Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/_oUr7Rhxmgrw_t3mq_4wlq2-Ibo.roa
File:                     _oUr7Rhxmgrw_t3mq_4wlq2-Ibo.roa (raw, json)
Hash identifier:          nZbQ0HhgfysXLW0z9jWk6JcbyV2Nx7drLm7xDQQ8XOo=
Subject key identifier:   FE:85:2B:ED:18:71:9A:0A:F0:FE:DD:E6:AB:FE:30:96:AD:BE:21:BA
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018CC94CC68715E04BAED00D6650DC65689F
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/_oUr7Rhxmgrw_t3mq_4wlq2-Ibo.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59584
IP address blocks:        92.63.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c6:87:15:e0:4b:ae:d0:0d:66:50:dc:65:68:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe852bed18719a0af0fedde6abfe3096adbe21ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fd:04:10:33:a3:d2:64:7c:ea:49:71:4f:63:
                    10:61:26:c2:ee:73:2c:0d:f9:5e:eb:29:a0:bf:95:
                    28:29:03:90:92:97:db:72:44:37:94:ab:3a:9d:0a:
                    f2:13:b7:b0:10:e2:c1:8d:06:ab:8b:ff:50:11:9f:
                    d3:14:72:9b:00:3e:57:52:e8:d1:64:23:bd:06:08:
                    04:4c:8f:94:3e:8e:f9:10:2a:ad:57:6e:80:7d:83:
                    ed:23:9f:83:67:fd:01:81:02:31:77:6b:eb:fb:f4:
                    26:b2:0c:c7:b0:56:ea:9f:48:82:bf:56:7e:97:28:
                    55:c5:f7:2f:74:8e:af:72:4f:2a:e8:eb:c1:e9:9d:
                    5f:7b:fd:6d:d8:30:11:e7:a3:34:91:fe:eb:84:b3:
                    fb:07:56:4a:ec:cb:69:9d:4e:32:5e:f0:43:b5:95:
                    11:9e:30:28:b7:eb:e8:f1:9c:2e:53:2d:7d:9a:b6:
                    d2:cf:ef:c1:af:aa:52:20:b8:c8:89:2e:41:df:5e:
                    f2:78:e3:67:1d:d5:70:32:e5:b6:97:b2:f8:06:96:
                    0a:b6:a3:9c:c5:19:a0:fc:32:52:c4:84:31:ad:f3:
                    d0:a0:0f:ad:59:ce:ba:d0:7c:a7:9b:3b:b3:e8:3e:
                    4e:5c:6b:02:7a:92:0f:a9:e3:a7:85:d2:2d:de:02:
                    2c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:85:2B:ED:18:71:9A:0A:F0:FE:DD:E6:AB:FE:30:96:AD:BE:21:BA
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/_oUr7Rhxmgrw_t3mq_4wlq2-Ibo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:af:f5:9c:13:ce:cc:2c:c5:62:18:88:28:2d:5c:52:60:2b:
         7f:62:15:ec:a8:5b:a5:e3:50:d5:3b:41:95:d7:55:f8:7a:36:
         f3:62:ab:bf:d3:4b:78:11:d0:a3:b7:88:16:b0:26:1c:5d:22:
         ea:5a:99:5d:b2:d6:f1:d2:c2:c4:58:a3:f2:9e:0a:45:08:9d:
         f0:ad:0b:74:8a:86:87:65:de:57:a9:d2:58:0d:6a:f1:bb:83:
         3d:6e:b2:fb:b5:2c:a5:93:da:11:7d:02:9d:b6:28:87:23:a2:
         36:75:74:01:ee:a5:68:d1:bc:1c:36:2d:0d:40:6d:ec:28:df:
         92:c8:2a:e5:84:3c:f1:5b:4f:ec:84:90:0e:0f:cd:63:d2:b5:
         50:af:7c:e6:06:9c:26:17:81:18:1d:22:16:27:18:9b:3e:0c:
         3c:8f:c3:e9:9e:6b:45:0f:4d:98:8a:27:79:cd:da:c4:ae:82:
         a0:81:21:4d:0c:17:be:c2:6b:0c:15:71:53:b9:9f:da:6b:c5:
         aa:c1:20:58:0f:2e:43:de:8f:35:0c:f6:da:69:bd:42:9f:50:
         e3:0c:49:d3:4f:ea:7a:e5:af:70:0e:38:cd:e8:b6:5e:46:af:
         f1:4a:77:d6:37:24:53:fa:3b:13:07:8c:4d:59:c9:33:f9:32:
         e0:67:7d:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTMaHFeBLrtANZlDcZWifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTg1MmJlZDE4NzE5YTBhZjBmZWRkZTZhYmZlMzA5NmFkYmUyMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP0EEDOj0mR86klxT2MQYSbC7nMs
Dfle6ymgv5UoKQOQkpfbckQ3lKs6nQryE7ewEOLBjQari/9QEZ/TFHKbAD5XUujR
ZCO9BggETI+UPo75ECqtV26AfYPtI5+DZ/0BgQIxd2vr+/QmsgzHsFbqn0iCv1Z+
lyhVxfcvdI6vck8q6OvB6Z1fe/1t2DAR56M0kf7rhLP7B1ZK7MtpnU4yXvBDtZUR
njAot+vo8ZwuUy19mrbSz+/Br6pSILjIiS5B317yeONnHdVwMuW2l7L4BpYKtqOc
xRmg/DJSxIQxrfPQoA+tWc660Hynmzuz6D5OXGsCepIPqeOnhdIt3gIsMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6FK+0YcZoK8P7d5qv+MJatviG6MB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvX29VcjdSaHhtZ3J3X3QzbXFfNHdscTItSWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXD/IMA0G
CSqGSIb3DQEBCwUAA4IBAQBbr/WcE87MLMViGIgoLVxSYCt/YhXsqFul41DVO0GV
11X4ejbzYqu/00t4EdCjt4gWsCYcXSLqWpldstbx0sLEWKPyngpFCJ3wrQt0ioaH
Zd5XqdJYDWrxu4M9brL7tSylk9oRfQKdtiiHI6I2dXQB7qVo0bwcNi0NQG3sKN+S
yCrlhDzxW0/shJAOD81j0rVQr3zmBpwmF4EYHSIWJxibPgw8j8PpnmtFD02Yiid5
zdrEroKggSFNDBe+wmsMFXFTuZ/aa8WqwSBYDy5D3o81DPbaab1Cn1DjDEnTT+p6
5a9wDjjN6LZeRq/xSnfWNyRT+jsTB4xNWckz+TLgZ31d
-----END CERTIFICATE-----