Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/6dfbcf-313b-47b9-bf8e-a778a0c14859/1/rP00SjYOc7kI37LHeR0akx0WLbw.roa
File:                     rP00SjYOc7kI37LHeR0akx0WLbw.roa (raw, json)
Hash identifier:          HwxnGSpBCBewjdHMOMeKuWHUwmAgwVnpqM4EW67Q304=
Subject key identifier:   AC:FD:34:4A:36:0E:73:B9:08:DF:B2:C7:79:1D:1A:93:1D:16:2D:BC
Certificate issuer:       /CN=4b87033fc6a87d3b8d0cb3ce1ab2babbe52ba311
Certificate serial:       019426D93CDE5CFE543E3A0AF96FBBEDC836
Authority key identifier: 4B:87:03:3F:C6:A8:7D:3B:8D:0C:B3:CE:1A:B2:BA:BB:E5:2B:A3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S4cDP8aofTuNDLPOGrK6u-UroxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/6dfbcf-313b-47b9-bf8e-a778a0c14859/1/rP00SjYOc7kI37LHeR0akx0WLbw.roa
Signing time:             Thu 02 Jan 2025 11:49:18 +0000
ROA not before:           Thu 02 Jan 2025 11:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40178
IP address blocks:        188.92.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/6dfbcf-313b-47b9-bf8e-a778a0c14859/1/S4cDP8aofTuNDLPOGrK6u-UroxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/6dfbcf-313b-47b9-bf8e-a778a0c14859/1/S4cDP8aofTuNDLPOGrK6u-UroxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S4cDP8aofTuNDLPOGrK6u-UroxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:3c:de:5c:fe:54:3e:3a:0a:f9:6f:bb:ed:c8:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b87033fc6a87d3b8d0cb3ce1ab2babbe52ba311
        Validity
            Not Before: Jan  2 11:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acfd344a360e73b908dfb2c7791d1a931d162dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3d:78:c2:5f:20:ec:b9:49:25:96:4d:b7:e9:
                    6e:8d:13:89:c3:bd:d7:ab:48:4b:55:5c:b8:05:25:
                    48:e9:20:a9:a1:ab:1b:32:8e:9e:da:67:2c:ec:53:
                    bd:be:cc:48:8c:30:4d:0b:6a:c7:ba:91:52:20:05:
                    ba:ca:ba:31:76:7f:84:ac:0b:35:ef:6c:8b:01:c3:
                    da:5f:e9:8d:44:f1:ef:1b:a5:34:cd:a7:b6:3d:0b:
                    9e:04:25:65:01:14:11:4b:a4:ee:df:55:0c:e3:21:
                    c4:e8:d6:58:0a:bc:57:aa:ee:a8:f7:1e:76:24:5b:
                    2f:20:28:d3:3c:fe:5a:5a:8c:84:60:89:86:bb:57:
                    e3:c7:5b:9f:dd:5e:5f:cc:bf:ce:a2:8d:f2:c2:c6:
                    48:6c:de:7a:c1:2e:9c:19:b9:12:0b:c3:6b:62:04:
                    8f:a1:94:77:f7:56:20:48:69:5c:a7:22:80:e4:e9:
                    79:53:00:0c:31:79:a5:38:ef:02:34:88:65:ee:97:
                    65:10:cb:75:e3:9e:16:9d:58:7c:46:4b:b2:0c:5b:
                    46:18:9f:9c:54:fe:d1:bb:c1:0e:47:91:77:40:99:
                    ff:cc:85:c8:6e:50:39:5b:0e:ce:a4:a3:c4:80:a0:
                    6d:ae:a5:a8:3f:7c:13:93:49:b0:af:11:93:d7:73:
                    cc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:FD:34:4A:36:0E:73:B9:08:DF:B2:C7:79:1D:1A:93:1D:16:2D:BC
            X509v3 Authority Key Identifier:
                keyid:4B:87:03:3F:C6:A8:7D:3B:8D:0C:B3:CE:1A:B2:BA:BB:E5:2B:A3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S4cDP8aofTuNDLPOGrK6u-UroxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/6dfbcf-313b-47b9-bf8e-a778a0c14859/1/rP00SjYOc7kI37LHeR0akx0WLbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/6dfbcf-313b-47b9-bf8e-a778a0c14859/1/S4cDP8aofTuNDLPOGrK6u-UroxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:f4:f5:58:f7:6e:5b:d8:ea:9d:6d:aa:89:d9:08:aa:59:78:
         f8:2b:62:8e:6b:db:e0:55:fb:a4:7b:fb:5e:5d:fc:67:35:26:
         58:49:ef:0d:5f:1b:4e:10:13:62:67:95:c9:eb:23:18:ce:6c:
         02:a4:10:d1:6d:6f:46:6a:d0:50:88:0b:95:01:df:3e:10:8d:
         a1:e5:ea:a7:17:b4:d5:bd:b7:9d:d2:2c:9f:0d:fe:91:d2:a0:
         98:5e:2a:e5:b5:43:7e:e3:d7:28:e9:f8:2c:92:32:9d:99:bf:
         69:1b:60:10:25:90:f8:74:76:c0:f0:c2:cb:3c:90:8c:87:60:
         0b:8c:31:fd:75:b6:7f:a5:e1:a7:e3:37:fe:d4:84:0b:ae:53:
         fd:c8:85:f3:97:4a:0c:3e:41:ec:31:1a:db:03:93:ce:a6:6f:
         c0:eb:cf:c6:b4:4e:2a:31:43:9e:82:a8:4f:4d:93:04:6f:2f:
         2e:c0:0a:ae:1d:a8:61:65:30:2e:51:04:2a:a8:b4:34:03:0b:
         52:ee:2f:96:bf:f3:2a:56:8a:a5:ae:32:28:5a:26:ff:e7:4c:
         0a:72:db:a5:72:49:46:e6:f9:7e:1c:ca:35:72:e3:9b:eb:17:
         2d:4a:c0:d0:80:02:13:3c:68:b0:da:63:25:20:b3:57:6d:ea:
         8c:39:96:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2TzeXP5UPjoK+W+77cg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiODcwMzNmYzZhODdkM2I4ZDBjYjNjZTFhYjJiYWJiZTUy
YmEzMTEwHhcNMjUwMTAyMTE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2ZkMzQ0YTM2MGU3M2I5MDhkZmIyYzc3OTFkMWE5MzFkMTYyZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT14wl8g7LlJJZZNt+lujROJw73X
q0hLVVy4BSVI6SCpoasbMo6e2mcs7FO9vsxIjDBNC2rHupFSIAW6yroxdn+ErAs1
72yLAcPaX+mNRPHvG6U0zae2PQueBCVlARQRS6Tu31UM4yHE6NZYCrxXqu6o9x52
JFsvICjTPP5aWoyEYImGu1fjx1uf3V5fzL/Ooo3ywsZIbN56wS6cGbkSC8NrYgSP
oZR391YgSGlcpyKA5Ol5UwAMMXmlOO8CNIhl7pdlEMt1454WnVh8RkuyDFtGGJ+c
VP7Ru8EOR5F3QJn/zIXIblA5Ww7OpKPEgKBtrqWoP3wTk0mwrxGT13PMuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKz9NEo2DnO5CN+yx3kdGpMdFi28MB8GA1UdIwQY
MBaAFEuHAz/GqH07jQyzzhqyurvlK6MRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzRjRFA4YW9mVHVORExQT0dySzZ1LVVyb3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy82ZGZiY2YtMzEzYi00N2I5LWJmOGUt
YTc3OGEwYzE0ODU5LzEvclAwMFNqWU9jN2tJMzdMSGVSMGFreDBXTGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy82ZGZiY2YtMzEzYi00N2I5LWJmOGUtYTc3OGEwYzE0ODU5
LzEvUzRjRFA4YW9mVHVORExQT0dySzZ1LVVyb3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvFx4MA0G
CSqGSIb3DQEBCwUAA4IBAQCU9PVY925b2OqdbaqJ2QiqWXj4K2KOa9vgVfuke/te
XfxnNSZYSe8NXxtOEBNiZ5XJ6yMYzmwCpBDRbW9GatBQiAuVAd8+EI2h5eqnF7TV
vbed0iyfDf6R0qCYXirltUN+49co6fgskjKdmb9pG2AQJZD4dHbA8MLLPJCMh2AL
jDH9dbZ/peGn4zf+1IQLrlP9yIXzl0oMPkHsMRrbA5POpm/A68/GtE4qMUOegqhP
TZMEby8uwAquHahhZTAuUQQqqLQ0AwtS7i+Wv/MqVoqlrjIoWib/50wKctulcklG
5vl+HMo1cuOb6xctSsDQgAITPGiw2mMlILNXbeqMOZYH
-----END CERTIFICATE-----