Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/bf0162-fcba-4085-b4f1-d699ddc9d09c/1/9RKBuormGhqhHRvd66805Qk8vJQ.roa
File:                     9RKBuormGhqhHRvd66805Qk8vJQ.roa (raw, json)
Hash identifier:          jHRJcpIGLBInocxMy2qqfzB3iq1sfMA0lwJUetQKfi0=
Subject key identifier:   F5:12:81:BA:8A:E6:1A:1A:A1:1D:1B:DD:EB:AF:34:E5:09:3C:BC:94
Certificate issuer:       /CN=830555f011be5e241eb0b425de5fd86cc6834a54
Certificate serial:       018CC802395D835A02CBA9D47A567EF73799
Authority key identifier: 83:05:55:F0:11:BE:5E:24:1E:B0:B4:25:DE:5F:D8:6C:C6:83:4A:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwVV8BG-XiQesLQl3l_YbMaDSlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/bf0162-fcba-4085-b4f1-d699ddc9d09c/1/9RKBuormGhqhHRvd66805Qk8vJQ.roa
Signing time:             Tue 02 Jan 2024 02:30:38 +0000
ROA not before:           Tue 02 Jan 2024 02:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52130
IP address blocks:        188.92.40.0/21 maxlen: 23
                          2a02:7d00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/bf0162-fcba-4085-b4f1-d699ddc9d09c/1/gwVV8BG-XiQesLQl3l_YbMaDSlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/bf0162-fcba-4085-b4f1-d699ddc9d09c/1/gwVV8BG-XiQesLQl3l_YbMaDSlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gwVV8BG-XiQesLQl3l_YbMaDSlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:39:5d:83:5a:02:cb:a9:d4:7a:56:7e:f7:37:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830555f011be5e241eb0b425de5fd86cc6834a54
        Validity
            Not Before: Jan  2 02:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f51281ba8ae61a1aa11d1bddebaf34e5093cbc94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6f:65:79:d9:b4:95:48:0b:ad:54:b6:ec:70:
                    2b:e1:24:0b:e0:db:d1:58:3d:55:02:9a:81:ee:1f:
                    4c:7d:bd:21:bb:dc:ed:ac:e2:3f:6c:dd:cc:45:07:
                    59:a9:a0:24:e5:f4:8c:eb:7b:2f:68:bd:e7:5c:93:
                    a1:12:16:60:00:82:1c:0a:12:27:e5:9d:84:6e:9e:
                    05:80:ad:36:9e:7d:e7:32:f0:67:a9:b0:ae:f2:61:
                    ad:2d:c2:76:38:76:97:f2:9e:4c:3e:69:f1:0f:39:
                    6e:aa:a8:92:bf:ec:34:77:8c:df:31:30:56:a5:96:
                    26:cd:db:00:5b:02:b8:14:73:6c:c3:55:76:4f:5f:
                    b5:73:e4:a6:fd:70:c6:96:a6:f3:6d:36:bd:51:c2:
                    63:46:fc:e3:67:90:45:bb:47:a7:fb:26:da:8c:70:
                    f9:1b:d4:13:1f:9e:4f:9f:e8:81:9c:42:92:66:0c:
                    5c:c0:26:45:8f:d7:bc:22:70:84:a4:cc:97:1d:d4:
                    73:47:b2:c5:3c:d5:40:96:74:63:a5:c7:75:61:3d:
                    e7:60:94:de:90:3e:3f:2e:3e:e6:cb:c5:17:d2:a9:
                    12:f7:08:54:bb:65:d7:8e:df:3a:b5:b0:89:e5:10:
                    49:24:45:5e:8c:d5:f5:cb:10:0f:ad:e9:5f:56:50:
                    4a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:12:81:BA:8A:E6:1A:1A:A1:1D:1B:DD:EB:AF:34:E5:09:3C:BC:94
            X509v3 Authority Key Identifier:
                keyid:83:05:55:F0:11:BE:5E:24:1E:B0:B4:25:DE:5F:D8:6C:C6:83:4A:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwVV8BG-XiQesLQl3l_YbMaDSlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/bf0162-fcba-4085-b4f1-d699ddc9d09c/1/9RKBuormGhqhHRvd66805Qk8vJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/bf0162-fcba-4085-b4f1-d699ddc9d09c/1/gwVV8BG-XiQesLQl3l_YbMaDSlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.40.0/21
                IPv6:
                  2a02:7d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:f4:d4:ee:8d:2f:0c:e5:7c:25:3b:01:0c:df:f0:e6:5a:de:
         c8:8c:6d:9b:c7:74:f6:0e:0d:09:5c:f6:e4:35:c1:d3:69:3d:
         c7:91:5b:4b:27:ca:a7:4d:db:ce:2c:2f:05:b6:e2:ab:2b:a1:
         88:ba:de:18:0d:7c:4b:61:ff:c6:26:b7:1e:49:1e:dc:b6:54:
         b8:d3:bd:ad:7c:6e:05:38:22:1c:fc:33:8e:8f:55:80:50:c0:
         55:cd:2a:05:05:1b:7f:3f:4a:9f:d2:c7:4e:16:0a:2d:1b:fb:
         1c:66:68:ca:4f:a9:aa:d4:fc:81:18:dc:e9:2c:14:93:7f:b8:
         6e:60:eb:2a:3e:28:95:5f:a4:2b:7f:10:77:db:15:b8:78:8a:
         9e:35:b7:bc:cb:09:26:b5:de:b5:a7:0f:f8:84:d3:56:af:a2:
         32:21:b3:26:e4:25:e7:81:81:87:4c:23:c5:87:cd:a4:3d:bd:
         06:2f:1a:a6:74:52:e4:5d:4a:3a:66:5d:9f:1a:9a:86:f6:41:
         f7:08:d1:87:1f:ae:7c:e1:94:3f:19:2d:96:f6:74:d3:f9:75:
         e5:93:16:3d:95:04:50:b3:03:75:06:ac:25:e6:ce:8b:bd:1e:
         cf:2e:1f:ce:02:90:e2:4b:68:d0:5f:f6:74:a7:94:dc:2a:eb:
         4d:a2:5f:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAjldg1oCy6nUelZ+9zeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDU1NWYwMTFiZTVlMjQxZWIwYjQyNWRlNWZkODZjYzY4
MzRhNTQwHhcNMjQwMTAyMDIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTEyODFiYThhZTYxYTFhYTExZDFiZGRlYmFmMzRlNTA5M2NiYzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA429ledm0lUgLrVS27HAr4SQL4NvR
WD1VApqB7h9Mfb0hu9ztrOI/bN3MRQdZqaAk5fSM63svaL3nXJOhEhZgAIIcChIn
5Z2Ebp4FgK02nn3nMvBnqbCu8mGtLcJ2OHaX8p5MPmnxDzluqqiSv+w0d4zfMTBW
pZYmzdsAWwK4FHNsw1V2T1+1c+Sm/XDGlqbzbTa9UcJjRvzjZ5BFu0en+ybajHD5
G9QTH55Pn+iBnEKSZgxcwCZFj9e8InCEpMyXHdRzR7LFPNVAlnRjpcd1YT3nYJTe
kD4/Lj7my8UX0qkS9whUu2XXjt86tbCJ5RBJJEVejNX1yxAPrelfVlBK6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPUSgbqK5hoaoR0b3euvNOUJPLyUMB8GA1UdIwQY
MBaAFIMFVfARvl4kHrC0Jd5f2GzGg0pUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dWVjhCRy1YaVFlc0xRbDNsX1liTWFEU2xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iZjAxNjItZmNiYS00MDg1LWI0ZjEt
ZDY5OWRkYzlkMDljLzEvOVJLQnVvcm1HaHFoSFJ2ZDY2ODA1UWs4dkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iZjAxNjItZmNiYS00MDg1LWI0ZjEtZDY5OWRkYzlkMDlj
LzEvZ3dWVjhCRy1YaVFlc0xRbDNsX1liTWFEU2xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDvFwoMA0E
AgACMAcDBQAqAn0AMA0GCSqGSIb3DQEBCwUAA4IBAQBm9NTujS8M5XwlOwEM3/Dm
Wt7IjG2bx3T2Dg0JXPbkNcHTaT3HkVtLJ8qnTdvOLC8FtuKrK6GIut4YDXxLYf/G
JrceSR7ctlS4072tfG4FOCIc/DOOj1WAUMBVzSoFBRt/P0qf0sdOFgotG/scZmjK
T6mq1PyBGNzpLBSTf7huYOsqPiiVX6QrfxB32xW4eIqeNbe8ywkmtd61pw/4hNNW
r6IyIbMm5CXngYGHTCPFh82kPb0GLxqmdFLkXUo6Zl2fGpqG9kH3CNGHH6584ZQ/
GS2W9nTT+XXlkxY9lQRQswN1Bqwl5s6LvR7PLh/OApDiS2jQX/Z0p5TcKutNol8M
-----END CERTIFICATE-----