Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/036882-c801-4ef7-be1f-fcc6614de035/1/2qtfhswyZsx0XuIOQHGGVzHxuHM.roa
File:                     2qtfhswyZsx0XuIOQHGGVzHxuHM.roa (raw, json)
Hash identifier:          gi+65o86JS8vYoDOIxF4oLbjVw9imix6Q779wOeAXw0=
Subject key identifier:   DA:AB:5F:86:CC:32:66:CC:74:5E:E2:0E:40:71:86:57:31:F1:B8:73
Certificate issuer:       /CN=48de4638c972c8ce19c4669ab57db266af7285b7
Certificate serial:       018CC3B73B69BECFAA26E19FF373750A72ED
Authority key identifier: 48:DE:46:38:C9:72:C8:CE:19:C4:66:9A:B5:7D:B2:66:AF:72:85:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SN5GOMlyyM4ZxGaatX2yZq9yhbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/036882-c801-4ef7-be1f-fcc6614de035/1/2qtfhswyZsx0XuIOQHGGVzHxuHM.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209284
IP address blocks:        92.118.116.0/22 maxlen: 22
                          92.118.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/036882-c801-4ef7-be1f-fcc6614de035/1/SN5GOMlyyM4ZxGaatX2yZq9yhbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/036882-c801-4ef7-be1f-fcc6614de035/1/SN5GOMlyyM4ZxGaatX2yZq9yhbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SN5GOMlyyM4ZxGaatX2yZq9yhbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:69:be:cf:aa:26:e1:9f:f3:73:75:0a:72:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48de4638c972c8ce19c4669ab57db266af7285b7
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daab5f86cc3266cc745ee20e4071865731f1b873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:78:1e:33:1d:d4:bb:9e:e8:a6:50:fa:58:fd:
                    56:2f:da:37:2e:a9:79:9f:2b:fc:dd:45:18:97:1b:
                    f7:a1:68:52:17:86:34:a2:91:78:2e:b8:09:f6:8b:
                    ed:f2:46:01:dc:0e:a8:ce:ac:90:16:a3:36:c3:ba:
                    5c:da:b4:e7:06:7b:96:3b:0b:87:4c:48:17:9e:99:
                    02:1a:50:31:cd:fe:c7:4b:c6:5b:bb:97:cf:27:10:
                    9f:0b:b0:49:d8:74:0c:db:be:a2:fb:2d:09:39:85:
                    0c:06:7e:2c:5c:d7:bf:ce:b2:2b:16:5c:6f:02:b1:
                    a2:9d:7f:0c:aa:b5:4f:c1:ce:7d:19:8a:1f:51:db:
                    56:9b:2e:2e:c0:01:a4:9e:e4:8f:50:e2:4a:3c:0a:
                    a5:79:c4:d5:5b:94:ea:71:fe:da:89:96:2c:50:4f:
                    76:42:78:40:40:54:17:99:11:10:8c:cc:6d:ea:e8:
                    77:33:f2:b7:78:c0:e6:74:c3:de:b6:22:ef:2a:da:
                    15:d1:0f:ae:cd:09:fd:ce:26:0e:7d:d4:11:a9:ed:
                    ab:f1:be:6f:3f:fa:cf:28:11:ab:c1:56:7f:67:2a:
                    f8:13:26:15:12:7b:51:16:28:8e:c9:fc:06:53:ad:
                    35:aa:0d:a0:74:b0:f2:17:b2:75:9a:74:dd:c2:f6:
                    68:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:AB:5F:86:CC:32:66:CC:74:5E:E2:0E:40:71:86:57:31:F1:B8:73
            X509v3 Authority Key Identifier:
                keyid:48:DE:46:38:C9:72:C8:CE:19:C4:66:9A:B5:7D:B2:66:AF:72:85:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SN5GOMlyyM4ZxGaatX2yZq9yhbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/036882-c801-4ef7-be1f-fcc6614de035/1/2qtfhswyZsx0XuIOQHGGVzHxuHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/036882-c801-4ef7-be1f-fcc6614de035/1/SN5GOMlyyM4ZxGaatX2yZq9yhbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:7f:04:db:75:80:95:b9:44:71:f1:42:f0:3e:38:8d:f8:19:
         91:cb:83:a6:86:87:f1:6f:80:51:a7:0f:c9:08:85:af:da:ce:
         cb:64:bf:c7:a9:1d:e3:e6:f7:dd:15:2d:46:f9:df:89:1f:04:
         1a:22:03:ac:39:8c:01:a7:ad:e1:44:8a:b7:26:b7:b1:ba:f6:
         a5:5c:4a:5a:0c:c9:d3:b5:6a:d8:ad:99:f6:4f:bb:23:50:41:
         fe:ad:02:b9:c6:7d:93:f4:d0:55:7e:86:28:3a:80:e2:69:5a:
         1f:92:65:df:aa:0c:4c:6f:94:58:1a:5f:50:0a:43:9c:79:64:
         8f:c7:34:28:38:01:cf:13:e7:88:27:a1:95:de:2c:8c:9b:51:
         2e:f8:01:36:d5:a9:8c:1f:9a:ba:09:a1:dd:b0:3e:9d:2d:35:
         cc:a5:a2:67:33:fd:c7:05:58:fd:91:f7:1e:ae:4f:26:1f:e8:
         88:db:31:28:10:4c:63:99:17:34:6b:97:b9:12:3d:e8:21:5c:
         a9:52:5b:3a:c9:c2:db:d1:d1:db:34:83:5f:ec:a5:21:29:12:
         8c:cd:d5:1a:a8:2d:4a:12:e8:58:bb:e7:57:ec:ff:76:16:06:
         9b:70:b0:52:9e:df:5f:02:3b:47:ed:a4:d4:55:8e:5b:ef:8e:
         ff:78:ff:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtztpvs+qJuGf83N1CnLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZGU0NjM4Yzk3MmM4Y2UxOWM0NjY5YWI1N2RiMjY2YWY3
Mjg1YjcwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFiNWY4NmNjMzI2NmNjNzQ1ZWUyMGU0MDcxODY1NzMxZjFiODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HgeMx3Uu57oplD6WP1WL9o3Lql5
nyv83UUYlxv3oWhSF4Y0opF4LrgJ9ovt8kYB3A6ozqyQFqM2w7pc2rTnBnuWOwuH
TEgXnpkCGlAxzf7HS8Zbu5fPJxCfC7BJ2HQM276i+y0JOYUMBn4sXNe/zrIrFlxv
ArGinX8MqrVPwc59GYofUdtWmy4uwAGknuSPUOJKPAqlecTVW5Tqcf7aiZYsUE92
QnhAQFQXmREQjMxt6uh3M/K3eMDmdMPetiLvKtoV0Q+uzQn9ziYOfdQRqe2r8b5v
P/rPKBGrwVZ/Zyr4EyYVEntRFiiOyfwGU601qg2gdLDyF7J1mnTdwvZoBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqrX4bMMmbMdF7iDkBxhlcx8bhzMB8GA1UdIwQY
MBaAFEjeRjjJcsjOGcRmmrV9smavcoW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU041R09NbHl5TTRaeEdhYXRYMnlacTl5aGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8wMzY4ODItYzgwMS00ZWY3LWJlMWYt
ZmNjNjYxNGRlMDM1LzEvMnF0Zmhzd3lac3gwWHVJT1FIR0dWekh4dUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8wMzY4ODItYzgwMS00ZWY3LWJlMWYtZmNjNjYxNGRlMDM1
LzEvU041R09NbHl5TTRaeEdhYXRYMnlacTl5aGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBhfwTbdYCVuURx8ULwPjiN+BmRy4Omhofxb4BRpw/J
CIWv2s7LZL/HqR3j5vfdFS1G+d+JHwQaIgOsOYwBp63hRIq3JrexuvalXEpaDMnT
tWrYrZn2T7sjUEH+rQK5xn2T9NBVfoYoOoDiaVofkmXfqgxMb5RYGl9QCkOceWSP
xzQoOAHPE+eIJ6GV3iyMm1Eu+AE21amMH5q6CaHdsD6dLTXMpaJnM/3HBVj9kfce
rk8mH+iI2zEoEExjmRc0a5e5Ej3oIVypUls6ycLb0dHbNINf7KUhKRKMzdUaqC1K
EuhYu+dX7P92FgabcLBSnt9fAjtH7aTUVY5b747/eP8D
-----END CERTIFICATE-----