Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/39867ZyLSFi-eCPM2iwf1Y9YtT0.roa
File:                     39867ZyLSFi-eCPM2iwf1Y9YtT0.roa (raw, json)
Hash identifier:          iaRbInbV94NzGnaRJ6DwrIsErsqMRVuMVJGu0FQK18k=
Subject key identifier:   DF:DF:3A:ED:9C:8B:48:58:BE:78:23:CC:DA:2C:1F:D5:8F:58:B5:3D
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       01903B0531617AA707F7E976850C14E5DFF7
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/39867ZyLSFi-eCPM2iwf1Y9YtT0.roa
Signing time:             Fri 21 Jun 2024 13:38:34 +0000
ROA not before:           Fri 21 Jun 2024 13:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        185.189.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:05:31:61:7a:a7:07:f7:e9:76:85:0c:14:e5:df:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jun 21 13:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfdf3aed9c8b4858be7823ccda2c1fd58f58b53d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:51:d1:96:2b:81:a0:5a:f3:cb:f0:59:cb:66:
                    cb:2c:6a:75:e0:0c:de:31:b8:70:29:8b:ea:0e:7e:
                    53:11:ed:90:99:93:78:23:de:fb:71:64:d9:65:81:
                    59:7a:6a:43:08:f8:58:09:ea:0e:64:e5:4a:08:22:
                    5a:3a:d0:a2:bb:bc:c9:bd:5c:bc:f0:cb:c4:e5:3f:
                    f6:9d:8e:26:68:36:36:45:07:ec:41:b4:ac:79:23:
                    1f:2b:6b:93:55:b8:bc:a2:19:a3:ee:58:34:4f:e4:
                    80:f1:41:fa:b5:d8:c7:46:a8:f7:28:47:b2:4a:95:
                    31:af:79:da:d1:4a:65:13:e5:dd:7c:3e:71:94:aa:
                    30:c4:cd:af:57:ce:99:27:56:3e:62:63:f5:44:c1:
                    06:3b:c2:49:2e:3a:79:9f:9a:ab:cb:71:e1:09:98:
                    c5:37:75:a9:5c:69:75:ea:af:53:95:9f:64:38:94:
                    d8:5e:e4:d4:3b:0f:e9:fe:88:43:5f:8b:3c:c1:65:
                    60:dd:10:64:c1:cc:0c:ed:64:ba:ab:86:95:48:28:
                    0f:f5:9d:2d:35:71:5c:f9:90:50:f2:d7:d6:96:51:
                    ad:17:7c:a4:ef:77:5b:77:af:6b:dd:b8:cd:71:6b:
                    67:8d:5a:b9:9f:37:34:57:e5:21:38:18:8f:21:ad:
                    a9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DF:3A:ED:9C:8B:48:58:BE:78:23:CC:DA:2C:1F:D5:8F:58:B5:3D
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/39867ZyLSFi-eCPM2iwf1Y9YtT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:38:10:c2:ee:b7:92:49:a9:94:8d:b0:a6:6f:88:5c:fd:a9:
         48:5b:fe:6c:bb:77:14:1c:2d:6b:16:5d:50:6d:86:48:52:20:
         34:96:97:bb:de:1b:90:f3:9f:3e:61:eb:ff:81:9c:d1:78:7d:
         c4:8e:ba:fa:ea:4c:f9:ff:7e:99:14:48:8c:67:49:c4:26:36:
         cd:19:18:f2:7e:2a:b5:37:d6:9d:19:87:61:48:2f:71:fc:5d:
         3a:83:53:43:73:ee:43:40:ef:d0:2b:28:1a:69:4e:6c:be:99:
         e8:b2:ed:68:0c:dc:96:9a:ca:1c:dc:c4:d6:8a:59:c7:6b:36:
         84:31:81:a3:1f:24:bd:0b:29:10:6c:66:0c:f0:d9:13:98:9e:
         7e:36:32:c7:57:5f:53:7a:80:de:a2:29:4f:53:1b:b5:29:a8:
         51:74:71:49:fb:21:f1:2e:12:9b:7b:61:72:c0:17:49:38:57:
         7a:5f:a7:8e:08:da:0e:85:3c:8d:55:71:d8:17:86:b6:8e:bc:
         47:83:5c:6e:17:17:9f:34:12:15:1d:1d:13:6a:9c:6a:ad:3f:
         36:29:37:dc:23:3a:e2:96:a6:18:e8:15:a2:c0:27:59:a0:67:
         e1:b0:9f:55:bc:be:f0:3d:09:2b:50:3a:59:2d:b6:49:bf:65:
         69:7b:5d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA7BTFheqcH9+l2hQwU5d/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwNjIxMTMzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRmM2FlZDljOGI0ODU4YmU3ODIzY2NkYTJjMWZkNThmNThiNTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1HRliuBoFrzy/BZy2bLLGp14Aze
MbhwKYvqDn5TEe2QmZN4I977cWTZZYFZempDCPhYCeoOZOVKCCJaOtCiu7zJvVy8
8MvE5T/2nY4maDY2RQfsQbSseSMfK2uTVbi8ohmj7lg0T+SA8UH6tdjHRqj3KEey
SpUxr3na0UplE+XdfD5xlKowxM2vV86ZJ1Y+YmP1RMEGO8JJLjp5n5qry3HhCZjF
N3WpXGl16q9TlZ9kOJTYXuTUOw/p/ohDX4s8wWVg3RBkwcwM7WS6q4aVSCgP9Z0t
NXFc+ZBQ8tfWllGtF3yk73dbd69r3bjNcWtnjVq5nzc0V+UhOBiPIa2pfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/fOu2ci0hYvngjzNosH9WPWLU9MB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvMzk4NjdaeUxTRmktZUNQTTJpd2YxWTlZdFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub0iMA0G
CSqGSIb3DQEBCwUAA4IBAQB6OBDC7reSSamUjbCmb4hc/alIW/5su3cUHC1rFl1Q
bYZIUiA0lpe73huQ858+Yev/gZzReH3Ejrr66kz5/36ZFEiMZ0nEJjbNGRjyfiq1
N9adGYdhSC9x/F06g1NDc+5DQO/QKygaaU5svpnosu1oDNyWmsoc3MTWilnHazaE
MYGjHyS9CykQbGYM8NkTmJ5+NjLHV19TeoDeoilPUxu1KahRdHFJ+yHxLhKbe2Fy
wBdJOFd6X6eOCNoOhTyNVXHYF4a2jrxHg1xuFxefNBIVHR0TapxqrT82KTfcIzri
lqYY6BWiwCdZoGfhsJ9VvL7wPQkrUDpZLbZJv2Vpe11s
-----END CERTIFICATE-----