Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zYOBWDIV0lPMNwSRGxP3N5mets4.roa
File:                     zYOBWDIV0lPMNwSRGxP3N5mets4.roa (raw, json)
Hash identifier:          lBRJuTiDj2V04B6jdKqwJ/g02hoMO30oUORqB/mQhco=
Subject key identifier:   CD:83:81:58:32:15:D2:53:CC:37:04:91:1B:13:F7:37:99:9E:B6:CE
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       018EEC557164561E2B8EC474A3FD74689DE8
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zYOBWDIV0lPMNwSRGxP3N5mets4.roa
Signing time:             Wed 17 Apr 2024 13:53:26 +0000
ROA not before:           Wed 17 Apr 2024 13:53:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        92.53.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:55:71:64:56:1e:2b:8e:c4:74:a3:fd:74:68:9d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Apr 17 13:53:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd8381583215d253cc3704911b13f737999eb6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:1e:97:31:ef:af:0c:00:c2:6a:1f:ad:ca:
                    e9:fd:19:2c:66:46:6c:58:e2:93:0f:97:3d:7d:4c:
                    c6:72:18:cd:b4:ac:49:a6:1a:90:89:ad:ed:b3:e2:
                    86:d1:42:0b:65:87:51:d9:59:14:e9:3b:90:95:2b:
                    e1:c3:c8:9b:7a:82:7f:51:82:31:ba:44:6d:ad:92:
                    33:71:52:48:3e:81:ef:69:7f:1e:a5:2d:dc:2e:bf:
                    ef:a9:d0:cc:49:0f:f9:34:66:59:a6:f7:e6:ac:74:
                    02:ec:2d:6c:42:69:11:fa:a4:0c:dc:1c:65:5e:4f:
                    b0:42:e4:9a:8c:a9:9b:a3:44:c7:30:59:39:4e:bd:
                    1a:5b:5a:72:c5:a7:d3:f5:01:73:33:3e:f0:31:d4:
                    0d:e0:81:51:d5:af:8b:d9:16:00:45:43:bc:72:e7:
                    05:b2:0f:dc:1f:67:f4:ab:18:3a:a2:31:d0:28:56:
                    e7:89:7c:12:61:59:3d:48:64:63:71:4a:a0:3d:55:
                    9a:cf:9d:4a:f9:c3:ae:23:1b:98:cd:73:ca:95:3f:
                    44:e9:9f:3e:8f:70:19:ec:89:6c:71:a8:f3:c5:1b:
                    41:72:ef:51:17:44:ac:61:69:96:a0:00:09:c3:20:
                    97:6f:d2:34:74:d4:0a:fe:29:fa:3c:9e:5d:7e:49:
                    a2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:83:81:58:32:15:D2:53:CC:37:04:91:1B:13:F7:37:99:9E:B6:CE
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zYOBWDIV0lPMNwSRGxP3N5mets4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:b5:cf:a9:44:cf:b7:87:27:f6:47:b0:97:80:c9:4b:1c:1e:
         58:22:31:5b:2c:1f:74:4c:17:77:b7:25:40:20:79:e9:e8:e3:
         3b:d4:a1:b3:bc:e1:a5:77:95:75:ca:c1:5a:2b:22:f4:5f:e2:
         da:35:c8:87:35:93:71:02:70:04:76:9b:ba:eb:a8:aa:98:b1:
         d3:5a:9a:8a:9a:87:04:73:e4:4c:0d:b9:39:a3:7e:72:a9:8b:
         7b:20:ef:a7:11:d6:b6:d1:be:68:dc:88:50:33:04:1f:9f:f4:
         47:88:58:94:38:25:0f:0f:99:6a:7b:1c:48:05:52:57:70:97:
         87:a2:39:4c:4f:1e:65:f4:9c:81:97:eb:27:fb:5e:df:e3:2e:
         5a:ea:31:7a:fe:61:d1:6e:ed:42:05:6c:fb:ea:76:5f:4f:d9:
         4f:31:da:63:28:d2:c0:6a:e0:97:3c:b8:90:84:f2:c8:ed:57:
         7d:fa:3c:64:64:33:a3:db:3f:8f:70:d5:af:50:89:51:03:34:
         36:e0:24:09:d9:33:fc:02:c0:53:6a:a5:27:91:19:7f:c2:7e:
         78:ba:ea:d7:b0:46:5a:c2:d5:ac:f5:5d:5e:43:b1:e2:0b:bc:
         68:51:5e:5e:46:e2:7a:cc:84:02:dc:0d:be:da:fd:0e:19:83:
         47:a6:04:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7sVXFkVh4rjsR0o/10aJ3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwNDE3MTM1MzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDgzODE1ODMyMTVkMjUzY2MzNzA0OTExYjEzZjczNzk5OWViNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSQelzHvrwwAwmofrcrp/RksZkZs
WOKTD5c9fUzGchjNtKxJphqQia3ts+KG0UILZYdR2VkU6TuQlSvhw8ibeoJ/UYIx
ukRtrZIzcVJIPoHvaX8epS3cLr/vqdDMSQ/5NGZZpvfmrHQC7C1sQmkR+qQM3Bxl
Xk+wQuSajKmbo0THMFk5Tr0aW1pyxafT9QFzMz7wMdQN4IFR1a+L2RYARUO8cucF
sg/cH2f0qxg6ojHQKFbniXwSYVk9SGRjcUqgPVWaz51K+cOuIxuYzXPKlT9E6Z8+
j3AZ7IlscajzxRtBcu9RF0SsYWmWoAAJwyCXb9I0dNQK/in6PJ5dfkmizQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2DgVgyFdJTzDcEkRsT9zeZnrbOMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvellPQldESVYwbFBNTndTUkd4UDNONW1ldHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDW8MA0G
CSqGSIb3DQEBCwUAA4IBAQAytc+pRM+3hyf2R7CXgMlLHB5YIjFbLB90TBd3tyVA
IHnp6OM71KGzvOGld5V1ysFaKyL0X+LaNciHNZNxAnAEdpu666iqmLHTWpqKmocE
c+RMDbk5o35yqYt7IO+nEda20b5o3IhQMwQfn/RHiFiUOCUPD5lqexxIBVJXcJeH
ojlMTx5l9JyBl+sn+17f4y5a6jF6/mHRbu1CBWz76nZfT9lPMdpjKNLAauCXPLiQ
hPLI7Vd9+jxkZDOj2z+PcNWvUIlRAzQ24CQJ2TP8AsBTaqUnkRl/wn54uurXsEZa
wtWs9V1eQ7HiC7xoUV5eRuJ6zIQC3A2+2v0OGYNHpgQz
-----END CERTIFICATE-----