Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/fj22D9VTxxDBD9Xd1SrDQtwRzLM.roa
File:                     fj22D9VTxxDBD9Xd1SrDQtwRzLM.roa (raw, json)
Hash identifier:          zpiOk5FqZHxW7SI1f8pbOuVhTeDsBAAuQUuo5wrACH8=
Subject key identifier:   7E:3D:B6:0F:D5:53:C7:10:C1:0F:D5:DD:D5:2A:C3:42:DC:11:CC:B3
Certificate issuer:       /CN=a65fbcb4ea308a98b09397625e63866383c16dd0
Certificate serial:       018CC727279D751E910548EFDE3C2B74E89B
Authority key identifier: A6:5F:BC:B4:EA:30:8A:98:B0:93:97:62:5E:63:86:63:83:C1:6D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl-8tOowipiwk5diXmOGY4PBbdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/fj22D9VTxxDBD9Xd1SrDQtwRzLM.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        85.92.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/pl-8tOowipiwk5diXmOGY4PBbdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/pl-8tOowipiwk5diXmOGY4PBbdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pl-8tOowipiwk5diXmOGY4PBbdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:27:9d:75:1e:91:05:48:ef:de:3c:2b:74:e8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65fbcb4ea308a98b09397625e63866383c16dd0
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e3db60fd553c710c10fd5ddd52ac342dc11ccb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:57:90:78:20:d5:18:77:95:d6:5b:21:be:fd:
                    06:50:f7:d9:d4:0e:fb:2f:06:22:87:1c:b9:4c:dc:
                    c9:4f:b8:fb:df:8e:2c:43:66:dd:45:1e:86:be:bb:
                    74:0b:c8:b7:09:dc:8b:e3:ef:15:f1:8a:ae:27:9d:
                    f8:88:73:26:f6:c1:7b:c4:26:f1:33:52:38:c7:23:
                    05:2a:f1:bf:1f:be:d5:49:e6:19:85:b5:3b:5f:7b:
                    d8:93:db:a3:95:53:b1:d5:1c:a3:a7:4e:d8:c8:c3:
                    2d:ad:c1:b6:f7:43:69:83:87:5c:65:3c:0f:a5:05:
                    c4:12:af:d0:8c:56:fb:11:78:f4:74:19:a4:e9:63:
                    e3:58:c6:9f:ea:54:78:3c:75:8c:df:49:b0:e2:26:
                    5d:32:e1:18:8b:9b:26:d3:54:f1:75:08:35:9e:bd:
                    b4:47:ae:5d:31:02:73:b8:64:f6:43:71:25:35:67:
                    3a:81:aa:63:eb:7c:b1:8b:61:67:b5:0b:5d:74:28:
                    83:6f:2d:3d:f1:4b:75:e0:80:38:b4:e2:a7:ba:12:
                    3e:83:a2:9a:d4:d9:d8:44:2a:d8:6d:07:ed:4f:31:
                    f6:86:cf:42:09:23:41:a3:fb:fc:91:5a:1a:8b:f7:
                    93:5f:c4:74:18:24:c4:8d:be:d0:42:c4:bd:f4:d8:
                    17:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3D:B6:0F:D5:53:C7:10:C1:0F:D5:DD:D5:2A:C3:42:DC:11:CC:B3
            X509v3 Authority Key Identifier:
                keyid:A6:5F:BC:B4:EA:30:8A:98:B0:93:97:62:5E:63:86:63:83:C1:6D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl-8tOowipiwk5diXmOGY4PBbdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/fj22D9VTxxDBD9Xd1SrDQtwRzLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/f7231d-c561-4aa2-b80e-62d42fe6fd3c/1/pl-8tOowipiwk5diXmOGY4PBbdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.92.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ed:65:e0:d3:c1:d3:81:c7:0d:84:cf:9e:0e:1e:26:1b:06:
         ca:de:aa:71:52:90:58:01:ce:21:1a:d4:cd:3a:58:aa:12:98:
         4d:10:7b:02:85:eb:79:4c:16:6b:5d:c5:c9:a3:c0:d6:ff:2b:
         2f:6b:5d:49:a1:09:9e:c1:75:99:e0:76:4a:06:61:c0:d9:73:
         80:db:30:62:bc:ba:10:29:71:29:f9:b9:36:1f:1d:8c:ef:eb:
         77:05:c0:b6:ba:4f:8a:34:e9:6e:7f:62:29:6d:1f:3c:09:06:
         91:5d:a7:b9:c9:d2:1a:e5:8c:57:e2:45:4e:e1:1e:29:e1:2b:
         4f:42:5d:f5:ac:76:fd:03:20:34:00:98:d8:17:e7:d0:e4:8e:
         6e:e0:1e:89:2e:6a:ae:e2:ac:40:62:6c:ff:b1:a3:7b:3c:f2:
         dc:ee:7c:c5:c1:60:5a:d2:40:1e:b9:d0:cb:74:ee:2c:eb:67:
         c9:b0:64:d9:fc:c7:eb:bb:d2:07:41:91:15:a6:2c:2c:78:30:
         af:68:22:1f:41:6d:d4:d2:f2:c9:d1:57:23:ef:1f:54:54:c2:
         16:83:9c:2d:9b:08:59:09:72:56:6b:55:5f:13:a9:f4:71:30:
         3e:b0:a1:5c:e7:56:82:9f:d1:cc:4d:f6:06:90:fd:08:79:80:
         31:bb:e6:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyeddR6RBUjv3jwrdOibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NWZiY2I0ZWEzMDhhOThiMDkzOTc2MjVlNjM4NjYzODNj
MTZkZDAwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTNkYjYwZmQ1NTNjNzEwYzEwZmQ1ZGRkNTJhYzM0MmRjMTFjY2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmleQeCDVGHeV1lshvv0GUPfZ1A77
LwYihxy5TNzJT7j7344sQ2bdRR6Gvrt0C8i3CdyL4+8V8YquJ534iHMm9sF7xCbx
M1I4xyMFKvG/H77VSeYZhbU7X3vYk9ujlVOx1Ryjp07YyMMtrcG290Npg4dcZTwP
pQXEEq/QjFb7EXj0dBmk6WPjWMaf6lR4PHWM30mw4iZdMuEYi5sm01TxdQg1nr20
R65dMQJzuGT2Q3ElNWc6gapj63yxi2FntQtddCiDby098Ut14IA4tOKnuhI+g6Ka
1NnYRCrYbQftTzH2hs9CCSNBo/v8kVoai/eTX8R0GCTEjb7QQsS99NgX+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH49tg/VU8cQwQ/V3dUqw0LcEcyzMB8GA1UdIwQY
MBaAFKZfvLTqMIqYsJOXYl5jhmODwW3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGwtOHRPb3dpcGl3azVkaVhtT0dZNFBCYmRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mNzIzMWQtYzU2MS00YWEyLWI4MGUt
NjJkNDJmZTZmZDNjLzEvZmoyMkQ5VlR4eERCRDlYZDFTckRRdHdSekxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mNzIzMWQtYzU2MS00YWEyLWI4MGUtNjJkNDJmZTZmZDNj
LzEvcGwtOHRPb3dpcGl3azVkaVhtT0dZNFBCYmRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVVxlMA0G
CSqGSIb3DQEBCwUAA4IBAQBR7WXg08HTgccNhM+eDh4mGwbK3qpxUpBYAc4hGtTN
OliqEphNEHsChet5TBZrXcXJo8DW/ysva11JoQmewXWZ4HZKBmHA2XOA2zBivLoQ
KXEp+bk2Hx2M7+t3BcC2uk+KNOluf2IpbR88CQaRXae5ydIa5YxX4kVO4R4p4StP
Ql31rHb9AyA0AJjYF+fQ5I5u4B6JLmqu4qxAYmz/saN7PPLc7nzFwWBa0kAeudDL
dO4s62fJsGTZ/Mfru9IHQZEVpiwseDCvaCIfQW3U0vLJ0Vcj7x9UVMIWg5wtmwhZ
CXJWa1VfE6n0cTA+sKFc51aCn9HMTfYGkP0IeYAxu+aH
-----END CERTIFICATE-----