Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Is-TnbCqT0sZMmHzE0DOERlyuyA.roa
File:                     Is-TnbCqT0sZMmHzE0DOERlyuyA.roa (raw, json)
Hash identifier:          ZwxuieDg5KwfHUePylCdnkHIJ18zptrPuU4i92UJi24=
Subject key identifier:   22:CF:93:9D:B0:AA:4F:4B:19:32:61:F3:13:40:CE:11:19:72:BB:20
Certificate issuer:       /CN=3f39dd7bd73c3e1ba27d178d55c26f8a96cdb4a9
Certificate serial:       01942825B9D6715A11560CC644ECD2DD985D
Authority key identifier: 3F:39:DD:7B:D7:3C:3E:1B:A2:7D:17:8D:55:C2:6F:8A:96:CD:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pznde9c8PhuifReNVcJvipbNtKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Is-TnbCqT0sZMmHzE0DOERlyuyA.roa
Signing time:             Thu 02 Jan 2025 17:52:28 +0000
ROA not before:           Thu 02 Jan 2025 17:52:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48362
IP address blocks:        92.249.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Pznde9c8PhuifReNVcJvipbNtKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Pznde9c8PhuifReNVcJvipbNtKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pznde9c8PhuifReNVcJvipbNtKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:b9:d6:71:5a:11:56:0c:c6:44:ec:d2:dd:98:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f39dd7bd73c3e1ba27d178d55c26f8a96cdb4a9
        Validity
            Not Before: Jan  2 17:52:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22cf939db0aa4f4b193261f31340ce111972bb20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f1:77:7d:df:12:2c:c4:e8:ff:21:40:c9:96:
                    7f:c4:9a:1a:43:b7:0b:a5:41:19:92:b1:1a:bf:03:
                    cd:f8:43:c9:d8:83:e4:73:6c:c0:19:ba:89:97:be:
                    44:40:7b:a2:72:88:b3:9b:e1:7e:0f:60:a8:6a:2c:
                    c4:36:0e:5a:cc:ca:3b:72:e7:68:99:e0:db:20:5f:
                    0d:e0:98:fe:3a:a5:c3:a7:ac:3e:ac:a7:41:ab:17:
                    68:92:ed:1e:b8:5b:09:3c:65:d4:ff:1c:52:4d:8a:
                    1f:4d:0e:80:5e:3e:2a:15:eb:9b:cd:50:8a:d8:79:
                    cc:6c:ce:1e:d0:ab:b3:10:5f:ab:4f:ca:fb:02:69:
                    f2:16:cd:e1:67:57:59:c9:96:bf:aa:ec:6c:3c:c7:
                    ea:d7:a8:06:be:41:85:6d:52:ac:b0:25:ec:d0:3b:
                    fa:82:9d:53:f3:11:0c:d7:6d:1e:53:4f:d7:4d:bb:
                    05:5e:65:5f:69:54:51:e0:4b:9a:79:6d:7b:ea:c1:
                    3d:b4:cb:1c:03:46:f1:a9:f6:0a:11:bc:0d:8b:95:
                    dd:4e:26:f4:6e:cc:b7:97:26:00:75:d7:0a:f9:f4:
                    0a:72:03:af:04:de:15:9f:0c:67:9b:e8:c7:92:3a:
                    97:e9:07:f6:ac:91:d4:ea:e7:a8:11:f7:90:37:b6:
                    d4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:CF:93:9D:B0:AA:4F:4B:19:32:61:F3:13:40:CE:11:19:72:BB:20
            X509v3 Authority Key Identifier:
                keyid:3F:39:DD:7B:D7:3C:3E:1B:A2:7D:17:8D:55:C2:6F:8A:96:CD:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pznde9c8PhuifReNVcJvipbNtKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Is-TnbCqT0sZMmHzE0DOERlyuyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Pznde9c8PhuifReNVcJvipbNtKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:6b:f5:6d:e2:87:b3:ae:b3:a7:63:b4:89:cf:88:a6:12:74:
         c9:7d:ed:74:2a:88:a6:54:34:14:57:2c:7b:c6:ca:05:df:43:
         80:ec:dd:1e:ec:4d:a4:b2:6d:ed:e6:ad:63:22:86:8c:ee:82:
         e8:70:31:b2:e1:75:37:b4:7d:44:b6:b2:b8:16:70:ff:43:61:
         a7:02:89:d4:e2:73:a8:9b:bc:11:2a:84:63:bc:56:53:47:bd:
         d4:03:07:38:e0:86:25:16:b2:41:d5:58:82:38:f4:ca:f7:b5:
         2e:e3:09:c4:23:43:6d:94:56:93:a2:a7:ae:f8:17:7a:bf:5c:
         c1:a8:cc:70:1e:a1:2d:6a:f9:bd:b2:b7:7f:cb:88:df:ba:8b:
         0a:a0:89:84:90:67:d5:8d:85:77:7a:48:85:f8:27:ac:5d:ed:
         4b:af:5f:db:cf:ce:45:32:3e:b7:3d:a8:80:c3:8c:95:be:9c:
         21:fa:75:57:01:38:2d:be:9c:03:8b:c7:61:74:df:35:57:91:
         bc:7d:4f:d8:2a:b0:a6:b2:73:40:68:aa:11:84:38:f9:f7:76:
         5e:ec:73:7c:de:3f:45:3d:67:a0:ec:ee:78:18:d5:f9:3a:26:
         68:75:c1:58:a2:da:e3:fb:7f:36:e5:fd:ad:aa:3b:01:8d:be:
         fc:7f:05:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJbnWcVoRVgzGROzS3ZhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMzlkZDdiZDczYzNlMWJhMjdkMTc4ZDU1YzI2ZjhhOTZj
ZGI0YTkwHhcNMjUwMTAyMTc1MjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmNmOTM5ZGIwYWE0ZjRiMTkzMjYxZjMxMzQwY2UxMTE5NzJiYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/F3fd8SLMTo/yFAyZZ/xJoaQ7cL
pUEZkrEavwPN+EPJ2IPkc2zAGbqJl75EQHuicoizm+F+D2CoaizENg5azMo7cudo
meDbIF8N4Jj+OqXDp6w+rKdBqxdoku0euFsJPGXU/xxSTYofTQ6AXj4qFeubzVCK
2HnMbM4e0KuzEF+rT8r7AmnyFs3hZ1dZyZa/quxsPMfq16gGvkGFbVKssCXs0Dv6
gp1T8xEM120eU0/XTbsFXmVfaVRR4EuaeW176sE9tMscA0bxqfYKEbwNi5XdTib0
bsy3lyYAddcK+fQKcgOvBN4Vnwxnm+jHkjqX6Qf2rJHU6ueoEfeQN7bUMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLPk52wqk9LGTJh8xNAzhEZcrsgMB8GA1UdIwQY
MBaAFD853XvXPD4bon0XjVXCb4qWzbSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHpuZGU5YzhQaHVpZlJlTlZjSnZpcGJOdEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82MjFlZGQtMWI1YS00NmFjLWJhMTMt
MDRmOWU2MTZhZjYwLzEvSXMtVG5iQ3FUMHNaTW1IekUwRE9FUmx5dXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82MjFlZGQtMWI1YS00NmFjLWJhMTMtMDRmOWU2MTZhZjYw
LzEvUHpuZGU5YzhQaHVpZlJlTlZjSnZpcGJOdEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXPkUMA0G
CSqGSIb3DQEBCwUAA4IBAQACa/Vt4oezrrOnY7SJz4imEnTJfe10KoimVDQUVyx7
xsoF30OA7N0e7E2ksm3t5q1jIoaM7oLocDGy4XU3tH1EtrK4FnD/Q2GnAonU4nOo
m7wRKoRjvFZTR73UAwc44IYlFrJB1ViCOPTK97Uu4wnEI0NtlFaToqeu+Bd6v1zB
qMxwHqEtavm9srd/y4jfuosKoImEkGfVjYV3ekiF+CesXe1Lr1/bz85FMj63PaiA
w4yVvpwh+nVXATgtvpwDi8dhdN81V5G8fU/YKrCmsnNAaKoRhDj593Ze7HN83j9F
PWeg7O54GNX5OiZodcFYotrj+3825f2tqjsBjb78fwVb
-----END CERTIFICATE-----