Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/jXfBMxCXbwAjsUgukQZWYCX3TMw.roa
File:                     jXfBMxCXbwAjsUgukQZWYCX3TMw.roa (raw, json)
Hash identifier:          W2FIrVLit4XEsoXrGkqx/hdfBvdxL3Nx9Wyy6C6q2sk=
Subject key identifier:   8D:77:C1:33:10:97:6F:00:23:B1:48:2E:91:06:56:60:25:F7:4C:CC
Certificate issuer:       /CN=92f7d213fa13708e3200184ff1bc391577cc252f
Certificate serial:       0192046608BFC896C9CDB7E8C96E92DA9DBC
Authority key identifier: 92:F7:D2:13:FA:13:70:8E:32:00:18:4F:F1:BC:39:15:77:CC:25:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/jXfBMxCXbwAjsUgukQZWYCX3TMw.roa
Signing time:             Wed 18 Sep 2024 09:10:48 +0000
ROA not before:           Wed 18 Sep 2024 09:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201207
IP address blocks:        185.47.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 18:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:04:66:08:bf:c8:96:c9:cd:b7:e8:c9:6e:92:da:9d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f7d213fa13708e3200184ff1bc391577cc252f
        Validity
            Not Before: Sep 18 09:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d77c13310976f0023b1482e9106566025f74ccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:24:29:5a:d2:65:59:89:00:26:b2:1a:0a:d7:
                    d7:f4:8e:28:1b:39:b1:32:4e:8d:3d:f7:f0:97:9b:
                    f3:c4:65:31:dd:18:10:cd:6f:13:2b:0a:73:b7:dd:
                    db:fe:5f:30:94:e7:df:d0:4b:34:81:91:2a:d7:1f:
                    2b:e2:af:41:9a:6f:7e:e7:c2:35:ba:6c:f5:28:70:
                    28:ab:52:03:b2:5d:09:1b:e2:67:8b:b0:df:38:b8:
                    fc:0c:fa:84:ea:47:18:36:c2:c4:8e:c8:30:87:b5:
                    2f:27:f7:97:04:4f:b4:ce:96:8e:93:33:1d:83:fd:
                    59:c1:e9:39:ec:68:b5:7e:7b:34:f9:0b:8b:92:4a:
                    17:08:62:d3:99:ca:78:02:02:2f:ad:e6:39:3e:dd:
                    fe:a6:76:3f:74:b5:95:52:da:3c:94:f9:52:31:5e:
                    75:d1:e9:13:07:0d:28:1c:74:a5:cf:83:8f:cc:bb:
                    d7:af:40:8c:5c:6f:88:ce:f2:a1:c1:9f:19:a8:0f:
                    cb:d7:a4:52:3a:be:5a:47:4c:63:ea:5a:ae:db:e3:
                    69:64:c7:a5:46:07:b5:f0:2c:20:53:61:59:09:89:
                    c0:b2:83:32:a7:22:bc:11:e6:6f:0e:0b:7f:c7:01:
                    df:3f:c2:d8:3e:9a:ba:cc:5c:bf:fc:0a:15:2b:b4:
                    c0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:77:C1:33:10:97:6F:00:23:B1:48:2E:91:06:56:60:25:F7:4C:CC
            X509v3 Authority Key Identifier:
                keyid:92:F7:D2:13:FA:13:70:8E:32:00:18:4F:F1:BC:39:15:77:CC:25:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/jXfBMxCXbwAjsUgukQZWYCX3TMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:90:99:e7:0d:9b:de:54:52:16:73:50:26:e3:9a:07:96:ba:
         68:63:8b:04:4e:52:eb:b5:b6:85:31:0f:b5:5f:95:b0:6c:1e:
         23:d2:f5:ec:18:0e:e0:c4:9b:8a:8a:eb:74:ef:31:c7:df:1a:
         d1:4a:4b:90:78:b0:d1:52:e3:ab:11:12:3f:27:2a:05:eb:2a:
         5c:1f:e8:37:15:fe:2c:1e:e8:88:34:87:19:6a:33:f1:af:2d:
         39:e6:61:b8:87:65:4a:cf:5f:1c:24:66:4b:99:92:e0:09:ad:
         26:8c:74:2a:bb:87:51:58:9b:e5:e6:49:2c:c1:f5:1e:f0:51:
         fa:be:a8:fc:3e:da:df:ae:13:2e:43:49:c1:dc:74:17:82:a9:
         16:e1:22:93:90:bb:be:9e:6f:c7:0f:39:c4:6e:3c:f5:f8:d8:
         26:ea:b7:3c:31:c7:da:14:93:a7:6b:a9:5c:06:e1:3b:49:a5:
         83:25:07:53:20:3a:d1:d6:60:7d:84:69:af:b2:6b:85:63:f2:
         71:6f:78:81:78:b0:69:1e:93:2e:b5:5e:40:3d:8d:30:1d:bb:
         8a:4c:b2:fd:65:5b:7d:8a:b2:0f:ed:d5:d5:36:c2:fe:bc:6d:
         9b:2e:b3:55:80:46:7e:83:d5:ac:46:2c:d8:b2:36:f5:f4:d9:
         22:4f:4b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIEZgi/yJbJzbfoyW6S2p28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZjdkMjEzZmExMzcwOGUzMjAwMTg0ZmYxYmMzOTE1Nzdj
YzI1MmYwHhcNMjQwOTE4MDkxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDc3YzEzMzEwOTc2ZjAwMjNiMTQ4MmU5MTA2NTY2MDI1Zjc0Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyQpWtJlWYkAJrIaCtfX9I4oGzmx
Mk6NPffwl5vzxGUx3RgQzW8TKwpzt93b/l8wlOff0Es0gZEq1x8r4q9Bmm9+58I1
umz1KHAoq1IDsl0JG+Jni7DfOLj8DPqE6kcYNsLEjsgwh7UvJ/eXBE+0zpaOkzMd
g/1Zwek57Gi1fns0+QuLkkoXCGLTmcp4AgIvreY5Pt3+pnY/dLWVUto8lPlSMV51
0ekTBw0oHHSlz4OPzLvXr0CMXG+IzvKhwZ8ZqA/L16RSOr5aR0xj6lqu2+NpZMel
Rge18CwgU2FZCYnAsoMypyK8EeZvDgt/xwHfP8LYPpq6zFy//AoVK7TAEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI13wTMQl28AI7FILpEGVmAl90zMMB8GA1UdIwQY
MBaAFJL30hP6E3COMgAYT/G8ORV3zCUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ZmU0Vfb1RjSTR5QUJoUDhidzVGWGZNSlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80ODIxMDEtYWM5NC00ZjBiLTkzMDkt
M2UxOGVlNmI0YTVhLzEvalhmQk14Q1hid0Fqc1VndWtRWldZQ1gzVE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80ODIxMDEtYWM5NC00ZjBiLTkzMDktM2UxOGVlNmI0YTVh
LzEva3ZmU0Vfb1RjSTR5QUJoUDhidzVGWGZNSlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS+kMA0G
CSqGSIb3DQEBCwUAA4IBAQBSkJnnDZveVFIWc1Am45oHlrpoY4sETlLrtbaFMQ+1
X5WwbB4j0vXsGA7gxJuKiut07zHH3xrRSkuQeLDRUuOrERI/JyoF6ypcH+g3Ff4s
HuiINIcZajPxry055mG4h2VKz18cJGZLmZLgCa0mjHQqu4dRWJvl5kkswfUe8FH6
vqj8PtrfrhMuQ0nB3HQXgqkW4SKTkLu+nm/HDznEbjz1+Ngm6rc8McfaFJOna6lc
BuE7SaWDJQdTIDrR1mB9hGmvsmuFY/Jxb3iBeLBpHpMutV5APY0wHbuKTLL9ZVt9
irIP7dXVNsL+vG2bLrNVgEZ+g9WsRizYsjb19NkiT0uO
-----END CERTIFICATE-----