Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/fTxG43Ph3rcTh5pLoUvOLigHVP8.roa
File:                     fTxG43Ph3rcTh5pLoUvOLigHVP8.roa (raw, json)
Hash identifier:          /VtBhIaL05xL99NDcYViEFSVzwp3b+6WLb6yz76P4AY=
Subject key identifier:   7D:3C:46:E3:73:E1:DE:B7:13:87:9A:4B:A1:4B:CE:2E:28:07:54:FF
Certificate issuer:       /CN=449d812bdf4c5fb08ed6120dcd0619abf3530520
Certificate serial:       018CC34956D4FC95E56B6BE5E100A4070B4E
Authority key identifier: 44:9D:81:2B:DF:4C:5F:B0:8E:D6:12:0D:CD:06:19:AB:F3:53:05:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJ2BK99MX7CO1hINzQYZq_NTBSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/fTxG43Ph3rcTh5pLoUvOLigHVP8.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50135
IP address blocks:        92.42.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/RJ2BK99MX7CO1hINzQYZq_NTBSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/RJ2BK99MX7CO1hINzQYZq_NTBSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJ2BK99MX7CO1hINzQYZq_NTBSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:56:d4:fc:95:e5:6b:6b:e5:e1:00:a4:07:0b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449d812bdf4c5fb08ed6120dcd0619abf3530520
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d3c46e373e1deb713879a4ba14bce2e280754ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:21:e2:26:fa:4a:cf:f2:38:64:53:0d:15:42:
                    df:f8:5d:d2:2d:34:fb:56:ac:16:23:f6:c5:f5:8c:
                    e1:7d:06:b6:67:f9:85:6c:e3:dc:ad:ac:02:4b:a5:
                    76:d2:f5:a0:06:5d:a7:91:25:4a:52:4a:bf:e0:5b:
                    95:ce:86:1d:9a:6a:60:d1:ad:a2:4c:22:2e:99:86:
                    8f:6e:84:50:fc:27:38:15:66:07:98:73:8d:5f:1b:
                    c7:c6:0d:c4:7a:cd:67:6b:aa:7e:d4:b0:51:cf:e8:
                    0b:94:d3:d5:61:a8:7c:95:24:aa:72:cf:93:7e:0a:
                    21:84:68:83:11:e0:aa:ac:c1:a4:a1:61:fe:56:58:
                    2f:30:7f:2d:25:cc:26:eb:72:c7:3d:23:80:dd:12:
                    49:03:64:c1:b2:21:b8:08:a0:d2:e8:a5:8f:28:92:
                    db:ee:7e:84:a1:e1:ab:ae:f6:1f:4a:1b:66:5c:e7:
                    a0:2a:78:58:e9:64:0a:6d:f8:2b:53:d7:db:41:37:
                    7a:74:c4:e0:2b:73:f6:c5:c5:f1:fd:76:3a:52:11:
                    7b:cd:2e:57:dc:85:d8:35:8b:52:f9:51:77:7f:12:
                    36:34:fa:c4:eb:27:0f:cd:27:44:e4:41:e4:5a:21:
                    2f:8d:6e:17:1f:25:20:05:a6:84:9c:f3:c9:ff:74:
                    1f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3C:46:E3:73:E1:DE:B7:13:87:9A:4B:A1:4B:CE:2E:28:07:54:FF
            X509v3 Authority Key Identifier:
                keyid:44:9D:81:2B:DF:4C:5F:B0:8E:D6:12:0D:CD:06:19:AB:F3:53:05:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJ2BK99MX7CO1hINzQYZq_NTBSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/fTxG43Ph3rcTh5pLoUvOLigHVP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f601d3-23d4-4feb-96fa-f1451ba884b8/1/RJ2BK99MX7CO1hINzQYZq_NTBSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:50:cc:2f:60:4f:03:a9:35:aa:4f:81:a7:02:af:06:38:29:
         05:9a:60:02:6d:11:3b:f5:ef:03:c5:6b:a4:f0:e9:7c:1a:fa:
         a4:03:71:fc:30:73:d2:df:cb:59:7a:01:0c:34:e1:5d:55:3b:
         24:91:4a:4c:07:79:93:30:7f:dc:ec:e3:26:86:cc:6d:06:41:
         9a:52:75:ce:f6:b4:b3:e7:42:de:88:59:36:8c:f9:4c:9a:74:
         f5:2c:ba:c2:bf:a7:b1:9d:67:5c:4b:88:5d:48:31:6f:fc:fd:
         1f:c1:f6:72:81:fb:27:8a:e5:03:22:18:94:30:9e:a2:43:63:
         cf:2a:63:03:69:25:22:38:40:3f:99:b0:fb:2a:d5:ef:dd:85:
         4e:50:2d:65:f5:90:c4:2c:1e:2f:d2:cb:12:2d:5c:55:5e:b8:
         b4:3e:63:19:27:ee:85:cd:4b:a0:7c:e8:d9:3a:8d:7d:e4:af:
         e3:95:22:02:19:a4:4b:9b:c3:9e:b9:9d:03:63:5d:2f:50:5e:
         cb:22:a3:dc:d5:d9:21:b8:55:4c:1d:86:fe:74:9a:2d:4e:2b:
         c7:84:f7:cc:b9:19:c4:5c:06:ab:58:34:81:0c:e5:6f:c2:63:
         34:e0:1f:d8:93:58:2f:37:a0:1f:a9:01:70:c0:05:08:9a:37:
         72:35:1d:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVbU/JXla2vl4QCkBwtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWQ4MTJiZGY0YzVmYjA4ZWQ2MTIwZGNkMDYxOWFiZjM1
MzA1MjAwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDNjNDZlMzczZTFkZWI3MTM4NzlhNGJhMTRiY2UyZTI4MDc1NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSHiJvpKz/I4ZFMNFULf+F3SLTT7
VqwWI/bF9YzhfQa2Z/mFbOPcrawCS6V20vWgBl2nkSVKUkq/4FuVzoYdmmpg0a2i
TCIumYaPboRQ/Cc4FWYHmHONXxvHxg3Ees1na6p+1LBRz+gLlNPVYah8lSSqcs+T
fgohhGiDEeCqrMGkoWH+VlgvMH8tJcwm63LHPSOA3RJJA2TBsiG4CKDS6KWPKJLb
7n6EoeGrrvYfShtmXOegKnhY6WQKbfgrU9fbQTd6dMTgK3P2xcXx/XY6UhF7zS5X
3IXYNYtS+VF3fxI2NPrE6ycPzSdE5EHkWiEvjW4XHyUgBaaEnPPJ/3QfvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH08RuNz4d63E4eaS6FLzi4oB1T/MB8GA1UdIwQY
MBaAFESdgSvfTF+wjtYSDc0GGavzUwUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkoyQks5OU1YN0NPMWhJTnpRWVpxX05UQlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9mNjAxZDMtMjNkNC00ZmViLTk2ZmEt
ZjE0NTFiYTg4NGI4LzEvZlR4RzQzUGgzcmNUaDVwTG9Vdk9MaWdIVlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9mNjAxZDMtMjNkNC00ZmViLTk2ZmEtZjE0NTFiYTg4NGI4
LzEvUkoyQks5OU1YN0NPMWhJTnpRWVpxX05UQlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCoEMA0G
CSqGSIb3DQEBCwUAA4IBAQBgUMwvYE8DqTWqT4GnAq8GOCkFmmACbRE79e8DxWuk
8Ol8GvqkA3H8MHPS38tZegEMNOFdVTskkUpMB3mTMH/c7OMmhsxtBkGaUnXO9rSz
50LeiFk2jPlMmnT1LLrCv6exnWdcS4hdSDFv/P0fwfZygfsniuUDIhiUMJ6iQ2PP
KmMDaSUiOEA/mbD7KtXv3YVOUC1l9ZDELB4v0ssSLVxVXri0PmMZJ+6FzUugfOjZ
Oo195K/jlSICGaRLm8OeuZ0DY10vUF7LIqPc1dkhuFVMHYb+dJotTivHhPfMuRnE
XAarWDSBDOVvwmM04B/Yk1gvN6AfqQFwwAUImjdyNR3s
-----END CERTIFICATE-----