Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/MsX7z11EG3Ra1btVjanzOArXZBA.roa
File:                     MsX7z11EG3Ra1btVjanzOArXZBA.roa (raw, json)
Hash identifier:          qSg/iwSCS5A7esCvzXRHnZt48n1XiPgOyIW5W3fL/gk=
Subject key identifier:   32:C5:FB:CF:5D:44:1B:74:5A:D5:BB:55:8D:A9:F3:38:0A:D7:64:10
Certificate issuer:       /CN=3f39dd7bd73c3e1ba27d178d55c26f8a96cdb4a9
Certificate serial:       018CC9BC602F949D8B02B789D6FE86239B9B
Authority key identifier: 3F:39:DD:7B:D7:3C:3E:1B:A2:7D:17:8D:55:C2:6F:8A:96:CD:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pznde9c8PhuifReNVcJvipbNtKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/MsX7z11EG3Ra1btVjanzOArXZBA.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48362
IP address blocks:        92.249.20.0/22 maxlen: 24
                          2a13:62c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Pznde9c8PhuifReNVcJvipbNtKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Pznde9c8PhuifReNVcJvipbNtKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pznde9c8PhuifReNVcJvipbNtKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:60:2f:94:9d:8b:02:b7:89:d6:fe:86:23:9b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f39dd7bd73c3e1ba27d178d55c26f8a96cdb4a9
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32c5fbcf5d441b745ad5bb558da9f3380ad76410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3b:46:a1:6e:eb:50:66:83:44:2a:6a:07:47:
                    7d:cc:21:07:49:9d:0f:e6:0b:3d:53:e0:8d:ba:19:
                    83:26:36:f5:83:13:e2:34:ea:e3:57:07:e9:0e:e4:
                    11:44:4a:96:25:22:2c:a1:ba:fd:8a:8a:70:24:3d:
                    0c:82:a4:11:53:f9:2c:39:55:88:94:99:2e:54:60:
                    e7:55:36:08:c1:27:5d:54:ac:b7:75:b4:7c:91:2a:
                    90:24:48:08:5c:59:87:b4:1d:03:f7:aa:fd:f9:f1:
                    6c:1d:b5:f9:f3:4e:c7:d1:9c:c7:9c:bc:c9:0d:38:
                    d7:dc:c1:d3:0a:1c:ea:b3:9d:65:c2:92:b7:eb:5e:
                    0b:5b:3d:2d:be:17:4c:b6:b3:6d:b3:df:3c:95:a2:
                    cf:3f:54:3d:3c:22:10:5d:81:0a:53:dd:98:cb:3c:
                    cf:49:01:e7:d0:96:6e:73:a9:a8:10:56:45:aa:52:
                    24:60:da:da:72:09:59:76:44:aa:f3:52:8c:76:e1:
                    cd:3e:39:00:bf:57:c0:0e:7a:06:6d:2b:6b:e4:82:
                    82:dd:a2:60:51:c8:bd:9f:71:4f:7e:5b:05:79:7e:
                    a1:bb:db:0d:ae:b4:39:36:a1:69:f2:02:77:1c:5b:
                    39:e0:0a:92:5e:ed:eb:67:55:3a:81:a0:e0:7f:8a:
                    0b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C5:FB:CF:5D:44:1B:74:5A:D5:BB:55:8D:A9:F3:38:0A:D7:64:10
            X509v3 Authority Key Identifier:
                keyid:3F:39:DD:7B:D7:3C:3E:1B:A2:7D:17:8D:55:C2:6F:8A:96:CD:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pznde9c8PhuifReNVcJvipbNtKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/MsX7z11EG3Ra1btVjanzOArXZBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/621edd-1b5a-46ac-ba13-04f9e616af60/1/Pznde9c8PhuifReNVcJvipbNtKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.20.0/22
                IPv6:
                  2a13:62c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:26:f5:dc:ae:db:a0:63:be:d7:29:83:c6:0d:a2:e5:37:af:
         e8:00:5d:ab:b5:44:61:36:cd:0a:67:5d:c7:00:53:30:b3:71:
         a3:9a:2f:b0:f0:9f:8c:c4:12:d9:66:d9:f7:c4:0a:d1:e8:6b:
         9b:d3:fc:53:22:5c:15:15:2d:4a:01:74:39:60:15:c5:76:5d:
         19:bf:56:5c:79:56:d1:89:8f:93:56:86:cd:c5:a2:6f:d4:0c:
         3d:fd:07:4b:17:e1:3a:1e:5d:c1:b4:57:34:35:79:7d:2b:b6:
         46:d6:a4:60:7e:6e:35:82:97:2e:fb:9f:0e:cd:8c:21:68:6f:
         8d:17:79:ff:2b:67:8c:cd:9c:2d:27:ad:7d:16:53:c7:55:ef:
         8e:de:91:80:ed:e7:6d:af:ca:b2:6a:2a:28:e7:06:63:b4:74:
         ae:25:de:97:b6:64:a9:f1:36:97:f8:3c:4c:17:3c:46:93:15:
         0c:83:e4:86:a8:e5:65:42:49:1d:87:2d:45:42:3f:62:60:df:
         b3:07:46:e8:71:ff:ef:c8:9e:93:24:c8:5f:51:9d:0e:66:c3:
         ff:fe:75:8a:14:6f:45:52:3f:f3:88:60:da:d3:1b:27:31:aa:
         f1:92:f7:74:44:20:1d:7b:76:9a:71:4d:c0:78:ff:2b:08:96:
         4c:a4:b3:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvGAvlJ2LAreJ1v6GI5ubMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMzlkZDdiZDczYzNlMWJhMjdkMTc4ZDU1YzI2ZjhhOTZj
ZGI0YTkwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmM1ZmJjZjVkNDQxYjc0NWFkNWJiNTU4ZGE5ZjMzODBhZDc2NDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjtGoW7rUGaDRCpqB0d9zCEHSZ0P
5gs9U+CNuhmDJjb1gxPiNOrjVwfpDuQRREqWJSIsobr9iopwJD0MgqQRU/ksOVWI
lJkuVGDnVTYIwSddVKy3dbR8kSqQJEgIXFmHtB0D96r9+fFsHbX5807H0ZzHnLzJ
DTjX3MHTChzqs51lwpK3614LWz0tvhdMtrNts988laLPP1Q9PCIQXYEKU92YyzzP
SQHn0JZuc6moEFZFqlIkYNracglZdkSq81KMduHNPjkAv1fADnoGbStr5IKC3aJg
Uci9n3FPflsFeX6hu9sNrrQ5NqFp8gJ3HFs54AqSXu3rZ1U6gaDgf4oLLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDLF+89dRBt0WtW7VY2p8zgK12QQMB8GA1UdIwQY
MBaAFD853XvXPD4bon0XjVXCb4qWzbSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHpuZGU5YzhQaHVpZlJlTlZjSnZpcGJOdEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82MjFlZGQtMWI1YS00NmFjLWJhMTMt
MDRmOWU2MTZhZjYwLzEvTXNYN3oxMUVHM1JhMWJ0VmphbnpPQXJYWkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82MjFlZGQtMWI1YS00NmFjLWJhMTMtMDRmOWU2MTZhZjYw
LzEvUHpuZGU5YzhQaHVpZlJlTlZjSnZpcGJOdEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXPkUMA0E
AgACMAcDBQAqE2LAMA0GCSqGSIb3DQEBCwUAA4IBAQAYJvXcrtugY77XKYPGDaLl
N6/oAF2rtURhNs0KZ13HAFMws3Gjmi+w8J+MxBLZZtn3xArR6Gub0/xTIlwVFS1K
AXQ5YBXFdl0Zv1ZceVbRiY+TVobNxaJv1Aw9/QdLF+E6Hl3BtFc0NXl9K7ZG1qRg
fm41gpcu+58OzYwhaG+NF3n/K2eMzZwtJ619FlPHVe+O3pGA7edtr8qyaioo5wZj
tHSuJd6XtmSp8TaX+DxMFzxGkxUMg+SGqOVlQkkdhy1FQj9iYN+zB0bocf/vyJ6T
JMhfUZ0OZsP//nWKFG9FUj/ziGDa0xsnMarxkvd0RCAde3aacU3AeP8rCJZMpLNw
-----END CERTIFICATE-----