Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/_oABcb0n5WSIZkIhiobbcyZ5r9w.roa
File:                     _oABcb0n5WSIZkIhiobbcyZ5r9w.roa (raw, json)
Hash identifier:          RQl5WSMc121555H89RB4jV89hHPt9PZ67+uo3vfSN1E=
Subject key identifier:   FE:80:01:71:BD:27:E5:64:88:66:42:21:8A:86:DB:73:26:79:AF:DC
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       018CC348E2B643D0EBC5466C3EDAD7FEE2F0
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/_oABcb0n5WSIZkIhiobbcyZ5r9w.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        92.51.20.0/24 maxlen: 24
                          92.51.22.0/24 maxlen: 24
                          92.51.23.0/24 maxlen: 24
                          92.51.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e2:b6:43:d0:eb:c5:46:6c:3e:da:d7:fe:e2:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe800171bd27e564886642218a86db732679afdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c4:85:7e:19:09:a2:26:4b:ac:24:a6:ca:aa:
                    e6:58:b3:a3:df:2c:8a:90:82:28:97:b0:ec:15:47:
                    7e:8d:5e:71:99:66:be:d2:b6:d8:8f:4e:48:14:2f:
                    8f:b9:43:5b:df:62:24:9d:34:c7:38:bb:61:00:28:
                    6a:02:0d:13:02:c5:fa:44:3f:e8:90:62:e4:9f:d5:
                    fc:9f:c7:03:76:86:e2:dd:55:98:57:98:53:ed:5a:
                    a0:87:bd:ac:76:e4:a9:b5:2b:ff:a9:4e:be:51:d1:
                    17:5b:0a:42:6a:ab:f2:8b:fb:cb:11:9c:3a:9f:01:
                    48:af:3e:64:33:41:51:69:8d:46:9c:a3:f6:4a:28:
                    1f:c2:3a:1c:61:65:10:74:c5:a8:79:c5:58:6c:16:
                    db:21:1a:a7:c1:c6:a8:10:0f:de:9c:fb:ba:64:a3:
                    61:5e:1c:1a:03:94:71:2f:a7:29:6a:9e:37:66:4f:
                    50:b6:94:be:e3:ce:d3:e1:f3:72:17:3e:fc:ce:ef:
                    e4:ed:77:92:1b:3f:77:44:a0:01:58:8e:54:00:64:
                    14:de:eb:15:8b:33:71:36:99:a7:3e:6c:db:39:c5:
                    a1:ea:32:61:9d:82:dc:5b:f6:db:c7:f7:62:c1:90:
                    d3:01:43:d1:36:8e:fb:2f:78:4e:bb:7f:00:de:a8:
                    21:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:80:01:71:BD:27:E5:64:88:66:42:21:8A:86:DB:73:26:79:AF:DC
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/_oABcb0n5WSIZkIhiobbcyZ5r9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:30:b1:35:22:2f:93:a8:60:59:03:79:5a:2a:fc:ec:26:93:
         d3:bb:7d:ad:30:aa:15:4b:7e:38:f1:9d:1f:0b:cc:73:ab:c3:
         5f:de:6a:99:e1:56:62:95:4b:2f:6a:30:e2:08:40:d2:e1:1c:
         65:75:dd:5f:84:3d:73:ac:16:d4:88:09:de:fa:0c:61:3a:88:
         01:b4:d0:8d:88:e2:c7:1f:d1:76:ca:da:b9:e9:bf:90:65:21:
         d5:09:aa:22:46:fa:b6:09:7a:82:9c:d9:4a:f6:65:1d:1c:4a:
         ee:df:e1:64:7e:99:70:4b:c2:99:ff:94:13:a0:c1:34:cf:b5:
         4c:40:36:a9:3a:15:a8:a8:b0:09:43:7b:84:11:b4:24:c5:4d:
         b5:9f:0b:02:90:f6:8c:94:76:92:e5:ee:02:49:ca:2d:4c:f9:
         0d:1e:f5:9b:e6:d1:20:61:fb:d9:9c:a6:21:78:66:02:22:16:
         9b:bd:81:12:d6:a1:bc:af:ad:2c:ae:b3:b5:c8:0c:87:2a:4c:
         a6:6f:4f:59:14:c6:9c:80:4b:62:26:f6:b2:67:26:27:95:39:
         90:d3:4e:8e:98:92:79:df:5d:10:c6:dd:62:e9:9f:36:30:7a:
         4e:a6:0f:8e:0b:7c:68:61:29:59:ff:8f:95:29:39:d3:a0:65:
         43:54:b9:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOK2Q9DrxUZsPtrX/uLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTgwMDE3MWJkMjdlNTY0ODg2NjQyMjE4YTg2ZGI3MzI2NzlhZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sSFfhkJoiZLrCSmyqrmWLOj3yyK
kIIol7DsFUd+jV5xmWa+0rbYj05IFC+PuUNb32IknTTHOLthAChqAg0TAsX6RD/o
kGLkn9X8n8cDdobi3VWYV5hT7Vqgh72sduSptSv/qU6+UdEXWwpCaqvyi/vLEZw6
nwFIrz5kM0FRaY1GnKP2SigfwjocYWUQdMWoecVYbBbbIRqnwcaoEA/enPu6ZKNh
XhwaA5RxL6cpap43Zk9QtpS+487T4fNyFz78zu/k7XeSGz93RKABWI5UAGQU3usV
izNxNpmnPmzbOcWh6jJhnYLcW/bbx/diwZDTAUPRNo77L3hOu38A3qghqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6AAXG9J+VkiGZCIYqG23Mmea/cMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvX29BQmNiMG41V1NJWmtJaGlvYmJjeVo1cjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDMUMA0G
CSqGSIb3DQEBCwUAA4IBAQCpMLE1Ii+TqGBZA3laKvzsJpPTu32tMKoVS3448Z0f
C8xzq8Nf3mqZ4VZilUsvajDiCEDS4Rxldd1fhD1zrBbUiAne+gxhOogBtNCNiOLH
H9F2ytq56b+QZSHVCaoiRvq2CXqCnNlK9mUdHEru3+FkfplwS8KZ/5QToME0z7VM
QDapOhWoqLAJQ3uEEbQkxU21nwsCkPaMlHaS5e4CScotTPkNHvWb5tEgYfvZnKYh
eGYCIhabvYES1qG8r60srrO1yAyHKkymb09ZFMacgEtiJvayZyYnlTmQ006OmJJ5
310Qxt1i6Z82MHpOpg+OC3xoYSlZ/4+VKTnToGVDVLmi
-----END CERTIFICATE-----