Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/652267-ea13-4892-9ffa-09c1b7336a51/1/CWePTkWPKqmq8XCrzmvHtdzJ66c.roa
File:                     CWePTkWPKqmq8XCrzmvHtdzJ66c.roa (raw, json)
Hash identifier:          w47SbHpgg+8nHiedozoZtpn2WeqKZNjvBRbXbOYH5sQ=
Subject key identifier:   09:67:8F:4E:45:8F:2A:A9:AA:F1:70:AB:CE:6B:C7:B5:DC:C9:EB:A7
Certificate issuer:       /CN=92205f5a64ea1fb090ad26dcfdb18cefb9aabd8d
Certificate serial:       019421B179D5373CBA60512ABB8297FD4D9B
Authority key identifier: 92:20:5F:5A:64:EA:1F:B0:90:AD:26:DC:FD:B1:8C:EF:B9:AA:BD:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiBfWmTqH7CQrSbc_bGM77mqvY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/652267-ea13-4892-9ffa-09c1b7336a51/1/CWePTkWPKqmq8XCrzmvHtdzJ66c.roa
Signing time:             Wed 01 Jan 2025 11:47:46 +0000
ROA not before:           Wed 01 Jan 2025 11:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51903
IP address blocks:        195.26.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/652267-ea13-4892-9ffa-09c1b7336a51/1/kiBfWmTqH7CQrSbc_bGM77mqvY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/652267-ea13-4892-9ffa-09c1b7336a51/1/kiBfWmTqH7CQrSbc_bGM77mqvY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiBfWmTqH7CQrSbc_bGM77mqvY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:79:d5:37:3c:ba:60:51:2a:bb:82:97:fd:4d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92205f5a64ea1fb090ad26dcfdb18cefb9aabd8d
        Validity
            Not Before: Jan  1 11:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09678f4e458f2aa9aaf170abce6bc7b5dcc9eba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:56:85:10:4a:84:13:ec:b9:1e:97:e7:6c:3b:
                    b0:68:54:c9:1e:bd:79:f6:1f:59:d0:c8:7f:04:c8:
                    e3:3c:31:3f:ca:b7:58:d5:0b:13:5a:8f:dc:2e:6a:
                    63:a1:7d:79:54:a7:40:32:25:e9:c0:5e:c1:e8:4f:
                    3f:05:56:09:73:48:46:7c:ce:2d:25:ae:b7:8d:82:
                    04:56:04:29:b2:19:45:33:f9:91:9d:c7:b6:3e:f7:
                    b0:f2:46:06:ed:9a:fe:bc:cf:17:99:e9:d6:f0:fb:
                    3b:f0:d3:ed:e6:ba:0b:ed:33:1c:51:b4:0e:46:82:
                    4f:05:cd:71:22:38:da:eb:19:a6:7e:87:ac:e2:a2:
                    ce:a1:39:b0:8d:05:cc:05:97:e9:b8:d0:3e:26:34:
                    c1:82:2f:43:d5:6b:09:ec:40:43:5a:45:31:dc:06:
                    8b:18:fe:4e:cd:43:a6:78:bd:97:07:73:0e:b4:d1:
                    9c:3c:5b:fc:db:6f:c1:91:42:b8:34:22:60:10:77:
                    36:ea:db:98:4f:46:47:3f:eb:01:e9:52:4c:be:5b:
                    6b:54:04:43:18:88:1d:25:c5:93:66:99:bc:66:03:
                    30:65:db:cd:a5:c4:71:1e:5c:44:65:ad:d1:ef:e5:
                    1e:45:98:36:f1:08:49:e1:48:44:d0:2b:01:6a:80:
                    4c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:67:8F:4E:45:8F:2A:A9:AA:F1:70:AB:CE:6B:C7:B5:DC:C9:EB:A7
            X509v3 Authority Key Identifier:
                keyid:92:20:5F:5A:64:EA:1F:B0:90:AD:26:DC:FD:B1:8C:EF:B9:AA:BD:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiBfWmTqH7CQrSbc_bGM77mqvY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/652267-ea13-4892-9ffa-09c1b7336a51/1/CWePTkWPKqmq8XCrzmvHtdzJ66c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/652267-ea13-4892-9ffa-09c1b7336a51/1/kiBfWmTqH7CQrSbc_bGM77mqvY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:be:18:ec:b9:d6:b9:17:c0:58:e4:36:71:c3:0a:a6:5b:1f:
         bb:3c:c9:d7:79:8d:26:2a:0a:69:95:b1:b7:4f:99:c2:3a:fc:
         ea:03:e0:12:30:1d:93:f1:db:7b:bc:20:f1:e9:cd:f6:52:51:
         0a:a8:21:f2:31:0d:57:de:cc:85:6d:a2:3a:de:3d:68:1c:5b:
         3d:60:8a:d8:30:da:7d:5c:6a:1a:67:e2:d0:6b:a4:d8:39:77:
         ee:09:71:ba:a9:8d:d4:3f:42:fd:15:b2:d3:7b:85:00:fa:0a:
         b9:37:b3:54:8f:61:be:88:f2:98:fb:1c:84:11:6b:96:63:3f:
         2c:47:13:d1:65:95:48:f2:4b:5e:1b:0f:98:2c:b0:f2:b9:b9:
         25:6c:b8:92:cb:03:99:89:28:d2:78:3b:fc:21:1c:02:a9:5d:
         15:6d:cf:fb:75:fc:44:0c:88:80:d2:26:65:4b:17:11:a7:86:
         32:6f:aa:49:d3:69:7d:29:82:9a:7d:a2:56:de:d7:08:0d:db:
         5b:30:c3:6f:44:8d:6b:30:ef:15:b3:f7:5b:02:b8:b0:d8:12:
         8c:c7:76:5b:0b:c2:89:2f:1a:41:c8:12:81:88:d9:96:e4:86:
         f4:6f:d4:c8:f8:70:a9:a0:ff:11:8c:66:b8:b5:50:0d:ea:a9:
         0e:ca:3f:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsXnVNzy6YFEqu4KX/U2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjA1ZjVhNjRlYTFmYjA5MGFkMjZkY2ZkYjE4Y2VmYjlh
YWJkOGQwHhcNMjUwMTAxMTE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY3OGY0ZTQ1OGYyYWE5YWFmMTcwYWJjZTZiYzdiNWRjYzllYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1aFEEqEE+y5HpfnbDuwaFTJHr15
9h9Z0Mh/BMjjPDE/yrdY1QsTWo/cLmpjoX15VKdAMiXpwF7B6E8/BVYJc0hGfM4t
Ja63jYIEVgQpshlFM/mRnce2Pvew8kYG7Zr+vM8XmenW8Ps78NPt5roL7TMcUbQO
RoJPBc1xIjja6xmmfoes4qLOoTmwjQXMBZfpuNA+JjTBgi9D1WsJ7EBDWkUx3AaL
GP5OzUOmeL2XB3MOtNGcPFv822/BkUK4NCJgEHc26tuYT0ZHP+sB6VJMvltrVARD
GIgdJcWTZpm8ZgMwZdvNpcRxHlxEZa3R7+UeRZg28QhJ4UhE0CsBaoBMpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlnj05FjyqpqvFwq85rx7XcyeunMB8GA1UdIwQY
MBaAFJIgX1pk6h+wkK0m3P2xjO+5qr2NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lCZldtVHFIN0NRclNiY19iR003N21xdlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS82NTIyNjctZWExMy00ODkyLTlmZmEt
MDljMWI3MzM2YTUxLzEvQ1dlUFRrV1BLcW1xOFhDcnptdkh0ZHpKNjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS82NTIyNjctZWExMy00ODkyLTlmZmEtMDljMWI3MzM2YTUx
LzEva2lCZldtVHFIN0NRclNiY19iR003N21xdlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxpcMA0G
CSqGSIb3DQEBCwUAA4IBAQCevhjsuda5F8BY5DZxwwqmWx+7PMnXeY0mKgpplbG3
T5nCOvzqA+ASMB2T8dt7vCDx6c32UlEKqCHyMQ1X3syFbaI63j1oHFs9YIrYMNp9
XGoaZ+LQa6TYOXfuCXG6qY3UP0L9FbLTe4UA+gq5N7NUj2G+iPKY+xyEEWuWYz8s
RxPRZZVI8kteGw+YLLDyubklbLiSywOZiSjSeDv8IRwCqV0Vbc/7dfxEDIiA0iZl
SxcRp4Yyb6pJ02l9KYKafaJW3tcIDdtbMMNvRI1rMO8Vs/dbAriw2BKMx3ZbC8KJ
LxpByBKBiNmW5Ib0b9TI+HCpoP8RjGa4tVAN6qkOyj8I
-----END CERTIFICATE-----