Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/AwQqI11JRu2AgESYEkqE8TS5dRc.roa
File:                     AwQqI11JRu2AgESYEkqE8TS5dRc.roa (raw, json)
Hash identifier:          LwywXO92vNUygGnVVACwLsvNaWXBGFTsrh/x00vswYo=
Subject key identifier:   03:04:2A:23:5D:49:46:ED:80:80:44:98:12:4A:84:F1:34:B9:75:17
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       01915530AF95DACC5DA289F054E74FB9C4DC
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/AwQqI11JRu2AgESYEkqE8TS5dRc.roa
Signing time:             Thu 15 Aug 2024 08:38:59 +0000
ROA not before:           Thu 15 Aug 2024 08:38:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214891
IP address blocks:        92.42.102.0/24 maxlen: 24
                          185.225.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:30:af:95:da:cc:5d:a2:89:f0:54:e7:4f:b9:c4:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Aug 15 08:38:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03042a235d4946ed80804498124a84f134b97517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:e2:ed:c3:85:5f:fb:4c:7d:fc:b2:f2:64:f0:
                    6b:03:af:d5:23:46:df:f3:35:18:ce:c8:d9:5a:16:
                    82:e1:d7:8b:9f:09:e9:2e:ee:59:a5:09:97:ba:f1:
                    2b:0d:7d:89:4f:dd:c8:5b:97:d9:5f:3f:14:45:4e:
                    04:e2:93:43:54:35:34:af:99:0e:f0:92:8e:7f:7c:
                    04:2b:99:ca:05:de:9d:fa:bd:87:6e:2d:ff:3a:de:
                    57:e4:72:e5:f8:8e:d7:6d:96:b3:2f:a4:84:f1:36:
                    e3:97:4b:cc:53:d7:a4:ba:a9:c5:18:99:6d:1e:d4:
                    1c:f6:79:b6:ee:37:d1:37:ad:b5:b1:1c:65:09:a4:
                    df:4c:9b:be:69:99:e7:ea:a8:e6:74:6e:7e:7c:3d:
                    15:93:f2:50:48:54:e8:0c:b9:74:41:5a:a8:dd:71:
                    8a:b2:9f:c4:0d:27:0d:eb:b6:e2:b3:bc:4d:7f:81:
                    65:20:4f:bc:f1:f4:ea:28:b9:95:fc:d2:a8:eb:a4:
                    4f:f4:ff:8e:30:1b:d8:f4:c9:9e:2a:f2:74:03:00:
                    4e:93:b6:62:ce:96:e5:7d:dd:f8:65:cb:73:74:85:
                    74:b2:8a:be:83:47:c3:45:2d:aa:a3:08:0a:e7:4c:
                    bd:f8:09:5b:f4:d6:11:8c:35:1d:fb:29:dd:1c:d7:
                    82:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:04:2A:23:5D:49:46:ED:80:80:44:98:12:4A:84:F1:34:B9:75:17
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/AwQqI11JRu2AgESYEkqE8TS5dRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.102.0/24
                  185.225.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:13:0f:35:3f:85:e2:57:e8:da:3c:5f:10:90:e5:37:de:a1:
         91:28:3c:38:f3:68:03:0e:b1:69:82:04:06:3d:da:55:de:c7:
         6a:b3:d8:1f:54:1a:3c:fe:b1:db:03:b4:c2:60:51:8c:e0:e5:
         30:d2:df:d2:54:86:35:c8:85:ea:47:67:33:f7:d8:e6:3f:9a:
         2e:c8:51:ed:e4:60:76:6d:16:b7:78:ad:3c:53:82:af:65:b4:
         4f:06:46:c2:39:63:9d:2b:a2:4b:10:f9:cf:dc:0c:92:b4:62:
         57:f6:6e:40:22:a0:f7:87:56:34:1e:64:c2:fd:b9:95:00:49:
         52:3c:d0:73:97:8f:36:7b:10:1e:09:6a:cf:0e:b1:9b:91:dc:
         0f:93:50:ed:ae:48:98:10:cc:4c:41:02:c9:83:53:5e:83:95:
         0f:61:20:18:4a:f9:df:43:a3:aa:75:93:06:3d:f7:7e:b3:3d:
         c7:10:1a:fd:a1:bb:d9:6f:9f:ec:ba:19:d2:1a:6e:8f:b9:19:
         43:f5:12:ae:4e:ca:6a:8f:00:8e:ae:68:96:26:37:8b:fb:21:
         d2:7a:2b:59:3a:fa:c9:48:6a:a0:7a:d2:ae:20:32:f0:a0:4e:
         f6:94:bd:92:29:6f:5e:c4:cc:2d:dc:dd:e7:33:15:c3:b3:7e:
         8b:78:48:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFVMK+V2sxdoonwVOdPucTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjQwODE1MDgzODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzA0MmEyMzVkNDk0NmVkODA4MDQ0OTgxMjRhODRmMTM0Yjk3NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OLtw4Vf+0x9/LLyZPBrA6/VI0bf
8zUYzsjZWhaC4deLnwnpLu5ZpQmXuvErDX2JT93IW5fZXz8URU4E4pNDVDU0r5kO
8JKOf3wEK5nKBd6d+r2Hbi3/Ot5X5HLl+I7XbZazL6SE8Tbjl0vMU9ekuqnFGJlt
HtQc9nm27jfRN621sRxlCaTfTJu+aZnn6qjmdG5+fD0Vk/JQSFToDLl0QVqo3XGK
sp/EDScN67bis7xNf4FlIE+88fTqKLmV/NKo66RP9P+OMBvY9MmeKvJ0AwBOk7Zi
zpblfd34ZctzdIV0soq+g0fDRS2qowgK50y9+Alb9NYRjDUd+yndHNeCbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAMEKiNdSUbtgIBEmBJKhPE0uXUXMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvQXdRcUkxMUpSdTJBZ0VTWUVrcUU4VFM1ZFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXCpmAwQA
ueHKMA0GCSqGSIb3DQEBCwUAA4IBAQAKEw81P4XiV+jaPF8QkOU33qGRKDw482gD
DrFpggQGPdpV3sdqs9gfVBo8/rHbA7TCYFGM4OUw0t/SVIY1yIXqR2cz99jmP5ou
yFHt5GB2bRa3eK08U4KvZbRPBkbCOWOdK6JLEPnP3AyStGJX9m5AIqD3h1Y0HmTC
/bmVAElSPNBzl482exAeCWrPDrGbkdwPk1DtrkiYEMxMQQLJg1Neg5UPYSAYSvnf
Q6OqdZMGPfd+sz3HEBr9obvZb5/suhnSGm6PuRlD9RKuTspqjwCOrmiWJjeL+yHS
eitZOvrJSGqgetKuIDLwoE72lL2SKW9exMwt3N3nMxXDs36LeEjK
-----END CERTIFICATE-----