Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/7d64f8-dde2-4a7f-951a-c06c62af9da5/1/o9u62C62uEKyliiaqilmlCLeC54.roa
File:                     o9u62C62uEKyliiaqilmlCLeC54.roa (raw, json)
Hash identifier:          IbrVnLHNGZTQPhCJ7F+rZGHYI9Autu0dmXqnxbbk8VA=
Subject key identifier:   A3:DB:BA:D8:2E:B6:B8:42:B2:96:28:9A:AA:29:66:94:22:DE:0B:9E
Certificate issuer:       /CN=ec538cdcaf9f9246497dc7ae45845379fe6a7174
Certificate serial:       019422FC3414077ECED37CE6DD3650418A08
Authority key identifier: EC:53:8C:DC:AF:9F:92:46:49:7D:C7:AE:45:84:53:79:FE:6A:71:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7FOM3K-fkkZJfceuRYRTef5qcXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/7d64f8-dde2-4a7f-951a-c06c62af9da5/1/o9u62C62uEKyliiaqilmlCLeC54.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        92.118.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/7d64f8-dde2-4a7f-951a-c06c62af9da5/1/7FOM3K-fkkZJfceuRYRTef5qcXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/7d64f8-dde2-4a7f-951a-c06c62af9da5/1/7FOM3K-fkkZJfceuRYRTef5qcXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7FOM3K-fkkZJfceuRYRTef5qcXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:34:14:07:7e:ce:d3:7c:e6:dd:36:50:41:8a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec538cdcaf9f9246497dc7ae45845379fe6a7174
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3dbbad82eb6b842b296289aaa29669422de0b9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e8:9a:b6:1a:15:ff:3c:f5:0c:eb:4d:5f:f7:
                    85:03:ec:60:0b:39:c9:67:9d:1d:69:f7:26:ab:da:
                    c1:8f:7f:1b:cf:dd:46:1e:d4:c2:80:f7:dc:d7:d8:
                    ce:8e:77:ad:20:5e:c3:d7:a7:b0:46:27:33:65:8e:
                    b1:5c:11:6d:8f:62:64:9d:4f:2d:47:3e:82:e3:9f:
                    a8:a0:de:a7:50:64:39:dd:67:30:98:5e:1a:b8:dc:
                    57:49:dd:e7:5a:7a:d6:3c:51:37:6e:65:b2:e8:b6:
                    14:a6:cd:6a:a7:63:6a:40:47:ba:2a:04:92:1e:20:
                    3b:47:3e:0c:60:d1:42:20:ab:e7:06:61:5f:09:c3:
                    2c:2d:3e:8d:4f:e9:87:13:b4:76:74:61:1b:c9:3f:
                    eb:4a:36:57:4d:6e:68:e1:ac:09:f1:b9:63:ab:1f:
                    4c:4a:a9:32:9b:34:fa:ec:5d:10:4b:c0:81:1d:6a:
                    00:1f:ca:e5:b4:88:76:38:56:91:f3:75:9e:c9:51:
                    42:a6:0a:c7:bc:34:11:af:cf:e7:ca:b4:a1:0f:12:
                    c3:d6:2c:28:77:ae:f0:94:79:16:41:19:8b:c0:70:
                    17:75:9e:44:49:72:52:a3:15:3f:60:49:d9:02:67:
                    cb:ee:38:44:19:8d:ac:ec:27:ef:25:10:ae:f4:64:
                    9b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:DB:BA:D8:2E:B6:B8:42:B2:96:28:9A:AA:29:66:94:22:DE:0B:9E
            X509v3 Authority Key Identifier:
                keyid:EC:53:8C:DC:AF:9F:92:46:49:7D:C7:AE:45:84:53:79:FE:6A:71:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7FOM3K-fkkZJfceuRYRTef5qcXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/7d64f8-dde2-4a7f-951a-c06c62af9da5/1/o9u62C62uEKyliiaqilmlCLeC54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/7d64f8-dde2-4a7f-951a-c06c62af9da5/1/7FOM3K-fkkZJfceuRYRTef5qcXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ae:c6:e1:9b:de:41:a9:02:6e:7a:b4:3c:06:81:24:54:82:
         66:5a:6f:6d:fc:cf:bf:04:2d:9f:37:84:4e:0d:3b:93:d2:d1:
         8b:22:b2:de:42:cc:38:f8:60:02:3c:05:be:52:da:1a:32:b1:
         d7:b6:d8:ed:ef:df:08:89:83:2f:b6:d9:6a:e8:4e:9a:48:f2:
         48:c9:5b:f6:e4:04:01:6c:84:b2:89:47:d1:b6:27:40:e2:cc:
         ca:f1:e2:92:05:7e:0a:b5:32:46:49:76:9c:88:6e:65:74:dd:
         92:5f:29:cf:87:af:07:f9:6b:26:6c:bd:b8:13:f7:b3:45:41:
         16:db:1d:e7:3b:95:97:4c:9b:89:e0:a3:cc:4d:dd:6a:1a:74:
         ec:c8:39:d0:4e:c2:7b:9d:0e:f3:c5:78:85:8b:04:83:e5:73:
         4b:3c:07:42:e3:77:ac:fe:9f:a3:c5:d7:6c:8e:52:be:c7:72:
         db:9f:3c:56:d9:93:1a:8a:6c:cd:e3:f6:67:a7:44:5f:52:a3:
         4f:d4:63:cb:54:11:d0:8e:73:c9:66:f0:92:85:ee:53:89:6f:
         cb:2e:9d:bf:6c:51:8d:30:56:b9:49:e2:a4:9b:d7:02:04:3a:
         4a:ce:4b:6d:58:82:18:73:30:6c:99:29:4e:e0:d2:b3:0f:1a:
         22:d2:1c:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DQUB37O03zm3TZQQYoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNTM4Y2RjYWY5ZjkyNDY0OTdkYzdhZTQ1ODQ1Mzc5ZmU2
YTcxNzQwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2RiYmFkODJlYjZiODQyYjI5NjI4OWFhYTI5NjY5NDIyZGUwYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreiathoV/zz1DOtNX/eFA+xgCznJ
Z50dafcmq9rBj38bz91GHtTCgPfc19jOjnetIF7D16ewRiczZY6xXBFtj2JknU8t
Rz6C45+ooN6nUGQ53WcwmF4auNxXSd3nWnrWPFE3bmWy6LYUps1qp2NqQEe6KgSS
HiA7Rz4MYNFCIKvnBmFfCcMsLT6NT+mHE7R2dGEbyT/rSjZXTW5o4awJ8bljqx9M
SqkymzT67F0QS8CBHWoAH8rltIh2OFaR83WeyVFCpgrHvDQRr8/nyrShDxLD1iwo
d67wlHkWQRmLwHAXdZ5ESXJSoxU/YEnZAmfL7jhEGY2s7CfvJRCu9GSbVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPbutgutrhCspYomqopZpQi3gueMB8GA1UdIwQY
MBaAFOxTjNyvn5JGSX3HrkWEU3n+anF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0ZPTTNLLWZra1pKZmNldVJZUlRlZjVxY1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS83ZDY0ZjgtZGRlMi00YTdmLTk1MWEt
YzA2YzYyYWY5ZGE1LzEvbzl1NjJDNjJ1RUt5bGlpYXFpbG1sQ0xlQzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS83ZDY0ZjgtZGRlMi00YTdmLTk1MWEtYzA2YzYyYWY5ZGE1
LzEvN0ZPTTNLLWZra1pKZmNldVJZUlRlZjVxY1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHYTMA0G
CSqGSIb3DQEBCwUAA4IBAQBcrsbhm95BqQJuerQ8BoEkVIJmWm9t/M+/BC2fN4RO
DTuT0tGLIrLeQsw4+GACPAW+UtoaMrHXttjt798IiYMvttlq6E6aSPJIyVv25AQB
bISyiUfRtidA4szK8eKSBX4KtTJGSXaciG5ldN2SXynPh68H+WsmbL24E/ezRUEW
2x3nO5WXTJuJ4KPMTd1qGnTsyDnQTsJ7nQ7zxXiFiwSD5XNLPAdC43es/p+jxdds
jlK+x3LbnzxW2ZMaimzN4/Znp0RfUqNP1GPLVBHQjnPJZvCShe5TiW/LLp2/bFGN
MFa5SeKkm9cCBDpKzkttWIIYczBsmSlO4NKzDxoi0hyP
-----END CERTIFICATE-----