Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b1af5b-089e-4cbe-bbe9-425ee968df0b/1/92Huf3IHz49yEZcp8laODPaay4A.roa
File:                     92Huf3IHz49yEZcp8laODPaay4A.roa (raw, json)
Hash identifier:          fHDvsxbqA8PNa+801vhXYVjpC3kLuwr6JG2deunc2nA=
Subject key identifier:   F7:61:EE:7F:72:07:CF:8F:72:11:97:29:F2:56:8E:0C:F6:9A:CB:80
Certificate issuer:       /CN=cb2d9ff86e363db34d0556ec16451f2f7f303d24
Certificate serial:       0194221FF1DF20CEEF8BE1D1E5F8B4B40639
Authority key identifier: CB:2D:9F:F8:6E:36:3D:B3:4D:05:56:EC:16:45:1F:2F:7F:30:3D:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yy2f-G42PbNNBVbsFkUfL38wPSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b1af5b-089e-4cbe-bbe9-425ee968df0b/1/92Huf3IHz49yEZcp8laODPaay4A.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15600
IP address blocks:        5.153.112.0/20 maxlen: 20
                          185.74.120.0/22 maxlen: 22
                          2a00:d3a0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b1af5b-089e-4cbe-bbe9-425ee968df0b/1/yy2f-G42PbNNBVbsFkUfL38wPSQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b1af5b-089e-4cbe-bbe9-425ee968df0b/1/yy2f-G42PbNNBVbsFkUfL38wPSQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yy2f-G42PbNNBVbsFkUfL38wPSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f1:df:20:ce:ef:8b:e1:d1:e5:f8:b4:b4:06:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb2d9ff86e363db34d0556ec16451f2f7f303d24
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f761ee7f7207cf8f72119729f2568e0cf69acb80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:07:71:35:bf:42:0e:b9:55:a1:a0:6a:7d:df:
                    c2:85:73:99:0a:12:7b:06:dc:01:3f:53:f3:c0:3b:
                    c4:59:d0:ee:58:fa:92:98:98:bf:fe:e0:69:5c:f7:
                    ad:0c:f3:b3:7c:cd:42:25:ba:d6:3b:b5:bf:ea:1a:
                    a2:54:23:96:ab:c9:db:ea:66:c8:55:b9:ac:41:de:
                    ac:41:15:6d:8b:26:75:d7:b0:af:84:d4:b8:14:cb:
                    97:76:07:84:fe:5b:15:2d:4a:81:20:5a:12:f0:e3:
                    8d:5c:a2:00:48:a8:0d:60:b3:2f:e5:ed:4b:93:8e:
                    bd:d5:a6:70:84:7d:f6:7b:d6:fb:fb:7b:89:60:3d:
                    30:9e:91:f7:51:b9:2d:b1:dd:10:34:f1:1f:d3:df:
                    6e:79:1a:ab:b8:53:aa:3f:aa:da:75:67:0b:22:58:
                    f2:dd:e0:10:8d:72:44:56:a6:cb:3f:e0:51:89:85:
                    12:d0:61:32:6d:f0:76:5d:0e:59:93:c4:81:11:e2:
                    a5:f0:e2:8a:ca:0d:3c:34:6a:bd:62:c6:f9:ee:a9:
                    c3:8e:c4:1a:e3:24:c4:53:78:7f:aa:e3:7c:ce:b5:
                    7d:22:c7:06:7b:e6:d3:39:ff:7c:0b:2d:80:7f:01:
                    6a:d7:70:67:cd:04:c8:e9:c8:12:c6:d7:28:86:03:
                    bc:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:61:EE:7F:72:07:CF:8F:72:11:97:29:F2:56:8E:0C:F6:9A:CB:80
            X509v3 Authority Key Identifier:
                keyid:CB:2D:9F:F8:6E:36:3D:B3:4D:05:56:EC:16:45:1F:2F:7F:30:3D:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yy2f-G42PbNNBVbsFkUfL38wPSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b1af5b-089e-4cbe-bbe9-425ee968df0b/1/92Huf3IHz49yEZcp8laODPaay4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b1af5b-089e-4cbe-bbe9-425ee968df0b/1/yy2f-G42PbNNBVbsFkUfL38wPSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.112.0/20
                  185.74.120.0/22
                IPv6:
                  2a00:d3a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:e0:ac:14:cb:d8:bb:cd:b0:af:84:f4:7e:c0:11:d9:56:5e:
         a1:e2:71:df:03:37:b5:3a:55:07:c6:04:76:a4:88:a1:5a:64:
         51:74:a9:d6:50:35:5a:9d:72:58:0d:a4:a9:6d:2f:a3:6e:86:
         e2:f3:2f:cf:85:28:19:b0:aa:9f:97:52:29:14:1e:98:1c:82:
         45:67:40:2b:90:36:cb:9d:91:14:7f:f4:18:8b:fc:cc:99:1b:
         59:ed:6d:4c:13:ef:af:f8:71:1b:41:bb:09:0d:8b:d4:81:ff:
         f9:5d:04:dc:3f:40:23:3e:74:96:a6:d6:92:0e:93:1a:b2:84:
         da:bb:35:fe:81:45:6f:8d:cb:0e:25:d3:67:fd:bb:02:96:35:
         bd:74:95:19:90:c9:58:66:ed:19:66:fe:b5:7b:b0:fe:a7:c4:
         7b:1f:83:50:41:8e:0b:74:a6:72:1a:8a:a0:71:57:e9:8f:14:
         cf:6c:98:2e:46:8c:9d:d1:31:d1:58:06:f7:4b:00:21:47:8f:
         f7:36:a8:b1:3d:70:9f:e3:37:25:e4:19:d0:80:1c:73:6f:e8:
         e1:75:c0:a6:97:90:bc:65:c4:05:3d:0c:ff:c0:02:52:a2:5f:
         fb:b2:cd:a1:3e:a9:fa:e2:4d:8c:61:83:5b:23:1e:a3:48:b4:
         f3:47:80:ef
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiH/HfIM7vi+HR5fi0tAY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMmQ5ZmY4NmUzNjNkYjM0ZDA1NTZlYzE2NDUxZjJmN2Yz
MDNkMjQwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzYxZWU3ZjcyMDdjZjhmNzIxMTk3MjlmMjU2OGUwY2Y2OWFjYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AdxNb9CDrlVoaBqfd/ChXOZChJ7
BtwBP1PzwDvEWdDuWPqSmJi//uBpXPetDPOzfM1CJbrWO7W/6hqiVCOWq8nb6mbI
VbmsQd6sQRVtiyZ117CvhNS4FMuXdgeE/lsVLUqBIFoS8OONXKIASKgNYLMv5e1L
k4691aZwhH32e9b7+3uJYD0wnpH3Ubktsd0QNPEf099ueRqruFOqP6radWcLIljy
3eAQjXJEVqbLP+BRiYUS0GEybfB2XQ5Zk8SBEeKl8OKKyg08NGq9Ysb57qnDjsQa
4yTEU3h/quN8zrV9IscGe+bTOf98Cy2AfwFq13BnzQTI6cgSxtcohgO83QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPdh7n9yB8+PchGXKfJWjgz2msuAMB8GA1UdIwQY
MBaAFMstn/huNj2zTQVW7BZFHy9/MD0kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXkyZi1HNDJQYk5OQlZic0ZrVWZMMzh3UFNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMWFmNWItMDg5ZS00Y2JlLWJiZTkt
NDI1ZWU5NjhkZjBiLzEvOTJIdWYzSUh6NDl5RVpjcDhsYU9EUGFheTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMWFmNWItMDg5ZS00Y2JlLWJiZTktNDI1ZWU5NjhkZjBi
LzEveXkyZi1HNDJQYk5OQlZic0ZrVWZMMzh3UFNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEBZlwAwQC
uUp4MA0EAgACMAcDBQMqANOgMA0GCSqGSIb3DQEBCwUAA4IBAQA24KwUy9i7zbCv
hPR+wBHZVl6h4nHfAze1OlUHxgR2pIihWmRRdKnWUDVanXJYDaSpbS+jbobi8y/P
hSgZsKqfl1IpFB6YHIJFZ0ArkDbLnZEUf/QYi/zMmRtZ7W1ME++v+HEbQbsJDYvU
gf/5XQTcP0AjPnSWptaSDpMasoTauzX+gUVvjcsOJdNn/bsCljW9dJUZkMlYZu0Z
Zv61e7D+p8R7H4NQQY4LdKZyGoqgcVfpjxTPbJguRoyd0THRWAb3SwAhR4/3Nqix
PXCf4zcl5BnQgBxzb+jhdcCml5C8ZcQFPQz/wAJSol/7ss2hPqn64k2MYYNbIx6j
SLTzR4Dv
-----END CERTIFICATE-----