Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/xhgTHQyXIy450iP62m75oStMlkg.roa
File:                     xhgTHQyXIy450iP62m75oStMlkg.roa (raw, json)
Hash identifier:          z3oer5qK5pT0D7zvUlqDepBtwAxWfOe3pSOkgZLXdDQ=
Subject key identifier:   C6:18:13:1D:0C:97:23:2E:39:D2:23:FA:DA:6E:F9:A1:2B:4C:96:48
Certificate issuer:       /CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
Certificate serial:       019427B5E46B3AE96B433E85017DE63D108F
Authority key identifier: BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/xhgTHQyXIy450iP62m75oStMlkg.roa
Signing time:             Thu 02 Jan 2025 15:50:19 +0000
ROA not before:           Thu 02 Jan 2025 15:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        185.192.144.0/24 maxlen: 24
                          185.192.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:e4:6b:3a:e9:6b:43:3e:85:01:7d:e6:3d:10:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
        Validity
            Not Before: Jan  2 15:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c618131d0c97232e39d223fada6ef9a12b4c9648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:00:ba:8b:e9:62:d9:24:05:13:d2:e9:d1:bc:
                    cb:1b:46:e5:9e:48:95:66:0f:25:70:a4:79:b4:82:
                    42:30:6c:a9:0d:7c:66:82:52:f6:2b:c2:c6:1e:32:
                    b8:1c:42:41:e7:c4:38:69:98:ba:c3:d4:81:50:8c:
                    43:fb:38:2d:4d:ce:a8:b1:61:e3:e2:12:75:00:b3:
                    02:09:91:e0:a8:06:da:5b:dd:ec:6d:63:14:d4:0b:
                    6b:c7:d3:a5:96:56:1b:88:5f:5b:d2:a7:d2:2d:34:
                    b4:db:dc:f5:1d:37:65:29:e3:14:d6:b9:79:60:b7:
                    1e:69:70:f4:c3:b5:a9:a4:ad:39:5b:bd:e6:de:fa:
                    e2:52:35:76:cf:e8:3c:79:c9:59:bb:d6:19:6a:62:
                    70:07:83:75:fc:d6:8c:fd:17:06:ad:8a:c6:6e:e3:
                    d4:9e:fa:b7:65:54:09:ee:ab:0e:99:cc:52:3d:1d:
                    e2:5f:a3:bc:da:93:bd:25:1d:16:f1:9a:a3:11:ed:
                    1c:86:7b:86:7b:96:32:e4:62:ce:3b:21:c8:b4:31:
                    77:37:05:de:94:34:ae:83:28:3f:a2:1c:12:68:b6:
                    1c:9f:08:68:b8:bd:71:e9:2a:cf:54:11:cc:e6:79:
                    0b:dc:96:6c:4f:88:33:7b:bd:2a:ec:3e:0d:be:42:
                    12:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:18:13:1D:0C:97:23:2E:39:D2:23:FA:DA:6E:F9:A1:2B:4C:96:48
            X509v3 Authority Key Identifier:
                keyid:BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/xhgTHQyXIy450iP62m75oStMlkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:5f:d2:34:27:5a:39:22:9b:e3:1f:3e:eb:3a:4d:73:ae:f6:
         69:6e:13:75:ff:ff:e9:8d:41:53:d4:e1:67:ec:4a:71:ba:9f:
         13:21:fe:79:f6:5b:b3:67:e0:8e:6f:b6:b0:bd:d1:59:b2:40:
         54:1c:17:2f:0c:5c:36:cd:cc:48:98:3a:c4:41:8e:50:1a:d7:
         84:73:49:86:29:34:f8:d6:52:a8:03:ae:47:61:e4:36:2c:dd:
         fa:a4:c9:24:84:fa:b8:c4:82:50:92:20:82:47:83:07:75:88:
         ca:d4:ac:2b:a5:ae:6a:4e:2a:d4:c5:f6:4a:b8:db:14:4c:f3:
         4b:15:db:8a:3a:40:88:8c:cd:49:99:2b:dd:b5:98:67:22:58:
         ae:71:6f:c3:87:c8:60:73:a8:27:67:7a:f4:ee:01:b3:95:51:
         fa:ac:10:9b:9d:3a:55:1d:2d:37:df:b1:34:1d:78:16:ee:23:
         7b:0b:c1:d1:14:00:6d:84:d0:cf:0b:32:4a:cb:a8:44:d3:b8:
         f3:e0:b3:41:19:58:ac:ff:01:12:e6:78:6a:a9:49:48:32:4d:
         28:35:ec:f0:d6:31:44:fe:d3:f7:50:b0:7a:03:99:cc:54:c4:
         76:16:bb:14:f7:6b:2f:32:54:23:74:b3:d0:a5:7d:a0:7b:5f:
         08:36:e2:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnteRrOulrQz6FAX3mPRCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYzQ3MGU5YjU4ZTU1N2VhOGMxZGJlZGFlYjljNmE1ZmM0
NTUxMjUwHhcNMjUwMTAyMTU1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE4MTMxZDBjOTcyMzJlMzlkMjIzZmFkYTZlZjlhMTJiNGM5NjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgC6i+li2SQFE9Lp0bzLG0blnkiV
Zg8lcKR5tIJCMGypDXxmglL2K8LGHjK4HEJB58Q4aZi6w9SBUIxD+zgtTc6osWHj
4hJ1ALMCCZHgqAbaW93sbWMU1Atrx9OlllYbiF9b0qfSLTS029z1HTdlKeMU1rl5
YLceaXD0w7WppK05W73m3vriUjV2z+g8eclZu9YZamJwB4N1/NaM/RcGrYrGbuPU
nvq3ZVQJ7qsOmcxSPR3iX6O82pO9JR0W8ZqjEe0chnuGe5Yy5GLOOyHItDF3NwXe
lDSugyg/ohwSaLYcnwhouL1x6SrPVBHM5nkL3JZsT4gze70q7D4NvkISawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYYEx0MlyMuOdIj+tpu+aErTJZIMB8GA1UdIwQY
MBaAFL/EcOm1jlV+qMHb7a65xqX8RVElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzkt
YTJhYTY1NDBmODc1LzEveGhnVEhReVhJeTQ1MGlQNjJtNzVvU3RNbGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzktYTJhYTY1NDBmODc1
LzEvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucCQMA0G
CSqGSIb3DQEBCwUAA4IBAQCmX9I0J1o5IpvjHz7rOk1zrvZpbhN1///pjUFT1OFn
7Epxup8TIf559luzZ+COb7awvdFZskBUHBcvDFw2zcxImDrEQY5QGteEc0mGKTT4
1lKoA65HYeQ2LN36pMkkhPq4xIJQkiCCR4MHdYjK1Kwrpa5qTirUxfZKuNsUTPNL
FduKOkCIjM1JmSvdtZhnIliucW/Dh8hgc6gnZ3r07gGzlVH6rBCbnTpVHS0337E0
HXgW7iN7C8HRFABthNDPCzJKy6hE07jz4LNBGVis/wES5nhqqUlIMk0oNezw1jFE
/tP3ULB6A5nMVMR2FrsU92svMlQjdLPQpX2ge18INuLO
-----END CERTIFICATE-----