Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/192c67-9353-49c3-8a2f-365e13da62ea/1/is2ryumT0Kim7BbBNa61Rv1t04A.roa
File:                     is2ryumT0Kim7BbBNa61Rv1t04A.roa (raw, json)
Hash identifier:          xowPY5Q8ByvBHRSfBqEpTTK2SF4Tz1rfi3+sZToWz3w=
Subject key identifier:   8A:CD:AB:CA:E9:93:D0:A8:A6:EC:16:C1:35:AE:B5:46:FD:6D:D3:80
Certificate issuer:       /CN=941f20add212c0e0e68e3f1ae8ea2a79649f4f4c
Certificate serial:       018CC8015D3DEBBD927320CDF83CAE1A8ADF
Authority key identifier: 94:1F:20:AD:D2:12:C0:E0:E6:8E:3F:1A:E8:EA:2A:79:64:9F:4F:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lB8grdISwODmjj8a6OoqeWSfT0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/192c67-9353-49c3-8a2f-365e13da62ea/1/is2ryumT0Kim7BbBNa61Rv1t04A.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.67.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/192c67-9353-49c3-8a2f-365e13da62ea/1/lB8grdISwODmjj8a6OoqeWSfT0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/192c67-9353-49c3-8a2f-365e13da62ea/1/lB8grdISwODmjj8a6OoqeWSfT0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lB8grdISwODmjj8a6OoqeWSfT0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5d:3d:eb:bd:92:73:20:cd:f8:3c:ae:1a:8a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=941f20add212c0e0e68e3f1ae8ea2a79649f4f4c
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8acdabcae993d0a8a6ec16c135aeb546fd6dd380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:54:22:a3:90:99:d1:cd:73:38:ce:aa:6e:79:
                    91:66:40:f1:db:f7:93:d7:49:4e:71:85:02:28:fb:
                    35:c6:11:17:c0:5a:6e:49:04:1c:18:37:64:23:71:
                    ef:4d:20:70:22:5e:e4:b5:8e:a0:c4:4f:1b:8d:2b:
                    c2:f8:17:88:1e:01:fc:0a:47:54:c0:7b:35:c2:ad:
                    3f:f5:0a:b7:01:24:09:dd:59:be:89:56:4c:38:2f:
                    49:a3:08:bb:7f:d1:10:12:40:f9:40:26:7e:9c:99:
                    6c:c5:0d:d9:e5:1a:6d:49:47:8f:cf:ee:19:3e:44:
                    23:03:67:f9:3b:2d:04:c9:c3:84:60:5a:33:da:65:
                    bb:6c:eb:19:1c:a9:51:0f:5d:28:4d:0b:e0:16:49:
                    25:45:62:ba:e7:65:c9:45:8a:2f:fe:fe:0e:15:3a:
                    82:08:17:8a:e0:96:43:22:28:f6:95:fb:74:97:60:
                    b1:00:a2:fe:b1:8a:07:40:32:6d:87:4a:83:19:c0:
                    95:9d:91:bd:80:4c:bc:f1:75:68:98:be:b7:64:cb:
                    d2:db:7b:47:0b:b6:6d:30:8a:2e:59:ad:71:8b:a1:
                    1e:2b:4b:b5:b6:34:3c:f1:32:c6:39:c0:c3:45:32:
                    1b:eb:50:a0:b5:42:d8:2c:50:a4:15:ae:28:2f:34:
                    36:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:CD:AB:CA:E9:93:D0:A8:A6:EC:16:C1:35:AE:B5:46:FD:6D:D3:80
            X509v3 Authority Key Identifier:
                keyid:94:1F:20:AD:D2:12:C0:E0:E6:8E:3F:1A:E8:EA:2A:79:64:9F:4F:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lB8grdISwODmjj8a6OoqeWSfT0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/192c67-9353-49c3-8a2f-365e13da62ea/1/is2ryumT0Kim7BbBNa61Rv1t04A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/192c67-9353-49c3-8a2f-365e13da62ea/1/lB8grdISwODmjj8a6OoqeWSfT0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.67.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:81:20:ff:c6:0b:e4:2a:68:81:9e:38:ca:62:45:3c:83:17:
         32:61:34:8a:e6:c0:6a:10:bc:69:01:eb:23:61:5a:cb:77:e3:
         47:9a:09:02:82:5d:f1:04:b8:06:79:34:e1:e6:15:36:62:a1:
         dd:7e:fc:64:d5:7f:b2:01:a6:1a:04:9a:2a:a1:25:44:c1:5e:
         98:81:fc:dc:75:13:2b:8b:87:9a:de:6d:f9:66:82:46:77:a2:
         c9:5a:f0:32:a7:db:f6:f2:8c:90:33:e0:da:87:9b:37:33:53:
         62:e6:b5:5f:43:74:37:70:3c:18:65:61:7c:7c:83:37:5a:cd:
         ba:8e:a8:8c:44:24:50:8e:59:35:a2:4b:cd:ac:a5:8d:6c:3c:
         ec:71:63:44:ab:3b:59:b2:27:31:df:f5:26:35:9a:c0:94:5a:
         79:b1:50:93:26:45:c2:10:fb:c5:7f:66:5e:6a:4b:f9:d0:10:
         9d:35:66:e3:4b:73:ba:7f:e8:9f:b9:4c:b8:a8:49:29:1d:de:
         95:05:b1:9f:ed:97:00:9b:fc:d5:43:51:9e:b9:ad:e5:cf:f8:
         dc:a5:1e:76:14:44:21:a7:d4:02:b0:1b:cd:5a:14:ef:f6:75:
         33:b4:fa:13:a9:62:2c:6e:32:b8:38:8d:b8:87:39:de:67:84:
         69:7b:31:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAV09672ScyDN+DyuGorfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MWYyMGFkZDIxMmMwZTBlNjhlM2YxYWU4ZWEyYTc5NjQ5
ZjRmNGMwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWNkYWJjYWU5OTNkMGE4YTZlYzE2YzEzNWFlYjU0NmZkNmRkMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5lQio5CZ0c1zOM6qbnmRZkDx2/eT
10lOcYUCKPs1xhEXwFpuSQQcGDdkI3HvTSBwIl7ktY6gxE8bjSvC+BeIHgH8CkdU
wHs1wq0/9Qq3ASQJ3Vm+iVZMOC9Jowi7f9EQEkD5QCZ+nJlsxQ3Z5RptSUePz+4Z
PkQjA2f5Oy0EycOEYFoz2mW7bOsZHKlRD10oTQvgFkklRWK652XJRYov/v4OFTqC
CBeK4JZDIij2lft0l2CxAKL+sYoHQDJth0qDGcCVnZG9gEy88XVomL63ZMvS23tH
C7ZtMIouWa1xi6EeK0u1tjQ88TLGOcDDRTIb61CgtULYLFCkFa4oLzQ2QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrNq8rpk9CopuwWwTWutUb9bdOAMB8GA1UdIwQY
MBaAFJQfIK3SEsDg5o4/GujqKnlkn09MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEI4Z3JkSVN3T0Rtamo4YTZPb3FlV1NmVDB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xOTJjNjctOTM1My00OWMzLThhMmYt
MzY1ZTEzZGE2MmVhLzEvaXMycnl1bVQwS2ltN0JiQk5hNjFSdjF0MDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xOTJjNjctOTM1My00OWMzLThhMmYtMzY1ZTEzZGE2MmVh
LzEvbEI4Z3JkSVN3T0Rtamo4YTZPb3FlV1NmVDB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwENMMA0G
CSqGSIb3DQEBCwUAA4IBAQB/gSD/xgvkKmiBnjjKYkU8gxcyYTSK5sBqELxpAesj
YVrLd+NHmgkCgl3xBLgGeTTh5hU2YqHdfvxk1X+yAaYaBJoqoSVEwV6YgfzcdRMr
i4ea3m35ZoJGd6LJWvAyp9v28oyQM+Dah5s3M1Ni5rVfQ3Q3cDwYZWF8fIM3Ws26
jqiMRCRQjlk1okvNrKWNbDzscWNEqztZsicx3/UmNZrAlFp5sVCTJkXCEPvFf2Ze
akv50BCdNWbjS3O6f+ifuUy4qEkpHd6VBbGf7ZcAm/zVQ1Geua3lz/jcpR52FEQh
p9QCsBvNWhTv9nUztPoTqWIsbjK4OI24hzneZ4RpezEp
-----END CERTIFICATE-----