Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/pSj7D-w0ejdDBYb8mdqzwJ61jkA.roa
File:                     pSj7D-w0ejdDBYb8mdqzwJ61jkA.roa (raw, json)
Hash identifier:          6+Zzm3mM7b6GgHOydR/utYaZ1gBlSJqqp8bip4XVBOc=
Subject key identifier:   A5:28:FB:0F:EC:34:7A:37:43:05:86:FC:99:DA:B3:C0:9E:B5:8E:40
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF485EAFB9A9FD0EC23758999E3ED
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/pSj7D-w0ejdDBYb8mdqzwJ61jkA.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209456
IP address blocks:        185.22.25.0/24 maxlen: 24
                          2a02:330:9::/48 maxlen: 48
                          2a02:330:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:85:ea:fb:9a:9f:d0:ec:23:75:89:99:e3:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a528fb0fec347a37430586fc99dab3c09eb58e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6c:ab:c3:20:d6:2f:35:17:a5:23:57:94:18:
                    6b:f9:78:f2:40:59:a9:52:4d:d1:3d:bd:d4:f8:3f:
                    ab:09:f9:07:a2:53:f8:12:ac:56:66:78:3e:17:e4:
                    6e:fa:55:38:03:bb:f3:f6:dd:6b:b2:1d:40:6d:ec:
                    82:a3:32:84:8c:2d:f9:94:f0:70:43:78:2f:a0:78:
                    c9:ae:83:12:cf:0f:fa:a3:1f:5a:12:3d:de:14:a9:
                    74:b3:ed:01:95:80:0a:6d:92:a4:fb:6a:89:dc:ec:
                    8b:d3:12:0e:3d:a7:2a:fd:45:45:f6:14:de:99:e2:
                    50:6e:d4:87:2e:2f:bd:cc:84:ca:41:e6:3b:b7:bd:
                    bd:c0:f7:25:a8:17:cf:f9:c2:2f:31:2d:fe:78:24:
                    a6:a8:9f:5f:ef:83:ac:d9:ef:60:85:97:cc:7b:8e:
                    a6:7f:0d:96:37:65:7e:a3:50:b6:37:30:c1:6a:93:
                    19:05:71:9c:8c:48:df:f4:19:92:16:58:52:fe:1b:
                    a7:e0:8f:83:4d:18:98:eb:33:3b:e6:fb:9e:18:c1:
                    77:9b:19:21:f2:0c:f0:13:88:11:f9:c6:69:72:b3:
                    46:e5:68:58:63:9e:69:b3:d5:18:0c:35:4a:ac:44:
                    a4:f9:e1:fe:8e:74:10:f2:9e:79:a7:4a:2e:e7:4b:
                    48:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:28:FB:0F:EC:34:7A:37:43:05:86:FC:99:DA:B3:C0:9E:B5:8E:40
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/pSj7D-w0ejdDBYb8mdqzwJ61jkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.25.0/24
                IPv6:
                  2a02:330:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         97:a4:06:98:96:dc:58:b2:e8:40:e6:6d:00:ff:ca:64:f7:9d:
         11:d3:7a:c2:4e:b1:d1:66:35:ef:c8:f3:e8:9c:a3:be:6a:3b:
         b6:eb:63:3c:d7:18:b0:49:f3:6d:be:59:c4:c7:22:9d:78:69:
         28:7e:b3:7b:f9:c5:cc:23:a7:d9:06:d9:9f:f4:07:06:50:cb:
         67:b0:be:45:04:d8:17:de:58:a6:57:c7:60:f5:e9:a0:b3:75:
         8c:0d:85:e9:1a:34:9b:c5:7f:be:b2:f0:ad:e8:e7:79:8d:45:
         ae:f3:d5:f0:67:13:4a:cf:54:fa:1c:c3:b4:cd:b8:b0:67:6e:
         20:59:4c:e3:99:43:79:73:3a:22:28:db:43:15:34:76:61:6e:
         79:33:87:86:6c:97:a0:f6:6e:d4:bf:f8:eb:61:8c:ef:07:fa:
         2a:29:34:fe:9e:79:3d:21:e0:a2:03:4c:c9:87:f4:14:44:36:
         7e:d4:49:da:de:e5:a5:81:05:76:f4:2f:c8:56:9d:30:a8:4f:
         69:80:c7:a7:20:25:9a:36:2c:77:55:9e:65:e4:76:63:bc:b4:
         fd:54:7e:3c:3e:27:8c:06:40:02:69:23:3d:3f:ea:75:e2:2f:
         22:bd:71:b8:f1:11:4d:24:c6:75:d9:7a:3e:d2:a7:e2:e0:4a:
         df:c5:d7:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbfSF6vuan9DsI3WJmePtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTI4ZmIwZmVjMzQ3YTM3NDMwNTg2ZmM5OWRhYjNjMDllYjU4ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02yrwyDWLzUXpSNXlBhr+XjyQFmp
Uk3RPb3U+D+rCfkHolP4EqxWZng+F+Ru+lU4A7vz9t1rsh1AbeyCozKEjC35lPBw
Q3gvoHjJroMSzw/6ox9aEj3eFKl0s+0BlYAKbZKk+2qJ3OyL0xIOPacq/UVF9hTe
meJQbtSHLi+9zITKQeY7t729wPclqBfP+cIvMS3+eCSmqJ9f74Os2e9ghZfMe46m
fw2WN2V+o1C2NzDBapMZBXGcjEjf9BmSFlhS/hun4I+DTRiY6zM75vueGMF3mxkh
8gzwE4gR+cZpcrNG5WhYY55ps9UYDDVKrESk+eH+jnQQ8p55p0ou50tI6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKUo+w/sNHo3QwWG/Jnas8CetY5AMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvcFNqN0QtdzBlamREQlliOG1kcXp3SjYxamtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuRYZMA8E
AgACMAkDBwEqAgMwAAgwDQYJKoZIhvcNAQELBQADggEBAJekBpiW3Fiy6EDmbQD/
ymT3nRHTesJOsdFmNe/I8+ico75qO7brYzzXGLBJ822+WcTHIp14aSh+s3v5xcwj
p9kG2Z/0BwZQy2ewvkUE2BfeWKZXx2D16aCzdYwNhekaNJvFf76y8K3o53mNRa7z
1fBnE0rPVPocw7TNuLBnbiBZTOOZQ3lzOiIo20MVNHZhbnkzh4Zsl6D2btS/+Oth
jO8H+iopNP6eeT0h4KIDTMmH9BRENn7USdre5aWBBXb0L8hWnTCoT2mAx6cgJZo2
LHdVnmXkdmO8tP1Ufjw+J4wGQAJpIz0/6nXiLyK9cbjxEU0kxnXZej7Sp+LgSt/F
14U=
-----END CERTIFICATE-----