Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/w2hWyRNgZD_Un9dP8fKDu20VHRs.roa
File:                     w2hWyRNgZD_Un9dP8fKDu20VHRs.roa (raw, json)
Hash identifier:          tJZb3TVtX4xfuNM5jZCfR91oEdKnvKDOfvl4uLB9nvQ=
Subject key identifier:   C3:68:56:C9:13:60:64:3F:D4:9F:D7:4F:F1:F2:83:BB:6D:15:1D:1B
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CD9494A87989759DE6B1EF66D07A58F97
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/w2hWyRNgZD_Un9dP8fKDu20VHRs.roa
Signing time:             Fri 05 Jan 2024 11:01:48 +0000
ROA not before:           Fri 05 Jan 2024 11:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398129
IP address blocks:        92.119.148.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:49:4a:87:98:97:59:de:6b:1e:f6:6d:07:a5:8f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  5 11:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c36856c91360643fd49fd74ff1f283bb6d151d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:70:a6:0e:d7:23:9b:96:b2:d5:5e:af:12:6b:
                    6c:dd:86:a1:73:de:f5:2e:1d:5a:64:59:3f:53:57:
                    77:dc:8e:96:be:c6:01:9d:67:60:2b:8a:ab:6d:07:
                    17:70:03:bd:9e:8a:29:f9:6f:0a:f0:7b:45:64:58:
                    28:be:cc:e5:72:07:01:d7:ab:ca:32:a1:71:85:5f:
                    c5:cb:b5:30:0b:e6:76:f4:0e:67:44:36:91:d3:a4:
                    00:d5:1c:c8:05:b5:32:d0:9d:9c:e9:aa:64:31:58:
                    94:63:8e:7f:27:01:04:49:46:3f:67:6f:27:19:23:
                    27:5e:cf:b2:4d:91:a3:f6:71:f0:40:07:b7:4b:36:
                    c9:e2:84:b1:5f:08:a5:76:cf:45:38:ac:12:c2:2c:
                    c5:8d:e4:74:ca:2d:a4:4b:10:62:b3:86:f6:dc:56:
                    54:1a:38:db:18:d3:f0:5d:12:11:84:7f:4e:49:d9:
                    03:60:4e:13:ed:4e:00:c0:30:42:55:1f:b3:cb:f0:
                    7f:bf:3d:2a:13:62:4b:de:e3:4f:57:3c:69:43:f4:
                    82:45:8e:38:8c:b3:73:1d:16:f1:d7:49:e5:14:de:
                    c7:e3:42:b9:c9:4c:d6:12:48:0f:aa:bb:6d:14:31:
                    39:b5:56:bd:b6:35:65:6f:a4:d7:20:fc:9f:c0:78:
                    d6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:68:56:C9:13:60:64:3F:D4:9F:D7:4F:F1:F2:83:BB:6D:15:1D:1B
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/w2hWyRNgZD_Un9dP8fKDu20VHRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e5:11:58:e9:35:81:10:2a:0f:27:14:05:2c:4f:87:65:55:
         c7:10:26:a4:0e:b4:2f:bc:1c:4c:7b:34:71:46:41:3e:66:c2:
         94:36:ac:c9:ef:d7:51:73:a6:23:3d:47:79:3e:b5:a9:f9:16:
         fb:a7:a9:92:05:93:3c:02:b0:b9:9c:a0:6a:d9:e2:1a:2a:5a:
         bd:32:5b:43:d9:2c:17:3e:7d:23:dc:c5:28:2f:f3:6c:66:8a:
         ba:ac:e7:1d:68:ce:7d:a2:a3:b3:e8:8a:aa:b6:8f:89:a1:a0:
         9f:a3:dd:ed:29:41:52:94:73:05:54:d1:74:9e:c5:ee:3a:97:
         d6:ff:40:f9:5c:c2:95:c0:47:f9:7f:94:f4:bc:cd:4b:3e:b1:
         3b:c5:f5:fc:23:87:32:40:f7:1e:6a:19:53:fe:94:b9:bd:a2:
         69:db:96:89:89:a1:d7:94:d3:7f:b6:38:ed:76:d8:a6:0d:41:
         74:25:86:07:ad:99:b1:2a:7c:29:39:d8:26:ec:45:31:a4:52:
         8c:54:6d:df:84:ec:cd:45:7e:c5:e4:b5:e7:e8:c4:e6:17:13:
         9c:9b:b4:79:11:5b:73:1b:5b:b4:f8:e0:71:59:7d:e4:af:0b:
         06:ca:50:c8:57:9e:df:5b:9f:27:0d:dd:ae:39:37:fe:62:31:
         ef:c5:f8:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzZSUqHmJdZ3mse9m0HpY+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTA1MTEwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzY4NTZjOTEzNjA2NDNmZDQ5ZmQ3NGZmMWYyODNiYjZkMTUxZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHCmDtcjm5ay1V6vEmts3Yahc971
Lh1aZFk/U1d33I6WvsYBnWdgK4qrbQcXcAO9noop+W8K8HtFZFgovszlcgcB16vK
MqFxhV/Fy7UwC+Z29A5nRDaR06QA1RzIBbUy0J2c6apkMViUY45/JwEESUY/Z28n
GSMnXs+yTZGj9nHwQAe3SzbJ4oSxXwilds9FOKwSwizFjeR0yi2kSxBis4b23FZU
GjjbGNPwXRIRhH9OSdkDYE4T7U4AwDBCVR+zy/B/vz0qE2JL3uNPVzxpQ/SCRY44
jLNzHRbx10nlFN7H40K5yUzWEkgPqrttFDE5tVa9tjVlb6TXIPyfwHjWAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNoVskTYGQ/1J/XT/Hyg7ttFR0bMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvdzJoV3lSTmdaRF9VbjlkUDhmS0R1MjBWSFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHeUMA0G
CSqGSIb3DQEBCwUAA4IBAQA45RFY6TWBECoPJxQFLE+HZVXHECakDrQvvBxMezRx
RkE+ZsKUNqzJ79dRc6YjPUd5PrWp+Rb7p6mSBZM8ArC5nKBq2eIaKlq9MltD2SwX
Pn0j3MUoL/NsZoq6rOcdaM59oqOz6Iqqto+JoaCfo93tKUFSlHMFVNF0nsXuOpfW
/0D5XMKVwEf5f5T0vM1LPrE7xfX8I4cyQPceahlT/pS5vaJp25aJiaHXlNN/tjjt
dtimDUF0JYYHrZmxKnwpOdgm7EUxpFKMVG3fhOzNRX7F5LXn6MTmFxOcm7R5EVtz
G1u0+OBxWX3krwsGylDIV57fW58nDd2uOTf+YjHvxfif
-----END CERTIFICATE-----