Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/DWUjzTTvFWKI6_KZxYcJUZ-6dbs.roa
File:                     DWUjzTTvFWKI6_KZxYcJUZ-6dbs.roa (raw, json)
Hash identifier:          p+mIlB1T2bs+wFLe4PrmziLDMKor0sVWbkBm3gWKFRI=
Subject key identifier:   0D:65:23:CD:34:EF:15:62:88:EB:F2:99:C5:87:09:51:9F:BA:75:BB
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       019426D998F2281A183D2026EF6E0FC8B1F6
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/DWUjzTTvFWKI6_KZxYcJUZ-6dbs.roa
Signing time:             Thu 02 Jan 2025 11:49:42 +0000
ROA not before:           Thu 02 Jan 2025 11:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198981
IP address blocks:        92.42.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:98:f2:28:1a:18:3d:20:26:ef:6e:0f:c8:b1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Jan  2 11:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d6523cd34ef156288ebf299c58709519fba75bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9e:5d:f1:a6:a2:40:18:38:87:65:2e:58:7d:
                    3a:fc:fa:99:1a:30:54:54:d2:c1:31:72:18:c8:00:
                    6a:b2:20:3e:1e:19:3c:77:94:56:4c:f6:a5:58:84:
                    2c:11:6d:5b:c3:69:54:fb:ba:57:e7:54:c8:76:de:
                    36:e7:33:7f:a5:ba:15:8b:99:b6:b6:d0:32:04:8a:
                    bb:50:07:5f:20:d6:eb:51:63:b3:db:16:f6:e6:42:
                    c5:0f:cf:3b:42:f1:3c:3f:cc:a5:e1:e2:d5:89:c2:
                    f1:01:d0:70:7f:d0:2c:0f:96:3b:40:83:76:b2:a2:
                    3f:12:e5:fc:ed:7b:88:09:14:a9:1a:46:4e:12:7c:
                    b2:a8:9b:47:6c:01:db:13:12:07:0a:d3:ae:c2:72:
                    6a:6b:6d:14:be:5f:35:83:cd:ee:a1:2f:38:c1:23:
                    11:4a:ad:4f:84:10:c7:bc:81:28:b6:f2:be:b0:b5:
                    40:9c:8b:db:ec:4d:15:36:6e:ca:21:60:87:1a:f5:
                    d8:d8:0a:f8:d2:95:ee:d7:ab:7b:ce:aa:4b:fb:ee:
                    0c:cb:46:41:87:66:17:39:f7:84:d7:88:e7:2c:ac:
                    d8:f5:50:5b:0d:f0:d0:6d:94:0e:5a:27:fe:b6:42:
                    f9:a2:45:67:ec:c4:37:2b:8b:17:6e:b9:01:ff:80:
                    4c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:65:23:CD:34:EF:15:62:88:EB:F2:99:C5:87:09:51:9F:BA:75:BB
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/DWUjzTTvFWKI6_KZxYcJUZ-6dbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:6e:11:9c:f7:78:bc:4d:8e:aa:02:8c:6e:99:bb:54:53:68:
         5a:84:1e:44:d3:1e:b9:88:c4:f2:3d:3e:7d:7b:70:3a:28:77:
         75:30:47:82:16:75:1a:d9:f6:47:e3:f8:bf:c0:ca:6f:39:56:
         7a:86:24:ea:93:8a:99:a7:ec:8a:e3:f7:1f:4b:45:25:21:6d:
         9d:35:d8:84:0f:59:50:ad:3d:38:cf:95:7d:72:36:79:ec:06:
         eb:b4:66:18:98:74:19:f7:c7:1b:d1:92:47:59:26:f3:d0:8b:
         e7:28:44:a2:49:05:c3:d8:4a:cb:3d:7a:3b:e7:fc:7f:cc:02:
         aa:10:f0:fa:fd:3e:07:71:c9:14:e4:9b:03:c8:21:61:b7:4c:
         2b:1d:a3:26:6a:7e:4f:f7:7d:b3:f9:45:c7:41:d8:08:67:36:
         cf:cd:83:ef:14:f9:1b:72:ec:17:11:21:9c:45:38:b1:2c:5b:
         ef:54:03:3a:7b:56:86:b5:d4:12:8d:0c:b6:e5:da:c8:d7:72:
         a3:4e:57:aa:62:e2:a9:46:5a:9b:d7:19:d3:af:71:60:06:ce:
         15:41:46:3f:4a:7d:58:76:c0:da:a2:d3:ac:b3:7a:9b:31:80:
         cf:92:03:5f:7a:0e:a3:02:f5:fd:b0:bb:51:e5:e6:01:d1:97:
         5b:f3:41:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ZjyKBoYPSAm724PyLH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwMTAyMTE0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDY1MjNjZDM0ZWYxNTYyODhlYmYyOTljNTg3MDk1MTlmYmE3NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp5d8aaiQBg4h2UuWH06/PqZGjBU
VNLBMXIYyABqsiA+Hhk8d5RWTPalWIQsEW1bw2lU+7pX51TIdt425zN/pboVi5m2
ttAyBIq7UAdfINbrUWOz2xb25kLFD887QvE8P8yl4eLVicLxAdBwf9AsD5Y7QIN2
sqI/EuX87XuICRSpGkZOEnyyqJtHbAHbExIHCtOuwnJqa20Uvl81g83uoS84wSMR
Sq1PhBDHvIEotvK+sLVAnIvb7E0VNm7KIWCHGvXY2Ar40pXu16t7zqpL++4My0ZB
h2YXOfeE14jnLKzY9VBbDfDQbZQOWif+tkL5okVn7MQ3K4sXbrkB/4BMTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1lI8007xViiOvymcWHCVGfunW7MB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvRFdVanpUVHZGV0tJNl9LWnhZY0pVWi02ZGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCpmMA0G
CSqGSIb3DQEBCwUAA4IBAQC4bhGc93i8TY6qAoxumbtUU2hahB5E0x65iMTyPT59
e3A6KHd1MEeCFnUa2fZH4/i/wMpvOVZ6hiTqk4qZp+yK4/cfS0UlIW2dNdiED1lQ
rT04z5V9cjZ57AbrtGYYmHQZ98cb0ZJHWSbz0IvnKESiSQXD2ErLPXo75/x/zAKq
EPD6/T4HcckU5JsDyCFht0wrHaMman5P932z+UXHQdgIZzbPzYPvFPkbcuwXESGc
RTixLFvvVAM6e1aGtdQSjQy25drI13KjTleqYuKpRlqb1xnTr3FgBs4VQUY/Sn1Y
dsDaotOss3qbMYDPkgNfeg6jAvX9sLtR5eYB0Zdb80Hf
-----END CERTIFICATE-----