Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/1xTBfxfrxhFUKTLe2QfRWQ0RWnc.roa
File:                     1xTBfxfrxhFUKTLe2QfRWQ0RWnc.roa (raw, json)
Hash identifier:          dvFB6ph2OYG0eoCqw0QLplN4A4snp9c5/N5j5sBz0Cw=
Subject key identifier:   D7:14:C1:7F:17:EB:C6:11:54:29:32:DE:D9:07:D1:59:0D:11:5A:77
Certificate issuer:       /CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
Certificate serial:       018F1C60A57FE82810D17AC9F0728EBBD4B8
Authority key identifier: B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/1xTBfxfrxhFUKTLe2QfRWQ0RWnc.roa
Signing time:             Fri 26 Apr 2024 21:47:26 +0000
ROA not before:           Fri 26 Apr 2024 21:47:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208324
IP address blocks:        92.119.60.0/24 maxlen: 24
                          92.119.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1c:60:a5:7f:e8:28:10:d1:7a:c9:f0:72:8e:bb:d4:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
        Validity
            Not Before: Apr 26 21:47:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d714c17f17ebc611542932ded907d1590d115a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:0c:d9:d5:da:dc:02:64:01:21:0a:f8:02:7f:
                    16:68:cf:3c:12:bf:56:94:7b:91:ea:92:7a:49:56:
                    ef:4a:91:dd:59:74:f9:1b:e2:c8:d0:2d:20:02:26:
                    2d:05:1c:1a:81:61:33:fc:f1:c6:2e:74:b8:4e:38:
                    53:b8:41:98:7a:8a:92:c4:40:84:97:66:3a:a7:3f:
                    4e:3d:26:18:35:e4:94:57:b2:5c:f2:b7:79:92:5a:
                    c6:94:9a:a4:d7:e2:d2:d8:1d:4e:a7:8e:6f:08:61:
                    89:2d:a3:cf:aa:01:39:b3:15:6a:2b:4f:d4:0d:f5:
                    cf:9b:e1:8d:a6:4e:19:12:e1:e2:2c:09:9c:fa:7f:
                    6f:fb:1f:f1:04:e3:ae:f6:31:40:05:ed:7c:a1:fd:
                    a5:4d:d9:7a:9d:91:08:33:11:02:50:86:ee:cf:c1:
                    59:1c:45:68:0f:27:75:37:66:43:64:5b:61:20:1a:
                    13:05:42:68:85:87:1a:2f:2c:fa:fb:fb:a8:75:74:
                    18:02:f8:a4:42:a4:88:e9:da:95:6b:d6:ee:59:5d:
                    81:85:b1:96:47:df:33:e4:30:2b:7b:89:a5:ff:64:
                    60:d1:95:82:5d:89:eb:f6:8d:e9:cc:89:66:c2:c5:
                    92:3e:83:b2:f1:01:92:d9:0b:e3:25:9f:3f:38:4c:
                    13:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:14:C1:7F:17:EB:C6:11:54:29:32:DE:D9:07:D1:59:0D:11:5A:77
            X509v3 Authority Key Identifier:
                keyid:B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/1xTBfxfrxhFUKTLe2QfRWQ0RWnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.60.0/24
                  92.119.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:fe:31:4f:98:cf:0b:30:bc:75:d5:b1:3c:49:d9:e5:0b:a8:
         c8:ca:5e:5b:19:84:99:ba:45:2a:37:2e:ad:e4:eb:6f:a8:91:
         b0:61:c5:9d:9d:a5:84:af:2f:8b:25:46:24:50:4f:05:71:1f:
         2a:ef:3e:6f:c0:d5:fa:3c:00:c2:cd:2c:bc:fb:71:6a:69:a8:
         20:22:d6:e2:f0:6f:d7:c5:5b:4d:41:d6:5b:9d:40:55:06:c4:
         31:b2:5a:6a:91:51:b6:b4:58:1a:8d:bf:48:84:2a:89:5b:13:
         8e:7e:79:1a:38:a5:e0:f0:52:85:7c:56:7e:b4:af:d7:c3:db:
         e0:71:8b:06:ae:29:08:0d:28:99:81:44:02:a4:5a:69:e1:78:
         22:ec:4c:26:64:8a:d5:fa:fb:b7:71:97:8e:b2:e7:69:f2:13:
         77:65:fe:d0:eb:43:32:62:d3:a2:ee:bb:1e:be:73:a4:74:98:
         58:61:ef:a8:3b:8d:25:26:8b:e9:92:1e:fe:73:5b:99:62:3c:
         ce:e7:eb:99:16:99:20:f5:4c:68:af:84:aa:20:81:ab:70:c4:
         4a:1e:f4:95:23:60:8c:fc:9b:ce:f3:e7:ab:91:d6:f0:b4:22:
         e3:7c:36:83:d4:f2:e7:3c:72:f1:03:34:a8:83:5c:13:c1:c8:
         15:c4:fb:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8cYKV/6CgQ0XrJ8HKOu9S4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZkOTAyNjM3MmNmY2U4ZmRlODIzYzNlZjljOWY3OTBh
YWUxNGYwHhcNMjQwNDI2MjE0NzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzE0YzE3ZjE3ZWJjNjExNTQyOTMyZGVkOTA3ZDE1OTBkMTE1YTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8QzZ1drcAmQBIQr4An8WaM88Er9W
lHuR6pJ6SVbvSpHdWXT5G+LI0C0gAiYtBRwagWEz/PHGLnS4TjhTuEGYeoqSxECE
l2Y6pz9OPSYYNeSUV7Jc8rd5klrGlJqk1+LS2B1Op45vCGGJLaPPqgE5sxVqK0/U
DfXPm+GNpk4ZEuHiLAmc+n9v+x/xBOOu9jFABe18of2lTdl6nZEIMxECUIbuz8FZ
HEVoDyd1N2ZDZFthIBoTBUJohYcaLyz6+/uodXQYAvikQqSI6dqVa9buWV2BhbGW
R98z5DAre4ml/2Rg0ZWCXYnr9o3pzIlmwsWSPoOy8QGS2QvjJZ8/OEwTbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNcUwX8X68YRVCky3tkH0VkNEVp3MB8GA1UdIwQY
MBaAFLO22QJjcs/Oj96CPD75yfeQquFPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjct
ZDRmMTJiMzdhMzE4LzEvMXhUQmZ4ZnJ4aEZVS1RMZTJRZlJXUTBSV25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjctZDRmMTJiMzdhMzE4
LzEvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXHc8AwQA
XHc/MA0GCSqGSIb3DQEBCwUAA4IBAQAQ/jFPmM8LMLx11bE8SdnlC6jIyl5bGYSZ
ukUqNy6t5OtvqJGwYcWdnaWEry+LJUYkUE8FcR8q7z5vwNX6PADCzSy8+3Fqaagg
Itbi8G/XxVtNQdZbnUBVBsQxslpqkVG2tFgajb9IhCqJWxOOfnkaOKXg8FKFfFZ+
tK/Xw9vgcYsGrikIDSiZgUQCpFpp4Xgi7EwmZIrV+vu3cZeOsudp8hN3Zf7Q60My
YtOi7rsevnOkdJhYYe+oO40lJovpkh7+c1uZYjzO5+uZFpkg9Uxor4SqIIGrcMRK
HvSVI2CM/JvO8+erkdbwtCLjfDaD1PLnPHLxAzSog1wTwcgVxPvn
-----END CERTIFICATE-----