Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/0NriJ9h0cAs5vCyI_I697FHjKsk.roa
File:                     0NriJ9h0cAs5vCyI_I697FHjKsk.roa (raw, json)
Hash identifier:          Nffm9wYof4sJJRiGmAEREvkYZN3EGRGZ+whhYyKUYfA=
Subject key identifier:   D0:DA:E2:27:D8:74:70:0B:39:BC:2C:88:FC:8E:BD:EC:51:E3:2A:C9
Certificate issuer:       /CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
Certificate serial:       0192E1C81EFCDBA0772698D0C35A3046ABC7
Authority key identifier: B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/0NriJ9h0cAs5vCyI_I697FHjKsk.roa
Signing time:             Thu 31 Oct 2024 08:54:01 +0000
ROA not before:           Thu 31 Oct 2024 08:54:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202651
IP address blocks:        92.119.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e1:c8:1e:fc:db:a0:77:26:98:d0:c3:5a:30:46:ab:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
        Validity
            Not Before: Oct 31 08:54:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0dae227d874700b39bc2c88fc8ebdec51e32ac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:38:ee:89:34:b5:f6:84:ca:88:0e:5e:79:10:
                    2e:c8:c1:e4:10:31:15:64:d9:36:f2:de:33:0c:90:
                    f3:3a:d3:04:3f:81:82:01:e5:d6:c5:1c:9c:7b:7f:
                    0e:0a:37:a7:1c:8b:ec:aa:94:f1:4e:64:e3:6b:e7:
                    22:a8:82:34:0e:fd:b3:a1:11:9d:dc:f3:78:96:61:
                    e5:c6:0c:4a:7a:c1:d7:15:a6:45:f8:65:9e:71:a7:
                    c0:93:8d:89:27:c6:de:19:5b:5f:94:61:e3:40:98:
                    ed:60:73:18:e9:50:ca:c7:e1:59:92:5f:d1:30:8a:
                    13:88:85:3e:5a:cb:91:0d:e0:bb:38:f8:f3:6e:34:
                    19:00:3d:ea:fa:10:53:67:f0:61:ce:0e:dc:87:a7:
                    eb:9e:b5:2c:a7:8f:5f:8f:93:75:2d:75:e7:6a:33:
                    7d:61:1e:d2:8a:8d:40:53:c6:5b:41:3b:58:19:ca:
                    92:11:c3:97:a4:d1:ff:57:17:12:34:40:ab:bd:7a:
                    c0:e3:87:fe:f3:05:98:c6:e7:18:14:1a:ed:99:55:
                    82:6b:18:92:24:2e:2e:61:99:86:8d:80:d5:24:00:
                    b9:45:bb:f5:69:f8:6d:2f:98:0c:e3:de:93:0c:9c:
                    c3:4d:a0:21:7e:ce:75:0f:d9:58:ac:3f:85:9b:d4:
                    0e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DA:E2:27:D8:74:70:0B:39:BC:2C:88:FC:8E:BD:EC:51:E3:2A:C9
            X509v3 Authority Key Identifier:
                keyid:B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/0NriJ9h0cAs5vCyI_I697FHjKsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ea:09:00:78:19:74:90:7c:45:d4:26:f6:34:89:19:24:4c:
         58:e0:2a:4d:43:37:6a:b7:1f:db:f5:5f:c4:c1:91:cd:63:96:
         70:e4:56:0f:c9:22:91:0b:0a:c6:34:37:f6:f9:74:c9:fe:d8:
         93:8c:1f:54:53:56:a0:dd:f0:df:d1:15:8c:1a:95:73:08:fc:
         8c:57:a8:3f:66:1b:70:d2:62:d8:82:a0:3f:6a:ff:38:0a:b6:
         d8:21:21:2b:eb:62:90:83:17:04:c4:e8:73:5a:4c:51:3e:57:
         22:83:da:43:c3:5d:70:ca:f1:b5:9b:02:2c:9f:33:80:aa:81:
         0e:1c:d9:8f:44:69:9a:e9:f0:c7:54:d0:88:74:dd:5c:4d:6c:
         1a:a4:30:16:6a:90:0d:80:84:3b:eb:25:78:de:bf:04:b0:0a:
         6f:7e:3f:d4:58:f5:5b:a7:83:25:2d:01:67:e4:da:3b:1b:7d:
         42:55:0b:33:f3:85:6b:e6:40:ad:1a:38:79:94:01:da:b3:67:
         b7:e7:2c:1b:9a:4e:e9:60:9e:65:7f:b6:ec:03:bb:60:f5:2c:
         63:4a:da:f4:9e:08:48:61:51:17:7f:1a:87:b5:75:68:ef:cf:
         76:b7:6c:60:6c:b3:2e:d6:ef:fb:fb:0c:00:cf:7c:98:d7:1b:
         72:db:6b:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLhyB7826B3JpjQw1owRqvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZkOTAyNjM3MmNmY2U4ZmRlODIzYzNlZjljOWY3OTBh
YWUxNGYwHhcNMjQxMDMxMDg1NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGRhZTIyN2Q4NzQ3MDBiMzliYzJjODhmYzhlYmRlYzUxZTMyYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTjuiTS19oTKiA5eeRAuyMHkEDEV
ZNk28t4zDJDzOtMEP4GCAeXWxRyce38OCjenHIvsqpTxTmTja+ciqII0Dv2zoRGd
3PN4lmHlxgxKesHXFaZF+GWecafAk42JJ8beGVtflGHjQJjtYHMY6VDKx+FZkl/R
MIoTiIU+WsuRDeC7OPjzbjQZAD3q+hBTZ/Bhzg7ch6frnrUsp49fj5N1LXXnajN9
YR7Sio1AU8ZbQTtYGcqSEcOXpNH/VxcSNECrvXrA44f+8wWYxucYFBrtmVWCaxiS
JC4uYZmGjYDVJAC5Rbv1afhtL5gM496TDJzDTaAhfs51D9lYrD+Fm9QO/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDa4ifYdHALObwsiPyOvexR4yrJMB8GA1UdIwQY
MBaAFLO22QJjcs/Oj96CPD75yfeQquFPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjct
ZDRmMTJiMzdhMzE4LzEvME5yaUo5aDBjQXM1dkN5SV9JNjk3RkhqS3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjctZDRmMTJiMzdhMzE4
LzEvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHc/MA0G
CSqGSIb3DQEBCwUAA4IBAQAN6gkAeBl0kHxF1Cb2NIkZJExY4CpNQzdqtx/b9V/E
wZHNY5Zw5FYPySKRCwrGNDf2+XTJ/tiTjB9UU1ag3fDf0RWMGpVzCPyMV6g/Zhtw
0mLYgqA/av84CrbYISEr62KQgxcExOhzWkxRPlcig9pDw11wyvG1mwIsnzOAqoEO
HNmPRGma6fDHVNCIdN1cTWwapDAWapANgIQ76yV43r8EsApvfj/UWPVbp4MlLQFn
5No7G31CVQsz84Vr5kCtGjh5lAHas2e35ywbmk7pYJ5lf7bsA7tg9SxjStr0nghI
YVEXfxqHtXVo7892t2xgbLMu1u/7+wwAz3yY1xty22ug
-----END CERTIFICATE-----