Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/x2Cy_xEwpOAeYzWna-ywk0B9Gu4.roa
File:                     x2Cy_xEwpOAeYzWna-ywk0B9Gu4.roa (raw, json)
Hash identifier:          tJyjH79qiLEgihH9dW3wNal7yajR+wzOzdKLjXGBWxE=
Subject key identifier:   C7:60:B2:FF:11:30:A4:E0:1E:63:35:A7:6B:EC:B0:93:40:7D:1A:EE
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0191E15635D42B857D4FB96A5C5145AD2B91
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/x2Cy_xEwpOAeYzWna-ywk0B9Gu4.roa
Signing time:             Wed 11 Sep 2024 13:46:49 +0000
ROA not before:           Wed 11 Sep 2024 13:46:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43673
IP address blocks:        82.196.67.0/24 maxlen: 24
                          82.196.67.183/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:56:35:d4:2b:85:7d:4f:b9:6a:5c:51:45:ad:2b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Sep 11 13:46:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c760b2ff1130a4e01e6335a76becb093407d1aee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7b:ea:eb:d8:2a:36:4e:79:3d:52:ac:4d:b9:
                    ae:c0:7c:0f:5f:68:10:31:8c:69:7f:ba:7b:09:6b:
                    7b:1b:3b:b9:24:8f:c6:99:e2:ea:3e:b3:fa:c6:f5:
                    3d:a3:cf:bd:f3:fb:0e:66:3b:d4:85:89:f0:c8:cc:
                    80:25:2d:90:d0:57:89:c6:55:ff:f3:ec:8d:fa:08:
                    33:a3:b4:a1:d7:a8:ef:a9:e5:28:b4:5b:ca:18:7c:
                    e3:de:83:40:7b:39:3b:e8:da:de:0b:6e:20:63:2f:
                    83:68:42:92:46:d6:a2:1b:b1:cb:ff:c3:3d:2d:e2:
                    98:9a:d6:68:c4:c0:36:d5:ac:85:83:f7:3a:35:a3:
                    f3:cb:34:b6:c7:61:d1:e8:5f:8e:e8:2e:59:e0:0f:
                    d4:43:03:10:3b:e7:c4:12:6b:51:86:99:f3:4a:9e:
                    71:6a:9b:3c:92:07:c6:de:dd:c8:8d:69:32:87:bf:
                    eb:13:60:5d:b6:ea:a7:34:9a:d7:25:bf:92:e4:af:
                    86:e8:d6:24:6c:63:58:88:7d:c8:35:d8:67:25:d5:
                    6e:ea:ca:3b:c8:b8:f2:68:5d:f8:2a:f0:da:9a:6f:
                    33:da:9f:93:f3:03:a4:af:2d:35:0e:62:ce:da:02:
                    0b:bd:bd:4e:2a:00:77:92:e1:2f:b3:37:93:99:09:
                    91:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:60:B2:FF:11:30:A4:E0:1E:63:35:A7:6B:EC:B0:93:40:7D:1A:EE
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/x2Cy_xEwpOAeYzWna-ywk0B9Gu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.196.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:f1:38:c6:3c:cc:1c:90:37:2f:5f:43:36:1c:fc:d5:57:4b:
         fc:76:cf:8a:03:22:9a:e8:72:80:4b:f9:ae:50:60:40:18:01:
         a6:70:be:d6:a7:01:08:b8:ba:d2:78:bf:4c:aa:aa:1e:71:71:
         df:f5:7a:35:d4:de:d3:5f:c0:01:e2:a2:fe:9e:de:61:85:dd:
         34:f1:e3:04:53:fd:7c:9d:56:4f:2e:f1:d9:67:72:e5:6f:7c:
         5e:57:7f:96:36:f5:22:f9:03:64:0d:a4:6d:5b:b5:4d:5e:18:
         fc:a0:fe:94:a2:42:77:e8:cf:e9:cf:a1:7a:e3:1a:de:83:70:
         e1:86:28:cf:16:0e:20:2e:b6:1a:1c:35:d6:c5:c1:3b:26:ea:
         62:72:f3:e8:a5:86:78:50:31:0f:d9:7b:04:80:cd:1f:8a:d1:
         15:53:b7:7a:e2:dd:8d:e0:d1:f7:3a:b7:11:e7:0a:4a:17:ba:
         21:bf:c9:c1:09:d1:6c:7f:4b:4e:ac:bd:06:b2:29:73:33:fc:
         2b:e2:eb:54:32:9b:d7:ee:89:ec:66:42:87:53:75:3f:da:ec:
         e1:1b:c7:60:e3:04:5b:31:c2:9f:04:7c:6e:78:d6:a1:8f:d0:
         44:b3:0d:12:cf:18:cb:a9:d9:99:eb:25:fd:95:df:6b:bb:33:
         27:7f:9c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhVjXUK4V9T7lqXFFFrSuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwOTExMTM0NjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzYwYjJmZjExMzBhNGUwMWU2MzM1YTc2YmVjYjA5MzQwN2QxYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXvq69gqNk55PVKsTbmuwHwPX2gQ
MYxpf7p7CWt7Gzu5JI/GmeLqPrP6xvU9o8+98/sOZjvUhYnwyMyAJS2Q0FeJxlX/
8+yN+ggzo7Sh16jvqeUotFvKGHzj3oNAezk76NreC24gYy+DaEKSRtaiG7HL/8M9
LeKYmtZoxMA21ayFg/c6NaPzyzS2x2HR6F+O6C5Z4A/UQwMQO+fEEmtRhpnzSp5x
aps8kgfG3t3IjWkyh7/rE2BdtuqnNJrXJb+S5K+G6NYkbGNYiH3INdhnJdVu6so7
yLjyaF34KvDamm8z2p+T8wOkry01DmLO2gILvb1OKgB3kuEvszeTmQmRmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdgsv8RMKTgHmM1p2vssJNAfRruMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEveDJDeV94RXdwT0FlWXpXbmEteXdrMEI5R3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUsRDMA0G
CSqGSIb3DQEBCwUAA4IBAQAt8TjGPMwckDcvX0M2HPzVV0v8ds+KAyKa6HKAS/mu
UGBAGAGmcL7WpwEIuLrSeL9MqqoecXHf9Xo11N7TX8AB4qL+nt5hhd008eMEU/18
nVZPLvHZZ3Llb3xeV3+WNvUi+QNkDaRtW7VNXhj8oP6UokJ36M/pz6F64xreg3Dh
hijPFg4gLrYaHDXWxcE7JupicvPopYZ4UDEP2XsEgM0fitEVU7d64t2N4NH3OrcR
5wpKF7ohv8nBCdFsf0tOrL0GsilzM/wr4utUMpvX7onsZkKHU3U/2uzhG8dg4wRb
McKfBHxueNahj9BEsw0SzxjLqdmZ6yX9ld9ruzMnf5x4
-----END CERTIFICATE-----