Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/lWJoF_swBr2Lu5mO-Q5os-z2oAU.roa
File:                     lWJoF_swBr2Lu5mO-Q5os-z2oAU.roa (raw, json)
Hash identifier:          GwiPt4R6jhk5qWspCacWYlKa/6jGmdnZmiVjiKnYhHQ=
Subject key identifier:   95:62:68:17:FB:30:06:BD:8B:BB:99:8E:F9:0E:68:B3:EC:F6:A0:05
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       019424B3F4AC2F4A7D359F9DB1CC36F3D0BE
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/lWJoF_swBr2Lu5mO-Q5os-z2oAU.roa
Signing time:             Thu 02 Jan 2025 01:49:20 +0000
ROA not before:           Thu 02 Jan 2025 01:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        45.92.28.0/23 maxlen: 23
                          45.92.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:f4:ac:2f:4a:7d:35:9f:9d:b1:cc:36:f3:d0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Jan  2 01:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95626817fb3006bd8bbb998ef90e68b3ecf6a005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:84:c6:dc:63:f8:ae:4b:5a:b1:79:a8:d8:1d:
                    a1:bc:60:83:78:12:60:8d:69:c2:40:d6:ab:7b:8d:
                    1a:68:61:8e:ee:16:06:7f:91:63:14:d3:fe:7a:be:
                    ac:08:95:59:08:92:8b:0b:5a:7f:45:49:a1:4a:3f:
                    97:96:84:80:4d:58:91:91:10:c3:65:0b:fc:38:74:
                    10:1c:d0:40:16:3a:b2:d3:15:bd:63:d4:6b:c9:4b:
                    76:16:13:c8:bf:69:ad:44:4e:d7:79:5a:9b:4f:e6:
                    55:bd:1e:f7:07:2c:f9:a1:26:44:ca:39:50:ab:dc:
                    70:80:de:cf:95:bc:6e:90:25:41:b6:c6:dc:41:cf:
                    f9:b4:08:9c:9b:89:d9:82:74:db:55:91:e7:08:17:
                    e5:e7:4d:dd:68:3c:97:be:74:0b:71:37:87:11:b1:
                    b4:5f:9b:11:a1:43:72:cd:92:0c:e2:6d:4a:a7:3c:
                    91:e2:ef:10:2f:db:79:91:1d:03:34:21:07:3e:86:
                    8e:fb:be:dd:27:ba:7a:6e:49:67:40:d6:4e:10:24:
                    d8:ff:29:4d:0f:01:4e:7d:3e:13:85:56:d6:e5:12:
                    37:1f:d9:94:2b:1c:a4:c3:5f:82:c2:44:b9:57:97:
                    f1:f0:f9:eb:b8:aa:da:5b:87:0e:4c:b3:7d:9f:cd:
                    49:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:62:68:17:FB:30:06:BD:8B:BB:99:8E:F9:0E:68:B3:EC:F6:A0:05
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/lWJoF_swBr2Lu5mO-Q5os-z2oAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:56:8c:ed:cd:a3:67:8e:e6:d2:53:d4:54:a1:70:53:d0:30:
         15:18:fd:48:9f:60:51:df:5f:d7:0c:18:6e:ba:b6:5c:66:f5:
         50:d1:00:e3:c5:60:16:d5:78:49:20:ef:07:e0:88:32:f9:af:
         52:60:a1:c6:53:f0:e1:02:e1:a3:ec:95:d9:26:67:3f:33:65:
         a3:b6:21:3d:9c:e8:79:89:db:ce:02:93:94:66:38:c6:39:aa:
         d8:56:07:27:fc:4c:30:a3:ea:5d:29:94:c1:a7:ce:6a:8c:25:
         16:af:9b:c4:29:06:dc:4f:b3:9a:60:fb:8a:17:9d:14:bd:d7:
         0e:7e:f6:9f:18:0b:3e:72:2e:ee:9b:83:0d:48:25:68:0b:1d:
         27:a2:f1:8f:dd:b3:85:14:56:4a:a1:79:39:85:63:a2:d6:32:
         bd:ff:04:aa:34:ef:5d:bc:3b:f9:41:35:32:b2:5c:2f:2f:29:
         f7:77:0e:f3:15:37:b6:51:ff:43:ea:2d:43:7c:b1:e2:f1:83:
         75:5e:44:5a:b8:16:b1:84:de:7e:c0:16:90:cc:99:98:d1:a9:
         c0:55:48:26:84:b1:d8:b0:a3:a4:41:59:c0:67:41:af:1f:20:
         bb:7b:7d:0d:f1:19:81:68:30:50:77:cb:7c:c6:de:cd:ab:57:
         25:93:e4:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/SsL0p9NZ+dscw289C+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjUwMTAyMDE0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTYyNjgxN2ZiMzAwNmJkOGJiYjk5OGVmOTBlNjhiM2VjZjZhMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzITG3GP4rktasXmo2B2hvGCDeBJg
jWnCQNare40aaGGO7hYGf5FjFNP+er6sCJVZCJKLC1p/RUmhSj+XloSATViRkRDD
ZQv8OHQQHNBAFjqy0xW9Y9RryUt2FhPIv2mtRE7XeVqbT+ZVvR73Byz5oSZEyjlQ
q9xwgN7PlbxukCVBtsbcQc/5tAicm4nZgnTbVZHnCBfl503daDyXvnQLcTeHEbG0
X5sRoUNyzZIM4m1KpzyR4u8QL9t5kR0DNCEHPoaO+77dJ7p6bklnQNZOECTY/ylN
DwFOfT4ThVbW5RI3H9mUKxykw1+CwkS5V5fx8PnruKraW4cOTLN9n81JPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJViaBf7MAa9i7uZjvkOaLPs9qAFMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvbFdKb0Zfc3dCcjJMdTVtTy1RNW9zLXoyb0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVwcMA0G
CSqGSIb3DQEBCwUAA4IBAQBjVoztzaNnjubSU9RUoXBT0DAVGP1In2BR31/XDBhu
urZcZvVQ0QDjxWAW1XhJIO8H4Igy+a9SYKHGU/DhAuGj7JXZJmc/M2WjtiE9nOh5
idvOApOUZjjGOarYVgcn/Ewwo+pdKZTBp85qjCUWr5vEKQbcT7OaYPuKF50UvdcO
fvafGAs+ci7um4MNSCVoCx0novGP3bOFFFZKoXk5hWOi1jK9/wSqNO9dvDv5QTUy
slwvLyn3dw7zFTe2Uf9D6i1DfLHi8YN1XkRauBaxhN5+wBaQzJmY0anAVUgmhLHY
sKOkQVnAZ0GvHyC7e30N8RmBaDBQd8t8xt7Nq1clk+QM
-----END CERTIFICATE-----