Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/jZ1hqla1B9AuqVdB91aCeXk6zUg.roa
File:                     jZ1hqla1B9AuqVdB91aCeXk6zUg.roa (raw, json)
Hash identifier:          TsRnkOMqRj9VkiRB/pfZMTWF1+yv/WFj+YF/KKrBi/I=
Subject key identifier:   8D:9D:61:AA:56:B5:07:D0:2E:A9:57:41:F7:56:82:79:79:3A:CD:48
Certificate issuer:       /CN=af503e5b835f0a81381d1c4c1233d38fb7ddf23d
Certificate serial:       018EF616FEFEDE4B4392E685B7C5C4F92D7B
Authority key identifier: AF:50:3E:5B:83:5F:0A:81:38:1D:1C:4C:12:33:D3:8F:B7:DD:F2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/jZ1hqla1B9AuqVdB91aCeXk6zUg.roa
Signing time:             Fri 19 Apr 2024 11:21:25 +0000
ROA not before:           Fri 19 Apr 2024 11:21:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207704
IP address blocks:        92.119.156.0/24 maxlen: 24
                          92.119.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:16:fe:fe:de:4b:43:92:e6:85:b7:c5:c4:f9:2d:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af503e5b835f0a81381d1c4c1233d38fb7ddf23d
        Validity
            Not Before: Apr 19 11:21:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d9d61aa56b507d02ea95741f7568279793acd48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5c:cb:09:fc:32:e1:31:f7:d5:0b:d8:34:8e:
                    77:f8:d1:07:f6:d0:43:f5:8a:7b:e9:8d:c1:21:cb:
                    09:ac:96:4b:bd:85:29:81:b4:76:f4:fb:3f:cd:fa:
                    87:af:2a:00:87:8c:d0:2a:0a:a2:73:8a:da:4f:d5:
                    45:b0:3b:ea:4f:c2:6d:86:86:65:f0:65:51:34:ff:
                    47:fa:87:18:e9:01:fc:61:de:76:51:93:c0:fc:f9:
                    e4:e3:be:6e:a2:07:ec:d3:53:cc:c4:42:27:8b:cf:
                    93:58:a8:ab:85:64:44:88:77:43:50:16:19:8f:8a:
                    42:48:a8:fb:10:4a:a0:05:d0:00:56:ab:cb:c9:15:
                    08:d3:ef:84:b6:4f:d5:a3:35:da:1a:23:ab:d9:be:
                    3e:3c:99:8f:e2:91:bf:d3:45:dc:94:00:60:a9:dc:
                    c9:fe:b9:60:9c:16:0d:65:78:c8:52:97:6c:f5:fa:
                    43:62:9b:72:21:74:a4:32:d7:4d:48:b3:19:e2:21:
                    59:11:6b:ab:0b:b9:96:a4:95:79:f6:b6:d8:ae:88:
                    bf:72:8e:bf:c9:44:5b:ae:8c:79:a5:39:4d:1b:74:
                    82:b7:09:b0:f6:2e:27:cf:e4:d0:5f:46:07:2c:34:
                    bf:46:1e:65:c9:f3:83:86:91:a8:ef:42:49:53:34:
                    87:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:9D:61:AA:56:B5:07:D0:2E:A9:57:41:F7:56:82:79:79:3A:CD:48
            X509v3 Authority Key Identifier:
                keyid:AF:50:3E:5B:83:5F:0A:81:38:1D:1C:4C:12:33:D3:8F:B7:DD:F2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/jZ1hqla1B9AuqVdB91aCeXk6zUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.156.0/24
                  92.119.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:9b:e2:aa:42:74:e7:9c:fe:9c:f8:fb:d3:da:4c:8a:83:a9:
         10:96:6a:e2:0a:84:59:3d:1c:c6:70:42:f8:47:bf:0c:b7:89:
         17:0d:5e:ae:5c:64:76:cc:bd:0b:98:e4:f8:d3:57:fc:58:82:
         10:68:d9:20:91:c7:2a:11:5d:6a:94:79:5f:a0:7a:45:13:bf:
         80:27:04:5b:a7:19:24:27:2f:03:7d:4f:bd:66:68:f4:2b:c5:
         b0:a1:4a:00:69:69:0b:48:e5:74:54:a6:ad:e8:f2:41:be:a4:
         6a:5c:cb:a0:e8:08:ec:27:22:97:f8:79:1c:cb:59:1e:cd:1a:
         79:f0:f5:9b:3e:db:77:98:83:a6:77:d9:ef:96:e5:41:9d:e3:
         71:93:58:94:a8:a7:df:80:e1:96:80:20:d5:20:3e:4d:18:cf:
         e0:f6:16:77:e3:21:d2:6d:5b:1a:a1:b5:b3:e2:d5:10:d5:8c:
         3c:3d:6f:5f:91:55:ee:95:d8:ac:17:16:2e:1e:18:d3:18:c1:
         e0:46:d1:25:3a:d0:7f:7f:fa:32:b0:8e:90:42:42:f6:65:9a:
         13:44:74:f5:7b:fd:d7:53:5a:01:e9:de:08:87:2f:cd:d6:ab:
         e5:bc:21:7c:64:21:e3:9e:ca:59:5f:6c:a8:e9:c5:c1:2f:92:
         de:9c:ac:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY72Fv7+3ktDkuaFt8XE+S17MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTAzZTViODM1ZjBhODEzODFkMWM0YzEyMzNkMzhmYjdk
ZGYyM2QwHhcNMjQwNDE5MTEyMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDlkNjFhYTU2YjUwN2QwMmVhOTU3NDFmNzU2ODI3OTc5M2FjZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVzLCfwy4TH31QvYNI53+NEH9tBD
9Yp76Y3BIcsJrJZLvYUpgbR29Ps/zfqHryoAh4zQKgqic4raT9VFsDvqT8JthoZl
8GVRNP9H+ocY6QH8Yd52UZPA/Pnk475uogfs01PMxEIni8+TWKirhWREiHdDUBYZ
j4pCSKj7EEqgBdAAVqvLyRUI0++Etk/VozXaGiOr2b4+PJmP4pG/00XclABgqdzJ
/rlgnBYNZXjIUpds9fpDYptyIXSkMtdNSLMZ4iFZEWurC7mWpJV59rbYroi/co6/
yURbrox5pTlNG3SCtwmw9i4nz+TQX0YHLDS/Rh5lyfODhpGo70JJUzSHgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI2dYapWtQfQLqlXQfdWgnl5Os1IMB8GA1UdIwQY
MBaAFK9QPluDXwqBOB0cTBIz04+33fI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFBLVc0TmZDb0U0SFJ4TUVqUFRqN2ZkOGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8wNjAwZjgtMjk1OC00NDE3LWJiNjct
M2M1ZTE3NDRhY2RkLzEvaloxaHFsYTFCOUF1cVZkQjkxYUNlWGs2elVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8wNjAwZjgtMjk1OC00NDE3LWJiNjctM2M1ZTE3NDRhY2Rk
LzEvcjFBLVc0TmZDb0U0SFJ4TUVqUFRqN2ZkOGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXHecAwQA
XHeeMA0GCSqGSIb3DQEBCwUAA4IBAQBYm+KqQnTnnP6c+PvT2kyKg6kQlmriCoRZ
PRzGcEL4R78Mt4kXDV6uXGR2zL0LmOT401f8WIIQaNkgkccqEV1qlHlfoHpFE7+A
JwRbpxkkJy8DfU+9Zmj0K8WwoUoAaWkLSOV0VKat6PJBvqRqXMug6AjsJyKX+Hkc
y1kezRp58PWbPtt3mIOmd9nvluVBneNxk1iUqKffgOGWgCDVID5NGM/g9hZ34yHS
bVsaobWz4tUQ1Yw8PW9fkVXuldisFxYuHhjTGMHgRtElOtB/f/oysI6QQkL2ZZoT
RHT1e/3XU1oB6d4Ihy/N1qvlvCF8ZCHjnspZX2yo6cXBL5LenKyw
-----END CERTIFICATE-----