Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kGSg1jYcqYi2riubELWqtndyGg8.roa
File:                     kGSg1jYcqYi2riubELWqtndyGg8.roa (raw, json)
Hash identifier:          vbikms9I6Lh+wstXHzvIBvR7Px8izN40vzI5Z12kklM=
Subject key identifier:   90:64:A0:D6:36:1C:A9:88:B6:AE:2B:9B:10:B5:AA:B6:77:72:1A:0F
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DE5326DAAADAFB77B3698CDC4BF01
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kGSg1jYcqYi2riubELWqtndyGg8.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33908
IP address blocks:        82.140.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e5:32:6d:aa:ad:af:b7:7b:36:98:cd:c4:bf:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9064a0d6361ca988b6ae2b9b10b5aab677721a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:01:7c:59:87:70:df:17:a0:e4:ce:50:1e:23:
                    22:24:2d:7c:4d:74:a6:c3:cc:c6:08:61:b6:93:fe:
                    88:00:49:db:70:4e:c8:a5:67:16:f6:fb:27:55:13:
                    ec:ca:7e:c8:b9:49:fc:be:cf:a9:47:3d:27:b3:6c:
                    58:c1:09:2d:84:00:54:17:25:2a:ae:20:d0:fe:09:
                    5e:97:8a:0b:85:bf:ac:95:2a:e9:48:70:01:37:63:
                    b7:bc:11:b1:6d:48:d1:4a:cb:b7:5d:96:02:c9:f8:
                    9f:50:d1:ba:27:34:73:bd:47:0f:66:5f:83:50:af:
                    17:01:b9:21:d7:87:59:2c:d9:61:7d:b6:97:b8:1a:
                    db:63:d4:d8:32:b3:fd:d2:dd:fb:a0:ee:04:46:a3:
                    a6:a6:f5:50:c0:37:8d:61:65:14:a5:19:34:7f:80:
                    90:5a:87:8e:fa:c4:7e:8b:20:78:b2:ef:52:cf:1d:
                    bb:1b:59:1e:30:f3:34:48:d1:34:0f:02:6b:d8:fa:
                    09:f5:8b:bf:a9:ec:d0:a9:d7:5f:1f:93:57:9b:5d:
                    9e:0e:73:7f:1c:fc:3c:24:45:6d:c0:11:96:58:c2:
                    50:d4:72:a4:18:10:3f:1f:6d:56:21:1c:01:cf:d8:
                    24:d9:74:7e:71:82:fd:a1:c7:1c:e2:5c:0c:0a:b8:
                    03:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:64:A0:D6:36:1C:A9:88:B6:AE:2B:9B:10:B5:AA:B6:77:72:1A:0F
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/kGSg1jYcqYi2riubELWqtndyGg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.140.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:9e:82:85:ba:81:43:ce:78:43:b5:2b:cc:f0:47:e0:e8:87:
         6c:a6:06:16:11:db:79:c8:a1:47:3a:01:9a:c9:eb:6d:e1:f3:
         95:28:45:f1:cc:2a:f2:ff:27:96:dc:57:71:cb:76:da:a6:c6:
         b1:ee:e6:05:e9:d1:7e:a1:5e:3a:12:54:24:f8:9d:0a:23:bd:
         dc:04:95:cc:44:db:e5:d0:a6:14:25:19:41:d5:60:fc:e2:66:
         67:8b:0f:c4:4a:f6:12:50:b7:ef:ba:6e:6e:28:d5:d5:2c:87:
         11:95:29:c2:03:6a:83:95:59:57:5f:d7:60:e1:c2:f9:ba:82:
         7b:bc:a9:78:76:29:f4:29:b2:4a:8a:08:3d:5d:5f:81:97:65:
         3d:2b:79:fc:4b:8e:c0:3a:33:03:66:a3:bd:26:d6:76:ae:07:
         c9:de:b3:94:27:46:93:50:d5:9b:c0:76:be:cb:79:7c:95:0c:
         20:23:24:15:d3:6a:bc:44:ee:f2:12:ea:c9:d1:62:48:ba:cf:
         01:4b:ef:6e:03:4e:ed:f4:2c:23:85:67:00:9b:46:31:7d:19:
         00:37:3d:3e:87:2d:41:0f:0f:66:e0:f6:22:07:51:f7:f3:cb:
         ae:87:b3:b1:1e:f2:c6:f2:c7:f3:7d:fc:06:74:12:23:1c:38:
         ef:c0:af:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeUybaqtr7d7NpjNxL8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDY0YTBkNjM2MWNhOTg4YjZhZTJiOWIxMGI1YWFiNjc3NzIxYTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggF8WYdw3xeg5M5QHiMiJC18TXSm
w8zGCGG2k/6IAEnbcE7IpWcW9vsnVRPsyn7IuUn8vs+pRz0ns2xYwQkthABUFyUq
riDQ/glel4oLhb+slSrpSHABN2O3vBGxbUjRSsu3XZYCyfifUNG6JzRzvUcPZl+D
UK8XAbkh14dZLNlhfbaXuBrbY9TYMrP90t37oO4ERqOmpvVQwDeNYWUUpRk0f4CQ
WoeO+sR+iyB4su9Szx27G1keMPM0SNE0DwJr2PoJ9Yu/qezQqddfH5NXm12eDnN/
HPw8JEVtwBGWWMJQ1HKkGBA/H21WIRwBz9gk2XR+cYL9occc4lwMCrgD0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBkoNY2HKmItq4rmxC1qrZ3choPMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEva0dTZzFqWWNxWWkycml1YkVMV3F0bmR5R2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUoxOMA0G
CSqGSIb3DQEBCwUAA4IBAQA2noKFuoFDznhDtSvM8Efg6IdspgYWEdt5yKFHOgGa
yett4fOVKEXxzCry/yeW3Fdxy3bapsax7uYF6dF+oV46ElQk+J0KI73cBJXMRNvl
0KYUJRlB1WD84mZniw/ESvYSULfvum5uKNXVLIcRlSnCA2qDlVlXX9dg4cL5uoJ7
vKl4din0KbJKigg9XV+Bl2U9K3n8S47AOjMDZqO9JtZ2rgfJ3rOUJ0aTUNWbwHa+
y3l8lQwgIyQV02q8RO7yEurJ0WJIus8BS+9uA07t9CwjhWcAm0YxfRkANz0+hy1B
Dw9m4PYiB1H388uuh7OxHvLG8sfzffwGdBIjHDjvwK+l
-----END CERTIFICATE-----