Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/dL0XWuMWe_2-McofnGQYe3IpEEY.roa
File:                     dL0XWuMWe_2-McofnGQYe3IpEEY.roa (raw, json)
Hash identifier:          qG37sZz9RReQrTdvUDPZTM4LSjg11839PWfzjmfw/Cg=
Subject key identifier:   74:BD:17:5A:E3:16:7B:FD:BE:31:CA:1F:9C:64:18:7B:72:29:10:46
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018CC94CC802C82AA24FE9DE7889877863B9
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/dL0XWuMWe_2-McofnGQYe3IpEEY.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202984
IP address blocks:        92.63.203.0/24 maxlen: 24
                          185.176.25.0/24 maxlen: 24
                          92.63.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c8:02:c8:2a:a2:4f:e9:de:78:89:87:78:63:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74bd175ae3167bfdbe31ca1f9c64187b72291046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d9:9f:aa:a8:e2:18:83:49:35:07:f3:77:7b:
                    a9:ec:c2:84:5b:05:01:44:c9:95:34:dc:92:da:06:
                    66:da:8e:22:80:07:d2:05:09:55:2e:da:7e:3e:4e:
                    98:3a:b2:1d:e6:51:14:63:e2:5f:d6:b9:9f:5d:1f:
                    f7:a2:ca:6d:d8:26:83:21:e9:b1:f4:a9:f5:c9:a0:
                    9d:91:df:90:f8:e7:5f:67:70:bb:d5:1b:e3:96:09:
                    98:91:62:ad:fe:f6:5d:68:4e:e0:00:b9:31:d8:f1:
                    59:d8:7a:2b:4f:01:f3:e1:a9:99:89:08:82:6c:ad:
                    c8:55:ac:83:eb:09:df:0e:f4:ed:5f:99:51:ce:23:
                    4e:56:5a:56:33:69:e3:91:0e:46:e2:4a:aa:41:1e:
                    8f:c1:fc:8a:0d:c4:6d:6d:05:0a:1c:93:d0:bc:0c:
                    cd:66:eb:25:c0:ad:6e:51:cb:c7:73:17:22:ee:8c:
                    a7:ca:7d:02:fe:ac:e6:9f:29:be:9c:e8:09:bf:1d:
                    d4:6e:b9:de:16:d5:3c:74:16:1c:96:a9:a7:da:f2:
                    83:b9:ef:a9:6b:86:a5:99:fe:25:bf:a4:d0:61:a6:
                    0a:9e:18:ec:f5:84:37:65:fb:80:9d:cd:c5:fd:27:
                    50:36:20:ae:c4:82:25:74:73:4e:b2:82:99:1d:99:
                    e4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:BD:17:5A:E3:16:7B:FD:BE:31:CA:1F:9C:64:18:7B:72:29:10:46
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/dL0XWuMWe_2-McofnGQYe3IpEEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.199.0/24
                  92.63.203.0/24
                  185.176.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f6:28:bd:10:a4:d2:81:58:cb:71:d8:6d:f0:51:a9:9b:d8:
         9c:f8:a4:64:33:22:eb:16:8b:a4:73:51:c4:28:1c:ae:a6:ab:
         9b:5b:51:ab:a9:b4:13:e8:3c:c8:62:de:1a:6b:75:ff:7c:0c:
         1e:b7:18:a4:e4:de:ca:96:c6:94:0e:3e:82:5e:50:33:6c:7b:
         14:e2:f5:7f:4f:ba:f3:45:05:09:dc:14:63:ee:68:96:4f:54:
         e5:f5:93:b7:cf:cb:9e:0b:fb:2d:87:fa:9c:88:07:0a:a0:17:
         9a:2d:2d:14:33:9c:3d:7d:06:fb:d9:a3:1e:17:a2:f7:cb:84:
         02:b1:41:e3:27:1a:84:25:43:d0:c6:07:db:b9:21:b2:61:f6:
         4a:6f:93:59:eb:e0:ff:22:75:7e:b1:2c:35:9d:4c:0d:b0:67:
         22:55:2d:83:d5:a3:7c:6a:cf:fd:bb:9c:20:90:74:4a:d9:1b:
         a1:33:2c:e8:50:8f:f5:b6:61:28:46:5c:a9:5f:43:ab:78:bf:
         06:bf:39:0a:fd:fd:59:55:07:83:47:e3:c3:0a:a3:ac:c7:23:
         53:f8:48:04:6c:b2:61:6e:af:4c:b9:3c:85:73:0f:e0:21:c8:
         06:24:93:1a:92:e0:73:46:76:90:ff:45:f5:4f:ae:72:55:12:
         94:4b:a5:53
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTMgCyCqiT+neeImHeGO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGJkMTc1YWUzMTY3YmZkYmUzMWNhMWY5YzY0MTg3YjcyMjkxMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdmfqqjiGINJNQfzd3up7MKEWwUB
RMmVNNyS2gZm2o4igAfSBQlVLtp+Pk6YOrId5lEUY+Jf1rmfXR/3ospt2CaDIemx
9Kn1yaCdkd+Q+OdfZ3C71RvjlgmYkWKt/vZdaE7gALkx2PFZ2HorTwHz4amZiQiC
bK3IVayD6wnfDvTtX5lRziNOVlpWM2njkQ5G4kqqQR6PwfyKDcRtbQUKHJPQvAzN
ZuslwK1uUcvHcxci7oynyn0C/qzmnym+nOgJvx3UbrneFtU8dBYclqmn2vKDue+p
a4almf4lv6TQYaYKnhjs9YQ3ZfuAnc3F/SdQNiCuxIIldHNOsoKZHZnkKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHS9F1rjFnv9vjHKH5xkGHtyKRBGMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvZEwwWFd1TVdlXzItTWNvZm5HUVllM0lwRUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXD/HAwQA
XD/LAwQAubAZMA0GCSqGSIb3DQEBCwUAA4IBAQAh9ii9EKTSgVjLcdht8FGpm9ic
+KRkMyLrFoukc1HEKByupqubW1GrqbQT6DzIYt4aa3X/fAwetxik5N7KlsaUDj6C
XlAzbHsU4vV/T7rzRQUJ3BRj7miWT1Tl9ZO3z8ueC/sth/qciAcKoBeaLS0UM5w9
fQb72aMeF6L3y4QCsUHjJxqEJUPQxgfbuSGyYfZKb5NZ6+D/InV+sSw1nUwNsGci
VS2D1aN8as/9u5wgkHRK2RuhMyzoUI/1tmEoRlypX0OreL8GvzkK/f1ZVQeDR+PD
CqOsxyNT+EgEbLJhbq9MuTyFcw/gIcgGJJMakuBzRnaQ/0X1T65yVRKUS6VT
-----END CERTIFICATE-----