Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/a6cade-d425-4d89-a0c1-cf6b23d2617c/1/AYkoB-e1MzcctAIB25MUBAI3Gw8.roa
File:                     AYkoB-e1MzcctAIB25MUBAI3Gw8.roa (raw, json)
Hash identifier:          RhXb3K21xkSfp4wHDHnklvRvJi1oEc1FzHYwM8s92WA=
Subject key identifier:   01:89:28:07:E7:B5:33:37:1C:B4:02:01:DB:93:14:04:02:37:1B:0F
Certificate issuer:       /CN=2305ae06212f3c2f8f573a0b5492441e58f21c4e
Certificate serial:       0194214446FD93D69C4464F19C41F8B6A07B
Authority key identifier: 23:05:AE:06:21:2F:3C:2F:8F:57:3A:0B:54:92:44:1E:58:F2:1C:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwWuBiEvPC-PVzoLVJJEHljyHE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/a6cade-d425-4d89-a0c1-cf6b23d2617c/1/AYkoB-e1MzcctAIB25MUBAI3Gw8.roa
Signing time:             Wed 01 Jan 2025 09:48:30 +0000
ROA not before:           Wed 01 Jan 2025 09:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51616
IP address blocks:        92.119.48.0/23 maxlen: 23
                          92.119.50.0/24 maxlen: 24
                          92.119.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/a6cade-d425-4d89-a0c1-cf6b23d2617c/1/IwWuBiEvPC-PVzoLVJJEHljyHE4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/a6cade-d425-4d89-a0c1-cf6b23d2617c/1/IwWuBiEvPC-PVzoLVJJEHljyHE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwWuBiEvPC-PVzoLVJJEHljyHE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:46:fd:93:d6:9c:44:64:f1:9c:41:f8:b6:a0:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2305ae06212f3c2f8f573a0b5492441e58f21c4e
        Validity
            Not Before: Jan  1 09:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01892807e7b533371cb40201db93140402371b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cc:59:8f:9b:65:f7:93:b5:53:77:22:58:71:
                    c4:71:d3:7c:4f:34:c2:fb:78:e1:d0:5e:79:7a:42:
                    7e:c7:d0:75:db:35:6f:b8:bb:be:7c:3f:94:dc:dd:
                    1f:45:4b:da:bb:32:d8:61:00:3d:61:07:4b:27:28:
                    69:ff:13:20:3d:bd:ba:09:ad:ac:13:8a:82:f3:58:
                    4c:c8:87:6d:5a:b9:19:6d:08:0b:64:89:9c:32:6a:
                    15:a2:a2:a0:9e:1d:8c:a1:2a:a1:b9:c3:ba:24:60:
                    84:75:fe:f3:a0:34:b2:5f:15:70:4b:97:7b:1b:85:
                    1c:3a:82:64:d9:93:0b:0b:25:4c:5b:f7:40:eb:c8:
                    89:8a:bc:40:c6:e1:36:32:73:48:34:79:c2:4a:65:
                    59:0f:39:02:5f:5b:3d:dd:97:31:1e:15:8e:22:56:
                    23:55:2d:af:03:d8:6a:60:19:17:41:7c:a6:a1:0f:
                    11:7d:86:03:1a:a4:e1:8f:21:6d:b9:31:4f:dd:8e:
                    e1:d9:8a:87:4e:d5:9f:4e:4e:92:96:bd:1c:ec:86:
                    d5:d6:f4:b3:22:f5:bb:6f:96:07:d5:64:12:23:19:
                    68:ec:63:c4:0a:1f:30:71:47:69:bf:24:c7:1d:c2:
                    cd:c5:5f:2a:78:5d:81:79:98:5b:f0:3e:a0:ae:f6:
                    d0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:89:28:07:E7:B5:33:37:1C:B4:02:01:DB:93:14:04:02:37:1B:0F
            X509v3 Authority Key Identifier:
                keyid:23:05:AE:06:21:2F:3C:2F:8F:57:3A:0B:54:92:44:1E:58:F2:1C:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwWuBiEvPC-PVzoLVJJEHljyHE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/a6cade-d425-4d89-a0c1-cf6b23d2617c/1/AYkoB-e1MzcctAIB25MUBAI3Gw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/a6cade-d425-4d89-a0c1-cf6b23d2617c/1/IwWuBiEvPC-PVzoLVJJEHljyHE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:ec:62:13:01:63:98:e5:30:5c:12:a9:82:a9:4e:cc:71:45:
         8b:35:c1:86:fc:53:1e:d1:f6:f2:28:cc:56:7b:c9:f2:a9:d9:
         c9:5b:8d:36:a8:87:f3:7a:3f:54:10:15:a9:b5:b6:ed:c4:f8:
         b9:0d:d4:b1:ee:76:91:7b:f0:62:0c:3f:0b:55:e5:7d:6f:6b:
         87:8c:ea:b3:94:ca:74:04:5b:9f:0e:fe:98:4c:a5:d2:84:89:
         57:3d:e7:33:3b:97:fb:df:ec:c7:9f:10:c6:9b:67:99:6c:3e:
         30:66:d0:cd:67:35:91:51:0b:e7:e8:f1:77:00:30:68:80:af:
         a2:c2:d4:c2:93:07:12:3e:e3:43:b0:29:4a:90:e9:da:48:1e:
         1e:0c:cf:cd:7d:32:78:68:0d:9f:78:06:91:9e:c6:80:7d:bf:
         62:7c:02:a6:5b:d7:df:4a:06:e1:e9:35:77:12:cf:6c:0f:4e:
         aa:28:d3:b8:1b:10:e7:5f:d0:11:b9:15:5f:25:c8:2e:a9:36:
         00:c7:21:b2:10:f0:02:76:fe:ca:86:be:42:6c:b1:6e:03:d1:
         8e:3d:17:27:26:21:eb:2c:38:82:e3:09:7a:ee:b9:c7:f8:f2:
         89:12:8a:17:91:e3:be:dd:0e:4e:e7:16:6a:aa:da:da:51:32:
         20:f6:d2:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREb9k9acRGTxnEH4tqB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDVhZTA2MjEyZjNjMmY4ZjU3M2EwYjU0OTI0NDFlNThm
MjFjNGUwHhcNMjUwMTAxMDk0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTg5MjgwN2U3YjUzMzM3MWNiNDAyMDFkYjkzMTQwNDAyMzcxYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8xZj5tl95O1U3ciWHHEcdN8TzTC
+3jh0F55ekJ+x9B12zVvuLu+fD+U3N0fRUvauzLYYQA9YQdLJyhp/xMgPb26Ca2s
E4qC81hMyIdtWrkZbQgLZImcMmoVoqKgnh2MoSqhucO6JGCEdf7zoDSyXxVwS5d7
G4UcOoJk2ZMLCyVMW/dA68iJirxAxuE2MnNINHnCSmVZDzkCX1s93ZcxHhWOIlYj
VS2vA9hqYBkXQXymoQ8RfYYDGqThjyFtuTFP3Y7h2YqHTtWfTk6Slr0c7IbV1vSz
IvW7b5YH1WQSIxlo7GPECh8wcUdpvyTHHcLNxV8qeF2BeZhb8D6grvbQkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGJKAfntTM3HLQCAduTFAQCNxsPMB8GA1UdIwQY
MBaAFCMFrgYhLzwvj1c6C1SSRB5Y8hxOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdXdUJpRXZQQy1QVnpvTFZKSkVIbGp5SEU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9hNmNhZGUtZDQyNS00ZDg5LWEwYzEt
Y2Y2YjIzZDI2MTdjLzEvQVlrb0ItZTFNemNjdEFJQjI1TVVCQUkzR3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9hNmNhZGUtZDQyNS00ZDg5LWEwYzEtY2Y2YjIzZDI2MTdj
LzEvSXdXdUJpRXZQQy1QVnpvTFZKSkVIbGp5SEU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXHcwMA0G
CSqGSIb3DQEBCwUAA4IBAQBp7GITAWOY5TBcEqmCqU7McUWLNcGG/FMe0fbyKMxW
e8nyqdnJW402qIfzej9UEBWptbbtxPi5DdSx7naRe/BiDD8LVeV9b2uHjOqzlMp0
BFufDv6YTKXShIlXPeczO5f73+zHnxDGm2eZbD4wZtDNZzWRUQvn6PF3ADBogK+i
wtTCkwcSPuNDsClKkOnaSB4eDM/NfTJ4aA2feAaRnsaAfb9ifAKmW9ffSgbh6TV3
Es9sD06qKNO4GxDnX9ARuRVfJcguqTYAxyGyEPACdv7Khr5CbLFuA9GOPRcnJiHr
LDiC4wl67rnH+PKJEooXkeO+3Q5O5xZqqtraUTIg9tI4
-----END CERTIFICATE-----