Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rmgGFCKDVPQovZh_BKLDJ8Qet-I.roa
File:                     rmgGFCKDVPQovZh_BKLDJ8Qet-I.roa (raw, json)
Hash identifier:          Goo/8Wfncpcn7+PbE92zgsu/60A2iOYVzJpV+KtFd4Y=
Subject key identifier:   AE:68:06:14:22:83:54:F4:28:BD:98:7F:04:A2:C3:27:C4:1E:B7:E2
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       01901610239BBA9BB021E0341E769D94A7BD
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rmgGFCKDVPQovZh_BKLDJ8Qet-I.roa
Signing time:             Fri 14 Jun 2024 09:24:34 +0000
ROA not before:           Fri 14 Jun 2024 09:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        92.53.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:10:23:9b:ba:9b:b0:21:e0:34:1e:76:9d:94:a7:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jun 14 09:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae680614228354f428bd987f04a2c327c41eb7e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ce:cf:e8:85:4f:7f:61:e9:66:85:e8:c2:d8:
                    39:f3:75:89:18:62:f2:5f:77:46:8f:50:13:0b:13:
                    bc:45:cd:5e:66:53:fd:a4:d5:d0:26:79:c2:0c:d3:
                    08:4a:ed:d9:3a:76:39:b0:7c:60:41:81:c0:15:63:
                    1f:93:28:16:40:83:ad:3c:fd:35:06:fd:fd:07:d0:
                    b6:be:f9:f0:e3:fc:94:67:ad:57:3f:bf:82:ff:f7:
                    0e:86:49:a7:ba:70:72:bb:02:57:fb:42:62:cf:96:
                    b8:2e:5b:2a:59:14:24:6c:e2:34:61:43:7a:1f:57:
                    b1:3a:e8:11:d5:9d:ad:b2:1e:fe:23:d0:d0:c1:a8:
                    91:7c:96:2e:d0:fc:f8:43:12:00:eb:15:8c:c3:a2:
                    22:99:8f:be:b6:ef:e1:ef:d4:8b:50:a8:89:3b:e4:
                    40:4e:5d:65:94:54:47:71:7c:a9:f7:c6:d5:b6:fc:
                    13:e2:b8:29:49:b9:f6:57:9e:ef:be:2b:87:9b:8f:
                    59:ed:4a:db:49:41:f3:70:c7:ea:b2:54:4b:83:f4:
                    15:80:9a:95:4e:63:f5:a7:fa:36:93:10:42:72:93:
                    71:39:e7:83:22:32:a9:c2:f8:0a:41:9d:6a:e8:ef:
                    c7:32:98:8e:94:2a:0d:33:f4:2a:29:dc:ca:51:a5:
                    9a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:68:06:14:22:83:54:F4:28:BD:98:7F:04:A2:C3:27:C4:1E:B7:E2
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/rmgGFCKDVPQovZh_BKLDJ8Qet-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:98:24:cb:5b:87:44:e6:38:a1:aa:3d:5b:9b:8f:ad:b1:d5:
         0c:8b:95:ff:1d:7e:1f:de:d3:1a:64:43:77:52:a4:df:7c:92:
         08:6b:c1:cc:82:13:a2:97:eb:37:e7:04:8e:22:d6:64:01:fe:
         b6:ff:97:cd:8f:ae:2d:dc:a4:07:b4:01:c4:b8:2e:03:fe:09:
         fd:68:d4:dc:20:39:69:12:34:a1:e0:a0:8e:13:44:33:61:00:
         b8:05:8f:14:8a:6b:bd:0a:08:09:4d:73:0c:8e:27:cd:39:10:
         5d:df:4c:53:83:a0:35:5d:a5:ce:a6:4a:d9:48:7c:02:9b:76:
         9e:b7:75:09:79:ab:2d:17:e9:e0:bd:d9:98:8f:d0:45:7c:00:
         7d:c1:8d:61:96:3f:e4:9d:a2:8f:1b:6f:41:36:a4:23:17:ef:
         ed:31:36:ac:0e:27:f0:59:9a:90:23:21:3e:b1:34:c4:1b:60:
         64:a7:6c:6b:af:f0:e4:5b:bb:89:24:94:b5:ac:44:bf:f1:36:
         c9:24:6f:1c:7a:a8:1c:55:c7:94:e0:24:52:4d:e3:94:fa:09:
         81:17:32:6c:cd:f0:52:8c:a9:d8:2f:3d:78:5f:23:a4:e9:ee:
         36:d8:48:fa:b8:64:6a:13:0a:00:fc:72:dc:96:b2:af:5f:fa:
         ef:dc:be:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAWECObupuwIeA0HnadlKe9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwNjE0MDkyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTY4MDYxNDIyODM1NGY0MjhiZDk4N2YwNGEyYzMyN2M0MWViN2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm87P6IVPf2HpZoXowtg583WJGGLy
X3dGj1ATCxO8Rc1eZlP9pNXQJnnCDNMISu3ZOnY5sHxgQYHAFWMfkygWQIOtPP01
Bv39B9C2vvnw4/yUZ61XP7+C//cOhkmnunByuwJX+0Jiz5a4LlsqWRQkbOI0YUN6
H1exOugR1Z2tsh7+I9DQwaiRfJYu0Pz4QxIA6xWMw6IimY++tu/h79SLUKiJO+RA
Tl1llFRHcXyp98bVtvwT4rgpSbn2V57vviuHm49Z7UrbSUHzcMfqslRLg/QVgJqV
TmP1p/o2kxBCcpNxOeeDIjKpwvgKQZ1q6O/HMpiOlCoNM/QqKdzKUaWaowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5oBhQig1T0KL2YfwSiwyfEHrfiMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvcm1nR0ZDS0RWUFFvdlpoX0JLTERKOFFldC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDW8MA0G
CSqGSIb3DQEBCwUAA4IBAQBSmCTLW4dE5jihqj1bm4+tsdUMi5X/HX4f3tMaZEN3
UqTffJIIa8HMghOil+s35wSOItZkAf62/5fNj64t3KQHtAHEuC4D/gn9aNTcIDlp
EjSh4KCOE0QzYQC4BY8Uimu9CggJTXMMjifNORBd30xTg6A1XaXOpkrZSHwCm3ae
t3UJeastF+ngvdmYj9BFfAB9wY1hlj/knaKPG29BNqQjF+/tMTasDifwWZqQIyE+
sTTEG2Bkp2xrr/DkW7uJJJS1rES/8TbJJG8ceqgcVceU4CRSTeOU+gmBFzJszfBS
jKnYLz14XyOk6e422Ej6uGRqEwoA/HLclrKvX/rv3L5V
-----END CERTIFICATE-----