Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/azgusI2HnXqPwy_7bVvjhGaytYo.roa
File:                     azgusI2HnXqPwy_7bVvjhGaytYo.roa (raw, json)
Hash identifier:          sP85hVjXnMmdCHF3O4vo96k4CQqHbZ2fURElQmiicCM=
Subject key identifier:   6B:38:2E:B0:8D:87:9D:7A:8F:C3:2F:FB:6D:5B:E3:84:66:B2:B5:8A
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DEB5F476C1328D2D15DC1F9A1CFAB
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/azgusI2HnXqPwy_7bVvjhGaytYo.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51219
IP address blocks:        109.73.14.0/24 maxlen: 24
                          81.23.10.0/23 maxlen: 24
                          5.8.180.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:eb:5f:47:6c:13:28:d2:d1:5d:c1:f9:a1:cf:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b382eb08d879d7a8fc32ffb6d5be38466b2b58a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9b:e7:21:73:06:dd:cf:44:47:c8:d4:0c:12:
                    5c:7a:31:48:f0:6f:75:9d:fc:2d:e4:8a:93:9c:cb:
                    de:6f:5c:c7:26:5f:7b:27:a7:6e:ec:af:da:50:f7:
                    0f:f9:21:d2:af:53:e6:1b:ac:ac:91:ef:07:9e:ea:
                    75:05:44:fc:11:62:70:83:c9:b5:73:0f:8a:3d:82:
                    ec:a0:92:0c:14:ba:8b:66:7c:9e:24:b7:3b:83:ae:
                    5f:82:43:b1:b2:70:b3:7d:ab:7e:a4:56:f5:52:ef:
                    f3:ca:43:43:36:03:2c:74:a0:1d:41:86:e2:0b:76:
                    9b:ca:5a:32:de:ed:8f:f5:f0:ef:d5:f2:e7:01:f8:
                    5a:2c:48:00:61:eb:2f:35:40:d1:90:ed:62:f6:eb:
                    59:1b:af:38:38:a7:c8:5b:a8:b8:fe:ed:2e:9a:98:
                    66:dd:5e:98:38:ee:a5:bf:db:f5:82:4f:96:8e:45:
                    72:7c:85:ef:29:1e:c7:50:48:a5:23:cc:2f:32:65:
                    df:e6:25:a6:43:35:19:f3:4e:c3:15:f2:fc:21:a3:
                    31:4c:fc:90:0e:6a:57:65:f9:b3:54:80:85:fa:93:
                    b4:ee:89:e4:8a:6f:1f:b7:05:53:e0:44:9b:7b:09:
                    c6:8e:e4:5d:f9:6b:64:99:45:c7:ef:a0:e4:80:d0:
                    05:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:38:2E:B0:8D:87:9D:7A:8F:C3:2F:FB:6D:5B:E3:84:66:B2:B5:8A
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/azgusI2HnXqPwy_7bVvjhGaytYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.180.0/23
                  81.23.10.0/23
                  109.73.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:0d:87:21:f3:88:ac:5b:9c:27:5e:17:9c:10:67:82:56:ca:
         d7:e5:b4:eb:2e:68:2f:8c:4b:35:70:4a:d4:22:78:31:04:1b:
         b8:cf:e5:76:05:71:6e:d3:da:ca:a7:ec:1c:2e:5b:c0:01:d6:
         21:bc:ff:c0:7e:fa:4c:6b:e3:93:7d:75:75:db:69:c1:24:fe:
         bd:20:c5:2d:87:2b:6c:fb:e7:9f:2a:29:ec:91:2d:4a:6b:06:
         1e:e8:bb:9b:aa:75:95:ed:6c:c9:1f:33:2b:2a:4e:bc:4c:9a:
         43:39:82:6d:b3:b9:04:67:95:e4:0b:43:0d:ca:90:b2:6b:c9:
         79:62:89:59:ea:c2:5f:1e:34:2f:b3:a0:17:d5:97:59:00:a8:
         9a:76:2e:0c:69:58:0f:f9:a6:78:d6:cd:31:c6:e2:15:38:29:
         d2:09:39:66:34:b9:ea:31:6a:50:f1:e2:b1:d6:78:ec:87:90:
         1c:6f:9e:41:4d:f9:36:4c:8b:22:aa:92:1f:3a:80:3b:7d:0e:
         c2:17:f6:e7:78:2d:5a:06:d7:83:6c:3f:27:14:f8:e8:a7:f2:
         46:c2:9f:00:8d:ba:e4:4e:1f:82:29:eb:67:a4:ad:b5:00:32:
         30:66:82:f6:64:a4:e8:7a:0f:b7:ef:bd:1c:c4:90:6d:cf:c5:
         7d:27:fe:6a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbetfR2wTKNLRXcH5oc+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM4MmViMDhkODc5ZDdhOGZjMzJmZmI2ZDViZTM4NDY2YjJiNThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5vnIXMG3c9ER8jUDBJcejFI8G91
nfwt5IqTnMveb1zHJl97J6du7K/aUPcP+SHSr1PmG6yske8Hnup1BUT8EWJwg8m1
cw+KPYLsoJIMFLqLZnyeJLc7g65fgkOxsnCzfat+pFb1Uu/zykNDNgMsdKAdQYbi
C3abyloy3u2P9fDv1fLnAfhaLEgAYesvNUDRkO1i9utZG684OKfIW6i4/u0umphm
3V6YOO6lv9v1gk+WjkVyfIXvKR7HUEilI8wvMmXf5iWmQzUZ807DFfL8IaMxTPyQ
DmpXZfmzVICF+pO07onkim8ftwVT4ESbewnGjuRd+WtkmUXH76DkgNAFwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGs4LrCNh516j8Mv+21b44RmsrWKMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvYXpndXNJMkhuWHFQd3lfN2JWdmpoR2F5dFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBBQi0AwQB
URcKAwQAbUkOMA0GCSqGSIb3DQEBCwUAA4IBAQCjDYch84isW5wnXhecEGeCVsrX
5bTrLmgvjEs1cErUIngxBBu4z+V2BXFu09rKp+wcLlvAAdYhvP/AfvpMa+OTfXV1
22nBJP69IMUthyts++efKinskS1KawYe6LubqnWV7WzJHzMrKk68TJpDOYJts7kE
Z5XkC0MNypCya8l5YolZ6sJfHjQvs6AX1ZdZAKiadi4MaVgP+aZ41s0xxuIVOCnS
CTlmNLnqMWpQ8eKx1njsh5Acb55BTfk2TIsiqpIfOoA7fQ7CF/bneC1aBteDbD8n
FPjop/JGwp8AjbrkTh+CKetnpK21ADIwZoL2ZKToeg+3770cxJBtz8V9J/5q
-----END CERTIFICATE-----