdfa2e0dSWlXzrXxTGCCKzkLzsiKNNkUKIGKysYYlnuRm/CKw9me/BtUg0Qbtu
cflsVV8nlm8cOT8sVTf9tZ51WGq/+2bfvHHlTUCZ2BWh9630dpXy5RFZbQk89cEY
CVb8Fd20y2QlLnujL2lWxSlGFwVajZuUxzSJxdM6BORc
-----END CERTIFICATE-----