Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/kA5NKhRLzrOnTRRmzvt9NzlwzPI.roa
File:                     kA5NKhRLzrOnTRRmzvt9NzlwzPI.roa (raw, json)
Hash identifier:          4KkZ2EN6tKlYC2ZosOVgsMcwcnWjE/C5vSuWxXquYiY=
Subject key identifier:   90:0E:4D:2A:14:4B:CE:B3:A7:4D:14:66:CE:FB:7D:37:39:70:CC:F2
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       018E18959A30B6468C4F2B5AE73E95ACAE28
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/kA5NKhRLzrOnTRRmzvt9NzlwzPI.roa
Signing time:             Thu 07 Mar 2024 11:04:01 +0000
ROA not before:           Thu 07 Mar 2024 11:04:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        92.53.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:95:9a:30:b6:46:8c:4f:2b:5a:e7:3e:95:ac:ae:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Mar  7 11:04:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=900e4d2a144bceb3a74d1466cefb7d373970ccf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7f:8c:1f:d4:7f:9a:91:0b:35:47:e0:19:59:
                    50:58:50:6f:9f:18:77:6a:81:98:2d:cb:03:63:d8:
                    60:28:e6:02:58:1b:08:fe:95:a2:03:74:66:c7:50:
                    37:e2:34:77:fd:93:88:83:36:40:2c:dd:e1:41:f2:
                    43:ab:34:e0:1b:37:75:09:95:7e:93:a1:56:1c:cb:
                    b4:3b:b8:ac:2b:af:12:bf:eb:ff:ac:df:22:de:53:
                    51:85:fb:a9:7f:ea:0d:b7:46:91:15:06:70:f3:48:
                    5d:87:8f:51:58:37:1c:25:fd:d2:bc:21:f4:05:12:
                    54:15:d0:38:32:02:94:c8:29:a4:09:1d:40:5d:25:
                    dc:da:a4:c8:ae:e5:dc:33:47:b4:67:0d:ca:f6:36:
                    73:9b:96:cd:2c:15:82:03:0f:27:d3:fd:49:40:b7:
                    40:6c:19:23:f3:46:9f:2c:3b:f3:69:b1:2e:ae:39:
                    60:fb:81:9f:99:9d:c1:d9:d8:a0:88:46:9f:99:30:
                    7b:00:7f:46:d1:da:0d:7e:f8:21:0e:ec:a8:e3:07:
                    16:00:87:97:19:c3:a8:91:0a:7b:f0:34:25:1b:38:
                    89:19:e8:cb:f1:ef:2d:22:b5:18:27:ff:32:d9:01:
                    29:ab:86:19:34:f2:4a:1e:15:37:2f:2a:dc:68:70:
                    08:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:0E:4D:2A:14:4B:CE:B3:A7:4D:14:66:CE:FB:7D:37:39:70:CC:F2
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/kA5NKhRLzrOnTRRmzvt9NzlwzPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:2f:8d:fb:6d:d6:0e:73:73:17:0a:08:67:5f:a2:24:48:91:
         a0:5e:fb:1c:f3:e9:3f:f6:9e:0d:2b:94:61:b8:87:75:e9:68:
         70:de:7c:14:47:47:5b:56:87:d0:a7:d0:4f:e5:a2:e8:3d:b0:
         61:7a:05:f2:fb:2f:43:95:3c:ca:32:1c:ff:9e:63:77:07:dd:
         bf:0f:cc:5e:ee:5c:1b:e4:b2:2d:9b:c9:33:2c:25:01:59:53:
         ad:0a:05:36:aa:53:d0:91:c3:25:37:13:2c:f5:74:a4:af:bb:
         8b:78:82:94:77:ce:1d:24:c8:09:48:14:e6:76:1a:e6:fa:a1:
         4d:ca:45:f5:d9:4a:e2:03:04:f2:70:e9:84:85:d4:f1:85:30:
         f1:71:5e:2f:a0:7d:4a:dc:b4:2b:f4:a5:bc:15:8f:e2:bf:24:
         ae:9d:88:69:b9:b3:59:a4:f9:5c:01:64:b4:59:bc:e6:f0:0a:
         ce:88:eb:a2:69:d7:65:e6:b5:a9:ac:94:24:3d:1f:0e:ea:c0:
         b5:ce:08:02:28:72:5b:fd:6b:76:dd:6f:0b:59:cd:50:c0:a8:
         90:17:8f:09:00:bb:df:4d:2c:00:5b:6c:3e:87:28:b1:0c:ab:
         1f:2d:de:07:3a:63:66:a0:2c:0f:c9:45:af:8b:e4:62:e6:a2:
         b4:00:9e:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4YlZowtkaMTyta5z6VrK4oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwMzA3MTEwNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDBlNGQyYTE0NGJjZWIzYTc0ZDE0NjZjZWZiN2QzNzM5NzBjY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn+MH9R/mpELNUfgGVlQWFBvnxh3
aoGYLcsDY9hgKOYCWBsI/pWiA3Rmx1A34jR3/ZOIgzZALN3hQfJDqzTgGzd1CZV+
k6FWHMu0O7isK68Sv+v/rN8i3lNRhfupf+oNt0aRFQZw80hdh49RWDccJf3SvCH0
BRJUFdA4MgKUyCmkCR1AXSXc2qTIruXcM0e0Zw3K9jZzm5bNLBWCAw8n0/1JQLdA
bBkj80afLDvzabEurjlg+4GfmZ3B2digiEafmTB7AH9G0doNfvghDuyo4wcWAIeX
GcOokQp78DQlGziJGejL8e8tIrUYJ/8y2QEpq4YZNPJKHhU3LyrcaHAI+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAOTSoUS86zp00UZs77fTc5cMzyMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEva0E1TktoUkx6ck9uVFJSbXp2dDlOemx3elBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDW0MA0G
CSqGSIb3DQEBCwUAA4IBAQBsL437bdYOc3MXCghnX6IkSJGgXvsc8+k/9p4NK5Rh
uId16Whw3nwUR0dbVofQp9BP5aLoPbBhegXy+y9DlTzKMhz/nmN3B92/D8xe7lwb
5LItm8kzLCUBWVOtCgU2qlPQkcMlNxMs9XSkr7uLeIKUd84dJMgJSBTmdhrm+qFN
ykX12UriAwTycOmEhdTxhTDxcV4voH1K3LQr9KW8FY/ivySunYhpubNZpPlcAWS0
Wbzm8ArOiOuiaddl5rWprJQkPR8O6sC1zggCKHJb/Wt23W8LWc1QwKiQF48JALvf
TSwAW2w+hyixDKsfLd4HOmNmoCwPyUWvi+Ri5qK0AJ7S
-----END CERTIFICATE-----