Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mUwDwJsvKBgLUKBHUtZvCEJ6gXo.roa
File:                     mUwDwJsvKBgLUKBHUtZvCEJ6gXo.roa (raw, json)
Hash identifier:          UEni6LtJoFTOCuWs+Ge2A5d0+k2hTUu5rul9vkXJrp0=
Subject key identifier:   99:4C:03:C0:9B:2F:28:18:0B:50:A0:47:52:D6:6F:08:42:7A:81:7A
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF4D5EBF38F3FAFFA5892EA926DEC
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mUwDwJsvKBgLUKBHUtZvCEJ6gXo.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211076
IP address blocks:        185.196.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:d5:eb:f3:8f:3f:af:fa:58:92:ea:92:6d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=994c03c09b2f28180b50a04752d66f08427a817a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:33:86:c7:8b:57:17:c8:77:96:17:02:9c:cf:
                    af:79:3c:06:41:2a:fd:1a:62:3a:ea:8b:59:7b:74:
                    e1:7a:1a:8f:92:8c:8b:58:82:b1:71:e6:70:b3:e6:
                    88:73:33:53:61:d9:be:7e:0e:37:1d:58:19:2d:32:
                    da:7d:65:cc:bb:11:a7:fc:58:27:e3:5b:f1:b8:55:
                    31:25:bc:a3:8a:77:64:fc:2b:a5:18:b5:20:6c:a8:
                    b9:5b:98:d6:da:c6:8c:25:01:90:d1:f2:fd:35:00:
                    e6:02:80:86:1d:88:d1:a9:88:f9:e9:98:e2:f0:b0:
                    c9:c7:b2:b9:85:da:f0:bc:59:23:1d:cb:ff:21:55:
                    63:c3:00:45:8d:65:a5:b8:a9:66:31:74:ff:fd:11:
                    e8:b2:9b:3d:3d:03:f8:3a:55:9f:33:a6:54:34:37:
                    32:53:c2:c6:21:02:ff:79:aa:31:52:88:6a:77:e7:
                    f7:19:72:93:3a:0d:7f:62:05:de:24:61:77:8c:f0:
                    9b:2a:23:8b:6c:42:cd:13:24:90:1d:ee:5c:a6:32:
                    9f:cd:22:ca:15:b6:84:70:93:d1:2e:6e:06:f7:34:
                    80:09:ec:39:33:00:4f:14:34:c0:2b:c6:65:0a:3e:
                    fd:5a:94:98:93:50:00:b9:86:0a:7f:d2:cf:3d:d2:
                    13:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4C:03:C0:9B:2F:28:18:0B:50:A0:47:52:D6:6F:08:42:7A:81:7A
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/mUwDwJsvKBgLUKBHUtZvCEJ6gXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:78:6f:0c:a2:15:06:fd:43:5d:a0:ce:07:09:60:45:e5:80:
         b6:be:7b:6d:75:6d:e1:1f:13:b6:d6:a3:b8:7a:8c:9e:2d:08:
         4f:d5:a1:49:90:47:89:52:18:a8:b9:04:f1:f2:cc:b4:ec:83:
         c1:34:c2:3c:fe:c9:ba:e7:df:7f:e5:ec:1d:33:dc:34:88:fc:
         ec:c0:b2:81:c6:8a:cb:88:7d:61:39:08:ac:a2:20:7e:3a:d3:
         ea:ce:71:6a:18:61:85:2d:6e:f0:33:b7:a2:e8:45:4f:ff:3d:
         a6:bd:25:34:e7:11:7b:65:26:da:90:d5:05:b1:a3:7d:43:a3:
         47:ae:28:7c:3b:a7:d7:4f:36:4a:67:8d:8a:68:65:4d:d3:cc:
         e5:d4:ab:a4:2d:eb:41:80:74:66:c2:59:b6:67:11:13:b8:19:
         f2:ad:07:09:66:33:72:8e:f7:df:02:f7:a7:44:7b:cc:c6:93:
         1b:b4:87:4c:12:a8:8a:68:ad:3e:14:d8:e5:ef:cf:84:84:ea:
         30:24:98:cc:06:b4:43:3e:e7:54:11:b7:0b:18:2e:5c:2b:b5:
         d2:a8:93:74:64:8c:9f:dc:0c:ac:ea:fe:84:1a:b8:c4:1d:23:
         55:15:2d:7b:87:37:27:ab:14:50:a4:96:c7:bb:8a:70:b1:ac:
         49:df:56:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfTV6/OPP6/6WJLqkm3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTRjMDNjMDliMmYyODE4MGI1MGEwNDc1MmQ2NmYwODQyN2E4MTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjOGx4tXF8h3lhcCnM+veTwGQSr9
GmI66otZe3ThehqPkoyLWIKxceZws+aIczNTYdm+fg43HVgZLTLafWXMuxGn/Fgn
41vxuFUxJbyjindk/CulGLUgbKi5W5jW2saMJQGQ0fL9NQDmAoCGHYjRqYj56Zji
8LDJx7K5hdrwvFkjHcv/IVVjwwBFjWWluKlmMXT//RHosps9PQP4OlWfM6ZUNDcy
U8LGIQL/eaoxUohqd+f3GXKTOg1/YgXeJGF3jPCbKiOLbELNEySQHe5cpjKfzSLK
FbaEcJPRLm4G9zSACew5MwBPFDTAK8ZlCj79WpSYk1AAuYYKf9LPPdIT8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlMA8CbLygYC1CgR1LWbwhCeoF6MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvbVV3RHdKc3ZLQmdMVUtCSFV0WnZDRUo2Z1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucT1MA0G
CSqGSIb3DQEBCwUAA4IBAQA3eG8MohUG/UNdoM4HCWBF5YC2vnttdW3hHxO21qO4
eoyeLQhP1aFJkEeJUhiouQTx8sy07IPBNMI8/sm6599/5ewdM9w0iPzswLKBxorL
iH1hOQisoiB+OtPqznFqGGGFLW7wM7ei6EVP/z2mvSU05xF7ZSbakNUFsaN9Q6NH
rih8O6fXTzZKZ42KaGVN08zl1KukLetBgHRmwlm2ZxETuBnyrQcJZjNyjvffAven
RHvMxpMbtIdMEqiKaK0+FNjl78+EhOowJJjMBrRDPudUEbcLGC5cK7XSqJN0ZIyf
3Ays6v6EGrjEHSNVFS17hzcnqxRQpJbHu4pwsaxJ31Y4
-----END CERTIFICATE-----