Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/mT-VOUDJmvmP_sTM21hDDxSP3rE.roa
File:                     mT-VOUDJmvmP_sTM21hDDxSP3rE.roa (raw, json)
Hash identifier:          F6iEMvREYPpxQ04hc9+dm7q1coX52cNlcMY9sXaasXc=
Subject key identifier:   99:3F:95:39:40:C9:9A:F9:8F:FE:C4:CC:DB:58:43:0F:14:8F:DE:B1
Certificate issuer:       /CN=924532b4f743cf95cbec18681ba67ac5db854f33
Certificate serial:       019053E3C5C36E7DA452200D9B76563E0531
Authority key identifier: 92:45:32:B4:F7:43:CF:95:CB:EC:18:68:1B:A6:7A:C5:DB:85:4F:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/mT-VOUDJmvmP_sTM21hDDxSP3rE.roa
Signing time:             Wed 26 Jun 2024 09:32:34 +0000
ROA not before:           Wed 26 Jun 2024 09:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205276
IP address blocks:        185.48.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:e3:c5:c3:6e:7d:a4:52:20:0d:9b:76:56:3e:05:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=924532b4f743cf95cbec18681ba67ac5db854f33
        Validity
            Not Before: Jun 26 09:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=993f953940c99af98ffec4ccdb58430f148fdeb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c2:b3:6f:ef:d4:c1:6c:fa:17:af:da:72:ee:
                    8f:bd:89:31:97:e7:15:47:0d:d7:99:05:a7:cc:57:
                    75:2e:5a:d7:91:b7:15:76:d8:64:2e:fc:a5:5f:88:
                    cb:19:c7:14:79:f3:b3:91:75:e3:81:5a:b2:3c:ab:
                    94:01:17:ef:f9:1e:1b:67:bf:90:ec:a9:f3:71:3e:
                    9c:6f:7d:46:57:d9:68:2d:7b:80:a8:03:2e:aa:55:
                    db:e2:82:4f:0f:52:e8:80:90:d7:9c:50:88:18:03:
                    fd:3b:ea:77:46:07:39:d1:b4:dc:d3:4c:1d:93:f7:
                    d4:bc:ce:54:d2:b9:04:8c:45:03:2d:58:de:1b:f5:
                    62:e2:63:82:9a:74:05:17:c6:75:eb:e6:1f:7b:27:
                    4a:f4:0c:bc:c4:3b:9f:db:d7:93:d5:1e:41:2e:df:
                    7a:30:e7:85:3a:04:9e:fb:01:48:76:19:64:c9:e6:
                    bd:1c:95:e0:2a:7c:db:ff:d6:81:8c:21:2f:42:ed:
                    b4:5b:6e:d6:b4:2c:7a:67:be:89:51:1f:f8:73:a2:
                    24:71:74:17:ca:94:de:42:8a:a3:3c:a3:0d:fc:ab:
                    95:2c:43:f3:51:7c:bb:87:28:95:31:cb:95:3a:22:
                    c1:65:4d:af:81:fe:cd:4c:e3:03:79:71:30:ca:56:
                    63:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:3F:95:39:40:C9:9A:F9:8F:FE:C4:CC:DB:58:43:0F:14:8F:DE:B1
            X509v3 Authority Key Identifier:
                keyid:92:45:32:B4:F7:43:CF:95:CB:EC:18:68:1B:A6:7A:C5:DB:85:4F:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/mT-VOUDJmvmP_sTM21hDDxSP3rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:4f:a9:b1:56:88:62:80:80:c2:d6:ec:93:32:22:7c:d4:d2:
         87:7f:ac:c7:eb:f4:65:bc:9a:d6:8e:51:41:cd:0d:d0:f8:3f:
         f3:8c:48:50:7f:a7:44:10:06:5d:f7:41:1b:f5:ec:5c:b9:92:
         58:90:8e:ff:70:0a:b7:c0:ee:4b:5b:54:ab:cd:81:fd:2d:6b:
         ff:f5:a0:d7:51:c3:eb:69:a4:04:b0:6d:61:1b:4c:93:64:54:
         ce:c5:18:10:31:9a:f2:c2:70:3f:79:fa:50:5f:38:1f:ad:4d:
         c3:6a:aa:92:4c:74:11:9d:65:a7:06:3b:27:b1:d8:66:b4:c7:
         1c:a1:7a:b0:9b:2d:bf:2d:05:0d:5d:da:cf:e7:e3:3f:94:de:
         64:4c:1f:7e:45:b1:1a:c2:d3:bc:58:48:4e:f4:e3:bf:65:25:
         d1:11:27:95:1a:69:42:5e:23:04:72:7c:15:45:09:20:7e:4e:
         4b:8a:2f:98:39:4b:54:6a:f0:59:5d:42:d6:37:e0:04:87:90:
         d8:56:e6:9e:2c:4d:77:ce:72:08:0d:83:1a:a7:c9:54:1b:04:
         f7:0e:e6:6a:d0:87:df:0a:e5:e3:1f:cc:b0:a0:54:78:4c:53:
         25:c7:df:82:d8:e6:43:77:be:eb:a2:fa:f3:19:57:56:26:bb:
         51:8a:6b:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBT48XDbn2kUiANm3ZWPgUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDUzMmI0Zjc0M2NmOTVjYmVjMTg2ODFiYTY3YWM1ZGI4
NTRmMzMwHhcNMjQwNjI2MDkzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTNmOTUzOTQwYzk5YWY5OGZmZWM0Y2NkYjU4NDMwZjE0OGZkZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsKzb+/UwWz6F6/acu6PvYkxl+cV
Rw3XmQWnzFd1LlrXkbcVdthkLvylX4jLGccUefOzkXXjgVqyPKuUARfv+R4bZ7+Q
7KnzcT6cb31GV9loLXuAqAMuqlXb4oJPD1LogJDXnFCIGAP9O+p3Rgc50bTc00wd
k/fUvM5U0rkEjEUDLVjeG/Vi4mOCmnQFF8Z16+YfeydK9Ay8xDuf29eT1R5BLt96
MOeFOgSe+wFIdhlkyea9HJXgKnzb/9aBjCEvQu20W27WtCx6Z76JUR/4c6IkcXQX
ypTeQoqjPKMN/KuVLEPzUXy7hyiVMcuVOiLBZU2vgf7NTOMDeXEwylZjNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJk/lTlAyZr5j/7EzNtYQw8Uj96xMB8GA1UdIwQY
MBaAFJJFMrT3Q8+Vy+wYaBumesXbhU8zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tVeXRQZER6NVhMN0Job0c2WjZ4ZHVGVHpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yYjlmMDEtYTU2ZS00YmU5LWFkMzIt
MzhlZDcxNTU5OTVjLzEvbVQtVk9VREptdm1QX3NUTTIxaEREeFNQM3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yYjlmMDEtYTU2ZS00YmU5LWFkMzItMzhlZDcxNTU5OTVj
LzEva2tVeXRQZER6NVhMN0Job0c2WjZ4ZHVGVHpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTCOMA0G
CSqGSIb3DQEBCwUAA4IBAQDNT6mxVohigIDC1uyTMiJ81NKHf6zH6/RlvJrWjlFB
zQ3Q+D/zjEhQf6dEEAZd90Eb9excuZJYkI7/cAq3wO5LW1SrzYH9LWv/9aDXUcPr
aaQEsG1hG0yTZFTOxRgQMZrywnA/efpQXzgfrU3DaqqSTHQRnWWnBjsnsdhmtMcc
oXqwmy2/LQUNXdrP5+M/lN5kTB9+RbEawtO8WEhO9OO/ZSXRESeVGmlCXiMEcnwV
RQkgfk5Lii+YOUtUavBZXULWN+AEh5DYVuaeLE13znIIDYMap8lUGwT3DuZq0Iff
CuXjH8ywoFR4TFMlx9+C2OZDd77rovrzGVdWJrtRimuz
-----END CERTIFICATE-----