Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/dunOxjOv9rhQwwS3eORtloO8jm0.roa
File:                     dunOxjOv9rhQwwS3eORtloO8jm0.roa (raw, json)
Hash identifier:          0lHtXfPp2kAZyfQR9sd+umVTb2FB8K7PA33LhksigP0=
Subject key identifier:   76:E9:CE:C6:33:AF:F6:B8:50:C3:04:B7:78:E4:6D:96:83:BC:8E:6D
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       0190161022B6CBC155B7DA948B7FB5ACF884
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/dunOxjOv9rhQwwS3eORtloO8jm0.roa
Signing time:             Fri 14 Jun 2024 09:24:34 +0000
ROA not before:           Fri 14 Jun 2024 09:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        92.53.160.0/20 maxlen: 24
                          92.53.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 15:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:10:22:b6:cb:c1:55:b7:da:94:8b:7f:b5:ac:f8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jun 14 09:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76e9cec633aff6b850c304b778e46d9683bc8e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:43:cf:e9:0b:5c:57:d4:0a:0d:03:e8:7e:1a:
                    46:f2:5a:0c:a6:dd:f0:0a:c8:08:68:36:e0:0b:7b:
                    11:61:86:4d:df:f6:03:a8:11:23:c9:2c:17:f1:79:
                    59:94:8d:58:55:90:62:d1:e5:32:a9:f3:5f:47:d3:
                    90:a1:09:ac:f8:78:29:b5:e9:40:d8:44:75:52:4d:
                    5f:d2:9f:34:32:ad:4b:96:13:4b:75:68:c8:4b:10:
                    06:07:9b:4f:85:dc:a8:ad:d3:6e:92:ae:52:64:21:
                    6a:f3:dd:82:0f:64:09:1b:df:b1:ef:35:1d:9f:9e:
                    cb:12:f8:44:af:01:31:d3:bf:f9:b3:52:bb:f1:b0:
                    ae:f5:22:e5:b0:30:af:cf:53:a5:e6:72:62:2f:c0:
                    00:a2:26:36:21:90:46:0d:ce:25:a2:0b:22:5f:e2:
                    8d:6d:78:5e:a2:13:18:d1:46:4b:1a:ab:83:36:c7:
                    c1:20:1c:3a:9c:a8:2c:90:65:fd:eb:d8:b4:62:3e:
                    84:13:a0:37:cb:f9:b7:d0:b1:65:08:d2:41:c9:1c:
                    17:5a:17:eb:33:bd:8c:22:38:4f:0f:5d:bb:05:91:
                    45:76:fc:70:7d:da:c9:09:16:10:c7:a2:db:d3:a0:
                    8a:a0:07:f0:05:0e:3f:7d:75:50:9c:f4:dd:2a:28:
                    bc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E9:CE:C6:33:AF:F6:B8:50:C3:04:B7:78:E4:6D:96:83:BC:8E:6D
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/dunOxjOv9rhQwwS3eORtloO8jm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.160.0/20
                  92.53.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:5a:b1:86:50:f5:ab:14:d7:b3:d8:bb:2d:9c:9e:db:2e:97:
         a0:af:bd:d1:5e:18:fe:ae:f7:77:31:d8:9c:6e:fd:6d:ca:ab:
         ca:9f:30:1e:13:8e:df:d9:59:67:67:00:39:f5:58:f4:ca:fd:
         b9:38:24:09:5b:e9:e8:9b:20:29:58:33:f0:62:ac:e5:51:60:
         21:8e:19:2d:7b:c4:ff:8d:ef:86:dc:b4:a9:71:8e:2d:30:de:
         1b:9a:55:ae:b5:02:5e:5a:13:94:54:9a:94:09:45:b3:18:fc:
         3a:85:bb:a5:a0:f9:92:2c:7c:8e:eb:ee:83:c0:f7:d3:53:d1:
         e5:f3:90:6f:53:a5:79:60:47:62:d6:49:7c:9b:90:78:04:c3:
         1f:e0:39:a5:34:68:19:48:ce:4c:9e:b0:bb:14:8e:1a:dd:5c:
         c5:e2:2a:23:31:05:21:35:51:2a:36:65:1e:bd:4e:a4:d6:d4:
         43:af:ff:c0:2e:7a:4c:2b:a0:62:01:19:3e:b8:54:01:6f:28:
         b5:9e:cb:80:97:96:89:2f:8c:3e:ff:1c:92:05:b5:06:1d:01:
         df:89:ea:ad:49:5c:2e:44:15:36:d1:8f:28:c6:66:36:8a:77:
         53:30:06:9a:7f:7d:1e:c0:51:1c:6e:34:3a:c6:d5:47:90:89:
         4f:6a:1a:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAWECK2y8FVt9qUi3+1rPiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwNjE0MDkyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU5Y2VjNjMzYWZmNmI4NTBjMzA0Yjc3OGU0NmQ5NjgzYmM4ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEPP6QtcV9QKDQPofhpG8loMpt3w
CsgIaDbgC3sRYYZN3/YDqBEjySwX8XlZlI1YVZBi0eUyqfNfR9OQoQms+HgptelA
2ER1Uk1f0p80Mq1LlhNLdWjISxAGB5tPhdyordNukq5SZCFq892CD2QJG9+x7zUd
n57LEvhErwEx07/5s1K78bCu9SLlsDCvz1Ol5nJiL8AAoiY2IZBGDc4logsiX+KN
bXheohMY0UZLGquDNsfBIBw6nKgskGX969i0Yj6EE6A3y/m30LFlCNJByRwXWhfr
M72MIjhPD127BZFFdvxwfdrJCRYQx6Lb06CKoAfwBQ4/fXVQnPTdKii8OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHbpzsYzr/a4UMMEt3jkbZaDvI5tMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvZHVuT3hqT3Y5cmhRd3dTM2VPUnRsb084am0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXDWgAwQC
XDW4MA0GCSqGSIb3DQEBCwUAA4IBAQAYWrGGUPWrFNez2LstnJ7bLpegr73RXhj+
rvd3Mdicbv1tyqvKnzAeE47f2VlnZwA59Vj0yv25OCQJW+nomyApWDPwYqzlUWAh
jhkte8T/je+G3LSpcY4tMN4bmlWutQJeWhOUVJqUCUWzGPw6hbuloPmSLHyO6+6D
wPfTU9Hl85BvU6V5YEdi1kl8m5B4BMMf4DmlNGgZSM5MnrC7FI4a3VzF4iojMQUh
NVEqNmUevU6k1tRDr//ALnpMK6BiARk+uFQBbyi1nsuAl5aJL4w+/xySBbUGHQHf
ieqtSVwuRBU20Y8oxmY2indTMAaaf30ewFEcbjQ6xtVHkIlPahpI
-----END CERTIFICATE-----