Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/uMyIzznLTyREySqiTjtyza2V3Pk.roa
File:                     uMyIzznLTyREySqiTjtyza2V3Pk.roa (raw, json)
Hash identifier:          iafG2eMd8vaLprLIQxJqIpw8p7uAZhUADbHxJDPDiZo=
Subject key identifier:   B8:CC:88:CF:39:CB:4F:24:44:C9:2A:A2:4E:3B:72:CD:AD:95:DC:F9
Certificate issuer:       /CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
Certificate serial:       018CC3B678E4FBB900EB52F486C4DD071AF6
Authority key identifier: B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/uMyIzznLTyREySqiTjtyza2V3Pk.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206706
IP address blocks:        92.119.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:78:e4:fb:b9:00:eb:52:f4:86:c4:dd:07:1a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b6d9026372cfce8fde823c3ef9c9f790aae14f
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8cc88cf39cb4f2444c92aa24e3b72cdad95dcf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e5:df:35:aa:44:d5:74:a8:e9:05:68:a8:a7:
                    58:dc:dd:40:63:b6:e7:7e:cb:8d:ee:f1:ff:03:9a:
                    3a:97:e9:f0:1f:58:71:fa:e0:fc:02:6f:9e:28:af:
                    18:e5:74:2a:3c:9f:29:0d:37:eb:fd:7a:67:97:f5:
                    07:7d:7a:1c:72:65:24:2e:84:fe:87:7b:ee:5f:95:
                    cc:21:5b:ef:d6:c4:be:50:2a:6d:93:e6:90:06:2d:
                    15:c3:97:d2:ab:63:12:72:82:59:8a:a3:bd:a5:07:
                    23:de:17:1c:de:84:b5:29:57:16:3a:28:0a:b7:88:
                    6b:03:27:a6:62:3e:bd:ee:dc:09:5a:84:69:f9:4a:
                    68:89:dd:0c:10:79:d5:0d:32:b9:93:67:9e:e0:ea:
                    cf:b3:cd:2b:0b:f3:dd:3c:8a:d3:f6:63:41:1f:77:
                    24:e0:49:f6:e3:91:03:28:12:3c:b2:95:8f:51:36:
                    b7:38:f9:be:4f:72:c1:95:eb:7a:f1:ff:4b:2a:a0:
                    3d:74:db:42:83:3a:10:90:b0:fc:1d:b7:0b:51:db:
                    f9:54:db:a1:a6:75:85:b3:97:18:84:74:d3:ad:8c:
                    65:09:9c:9d:6f:89:58:83:84:2e:5d:5c:b5:21:32:
                    21:d4:12:66:f4:ea:d5:e2:74:91:e9:ba:28:86:34:
                    02:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:CC:88:CF:39:CB:4F:24:44:C9:2A:A2:4E:3B:72:CD:AD:95:DC:F9
            X509v3 Authority Key Identifier:
                keyid:B3:B6:D9:02:63:72:CF:CE:8F:DE:82:3C:3E:F9:C9:F7:90:AA:E1:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7bZAmNyz86P3oI8PvnJ95Cq4U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/uMyIzznLTyREySqiTjtyza2V3Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/831d53-04e0-4573-acf7-d4f12b37a318/1/s7bZAmNyz86P3oI8PvnJ95Cq4U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:08:56:2a:ab:6b:b2:4d:37:cd:03:6c:61:f4:73:43:5a:6a:
         ec:a1:4a:7b:2d:67:e5:75:1f:80:5e:ca:e1:55:68:26:c4:7b:
         6e:cd:d3:93:ba:dc:08:b0:04:20:bb:46:27:b7:52:0d:81:63:
         f9:39:f0:ee:38:36:f3:7d:3b:22:2e:64:07:5e:4a:60:55:7f:
         ea:14:66:b9:ee:c3:e9:2d:45:73:60:6c:d1:38:d1:ee:ca:68:
         15:99:1a:27:c3:6c:1b:fd:7d:76:11:a0:00:f1:9f:0d:15:33:
         e3:1e:b4:14:97:1d:d1:dd:b8:d9:2a:bd:68:0a:98:47:13:d0:
         53:7e:22:4d:35:b1:5a:8c:9c:40:a1:14:64:24:b0:e4:a9:63:
         85:44:7e:1d:3f:dd:ac:46:54:1d:da:9e:fc:14:6e:f5:21:86:
         f0:61:08:c2:ed:f7:09:a9:ee:a7:4c:21:bb:e7:7d:73:04:c6:
         25:97:d4:0b:05:56:30:84:53:29:f4:16:6b:63:82:59:b6:05:
         9d:d2:11:79:6f:33:d5:46:a3:f7:c3:99:5a:1b:7d:2b:3c:1a:
         d0:c9:0c:98:cc:40:b1:8d:c8:fe:df:d5:00:82:b0:4f:94:b2:
         cc:cb:02:52:b0:9d:89:44:bd:18:80:81:40:c1:de:69:de:80:
         03:cb:77:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnjk+7kA61L0hsTdBxr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZkOTAyNjM3MmNmY2U4ZmRlODIzYzNlZjljOWY3OTBh
YWUxNGYwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGNjODhjZjM5Y2I0ZjI0NDRjOTJhYTI0ZTNiNzJjZGFkOTVkY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uXfNapE1XSo6QVoqKdY3N1AY7bn
fsuN7vH/A5o6l+nwH1hx+uD8Am+eKK8Y5XQqPJ8pDTfr/Xpnl/UHfXoccmUkLoT+
h3vuX5XMIVvv1sS+UCptk+aQBi0Vw5fSq2MScoJZiqO9pQcj3hcc3oS1KVcWOigK
t4hrAyemYj697twJWoRp+Upoid0MEHnVDTK5k2ee4OrPs80rC/PdPIrT9mNBH3ck
4En245EDKBI8spWPUTa3OPm+T3LBlet68f9LKqA9dNtCgzoQkLD8HbcLUdv5VNuh
pnWFs5cYhHTTrYxlCZydb4lYg4QuXVy1ITIh1BJm9OrV4nSR6boohjQCxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjMiM85y08kRMkqok47cs2tldz5MB8GA1UdIwQY
MBaAFLO22QJjcs/Oj96CPD75yfeQquFPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjct
ZDRmMTJiMzdhMzE4LzEvdU15SXp6bkxUeVJFeVNxaVRqdHl6YTJWM1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84MzFkNTMtMDRlMC00NTczLWFjZjctZDRmMTJiMzdhMzE4
LzEvczdiWkFtTnl6ODZQM29JOFB2bko5NUNxNFU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHc8MA0G
CSqGSIb3DQEBCwUAA4IBAQA4CFYqq2uyTTfNA2xh9HNDWmrsoUp7LWfldR+AXsrh
VWgmxHtuzdOTutwIsAQgu0Ynt1INgWP5OfDuODbzfTsiLmQHXkpgVX/qFGa57sPp
LUVzYGzRONHuymgVmRonw2wb/X12EaAA8Z8NFTPjHrQUlx3R3bjZKr1oCphHE9BT
fiJNNbFajJxAoRRkJLDkqWOFRH4dP92sRlQd2p78FG71IYbwYQjC7fcJqe6nTCG7
531zBMYll9QLBVYwhFMp9BZrY4JZtgWd0hF5bzPVRqP3w5laG30rPBrQyQyYzECx
jcj+39UAgrBPlLLMywJSsJ2JRL0YgIFAwd5p3oADy3f1
-----END CERTIFICATE-----