Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/xEv2O8G3mNg4wfAHNcRWII0ELCQ.roa
File:                     xEv2O8G3mNg4wfAHNcRWII0ELCQ.roa (raw, json)
Hash identifier:          aIbCXMMinMktoNcSg4FBRaU7Hk7oFIe3z89N+AkniJc=
Subject key identifier:   C4:4B:F6:3B:C1:B7:98:D8:38:C1:F0:07:35:C4:56:20:8D:04:2C:24
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795462171055F73BA3541724AB7BC57
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/xEv2O8G3mNg4wfAHNcRWII0ELCQ.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34601
IP address blocks:        92.114.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:46:21:71:05:5f:73:ba:35:41:72:4a:b7:bc:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c44bf63bc1b798d838c1f00735c456208d042c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d0:f9:91:1d:b8:36:0e:08:5b:8e:61:1c:f3:
                    a4:2b:9c:3c:e8:e0:15:d3:ed:db:e1:0e:58:42:5c:
                    41:a1:7e:c4:c0:4d:6c:e2:f7:6f:85:e4:71:5f:b6:
                    e4:61:48:98:ed:16:d3:0d:45:5b:d6:97:66:e5:ac:
                    ae:59:3c:d3:b1:74:1d:99:9f:d5:ae:85:14:89:58:
                    28:c1:20:40:8a:9b:d1:49:89:fc:e1:fb:5b:0e:46:
                    dd:74:b0:54:07:87:ff:99:f1:17:41:4e:23:d7:79:
                    f0:34:12:ba:48:e9:32:3e:be:75:8e:a7:6a:66:b1:
                    e7:80:f4:dc:9a:fc:35:c5:ad:48:ea:95:3c:da:b9:
                    f3:f0:82:d1:bc:3b:0a:5f:1a:25:9e:13:92:90:93:
                    a1:a6:ff:bd:6e:d7:fb:39:13:ee:7d:0b:71:8a:c4:
                    b5:e0:dc:95:e1:b8:7f:30:d6:6e:66:c1:75:60:41:
                    c6:ec:61:37:c6:5d:c3:0a:b7:46:35:e8:40:1d:35:
                    10:78:08:fc:74:0a:94:d3:05:56:08:20:0a:c4:ca:
                    16:2e:e7:d8:7b:ab:82:d7:d4:dc:35:9b:a0:19:a5:
                    8c:3e:60:39:33:fd:73:61:b2:cb:26:4e:e8:c4:e5:
                    b6:2f:c1:46:c5:d9:c5:3f:49:94:37:09:c1:6b:08:
                    1a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:4B:F6:3B:C1:B7:98:D8:38:C1:F0:07:35:C4:56:20:8D:04:2C:24
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/xEv2O8G3mNg4wfAHNcRWII0ELCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:a1:f1:73:d9:02:85:5e:ae:2b:d2:1b:07:40:37:37:b3:73:
         65:09:de:99:76:bf:9d:bd:c3:62:00:d9:1a:64:dc:fb:2d:ca:
         b8:7e:a4:9e:01:e6:90:38:1b:c6:2c:b1:44:20:23:03:e4:3f:
         ff:45:ab:dc:ae:13:35:17:9c:75:06:5a:66:9a:01:97:f9:fb:
         c8:a1:49:99:43:33:31:8d:07:8a:67:af:43:15:e5:a4:a1:b9:
         f9:3b:58:2b:cb:0e:50:8e:1e:bc:f2:dd:52:e0:e1:da:93:5c:
         da:fc:21:bf:a1:db:1f:02:10:ec:4c:4e:23:04:9a:ba:74:aa:
         2a:76:2c:99:d3:dd:91:36:21:7b:ba:83:ec:4b:9c:8d:fa:3e:
         73:4e:cc:84:55:13:15:bc:cc:10:4d:a6:5a:ba:61:63:b6:0f:
         1c:18:7a:be:b4:c6:a9:aa:30:4d:a5:03:21:fe:f1:17:dc:94:
         d2:9b:17:48:a8:73:2e:48:58:8b:da:43:c2:c1:a6:79:e2:87:
         f0:76:4f:c9:13:62:9d:f5:05:f8:aa:67:9d:a2:bb:18:8f:0b:
         b4:63:73:cb:2e:24:ed:5c:ea:f4:ca:55:f5:9a:c1:5d:bf:b4:
         bf:57:f8:35:01:66:b1:da:34:78:69:4d:0b:54:fc:fc:f5:9e:
         f6:f5:f2:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUYhcQVfc7o1QXJKt7xXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRiZjYzYmMxYjc5OGQ4MzhjMWYwMDczNWM0NTYyMDhkMDQyYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtD5kR24Ng4IW45hHPOkK5w86OAV
0+3b4Q5YQlxBoX7EwE1s4vdvheRxX7bkYUiY7RbTDUVb1pdm5ayuWTzTsXQdmZ/V
roUUiVgowSBAipvRSYn84ftbDkbddLBUB4f/mfEXQU4j13nwNBK6SOkyPr51jqdq
ZrHngPTcmvw1xa1I6pU82rnz8ILRvDsKXxolnhOSkJOhpv+9btf7ORPufQtxisS1
4NyV4bh/MNZuZsF1YEHG7GE3xl3DCrdGNehAHTUQeAj8dAqU0wVWCCAKxMoWLufY
e6uC19TcNZugGaWMPmA5M/1zYbLLJk7oxOW2L8FGxdnFP0mUNwnBawgaowIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMRL9jvBt5jYOMHwBzXEViCNBCwkMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3hFdjJPOEczbU5nNHdmQUhOY1JXSUkwRUxDUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABcciUw
DQYJKoZIhvcNAQELBQADggEBAM2h8XPZAoVerivSGwdANzezc2UJ3pl2v529w2IA
2Rpk3Pstyrh+pJ4B5pA4G8YssUQgIwPkP/9Fq9yuEzUXnHUGWmaaAZf5+8ihSZlD
MzGNB4pnr0MV5aShufk7WCvLDlCOHrzy3VLg4dqTXNr8Ib+h2x8CEOxMTiMEmrp0
qip2LJnT3ZE2IXu6g+xLnI36PnNOzIRVExW8zBBNplq6YWO2DxwYer60xqmqME2l
AyH+8RfclNKbF0iocy5IWIvaQ8LBpnnih/B2T8kTYp31BfiqZ52iuxiPC7Rjc8su
JO1c6vTKVfWawV2/tL9X+DUBZrHaNHhpTQtU/Pz1nvb18qQ=
-----END CERTIFICATE-----