Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c95baf-01b8-479f-90bd-05a1d5cb8eeb/1/5QUGHPk-o58ouOZ4ONwhM-qpk-Y.roa
File:                     5QUGHPk-o58ouOZ4ONwhM-qpk-Y.roa (raw, json)
Hash identifier:          +EjqcprJgxunA4xaDP6rAaDtd8J2Xk2uLfGffh1CQVs=
Subject key identifier:   E5:05:06:1C:F9:3E:A3:9F:28:B8:E6:78:38:DC:21:33:EA:A9:93:E6
Certificate issuer:       /CN=7ad07cde6782fd4fc568857e8484655b50248710
Certificate serial:       01906D28CD93D5C90517B374C07673C6BF41
Authority key identifier: 7A:D0:7C:DE:67:82:FD:4F:C5:68:85:7E:84:84:65:5B:50:24:87:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/etB83meC_U_FaIV-hIRlW1AkhxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/c95baf-01b8-479f-90bd-05a1d5cb8eeb/1/5QUGHPk-o58ouOZ4ONwhM-qpk-Y.roa
Signing time:             Mon 01 Jul 2024 07:18:28 +0000
ROA not before:           Mon 01 Jul 2024 07:18:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        188.92.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/c95baf-01b8-479f-90bd-05a1d5cb8eeb/1/etB83meC_U_FaIV-hIRlW1AkhxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/c95baf-01b8-479f-90bd-05a1d5cb8eeb/1/etB83meC_U_FaIV-hIRlW1AkhxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/etB83meC_U_FaIV-hIRlW1AkhxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:28:cd:93:d5:c9:05:17:b3:74:c0:76:73:c6:bf:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ad07cde6782fd4fc568857e8484655b50248710
        Validity
            Not Before: Jul  1 07:18:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e505061cf93ea39f28b8e67838dc2133eaa993e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a9:54:c4:80:5a:d9:d3:37:92:e8:5d:b3:f1:
                    fa:97:d2:1f:e0:36:c5:d9:37:b9:e7:55:f9:93:bb:
                    f4:d7:d5:12:29:22:61:00:7a:5c:cc:1d:81:6b:b1:
                    d5:42:65:65:01:38:73:da:fa:cb:e5:eb:58:86:55:
                    57:b0:47:4d:e7:cd:e8:70:f3:20:e0:ef:99:ff:cb:
                    c5:0a:f8:8b:5d:07:4c:c8:49:aa:9b:e6:ee:9a:4e:
                    fc:ac:46:b1:44:81:2c:32:9e:8e:93:44:f4:b9:e8:
                    e3:6d:18:2a:16:3d:e3:b6:f1:d9:f8:f8:f7:f2:db:
                    09:22:d1:9c:b5:f1:c1:08:43:5a:4f:3a:54:0e:4b:
                    f7:63:93:38:be:ce:be:3d:6c:59:6b:58:9b:ce:52:
                    ac:e0:32:2a:77:40:7d:54:be:75:09:d0:a7:a4:fe:
                    29:39:39:a1:64:ab:e2:3c:cf:6c:b0:56:fa:ce:fc:
                    d0:19:22:1e:c2:eb:82:3f:a8:f3:1c:47:02:4b:fa:
                    7c:15:d8:16:18:12:ae:57:cf:0b:cd:7a:e6:b7:88:
                    18:eb:5c:bc:f8:96:79:9c:d9:41:5a:b2:6a:6d:b9:
                    a8:6f:52:e3:46:d5:cd:6a:e9:21:26:75:0e:f3:1d:
                    40:3b:33:60:9f:0c:9d:48:f9:64:2d:9a:c7:9f:71:
                    cc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:05:06:1C:F9:3E:A3:9F:28:B8:E6:78:38:DC:21:33:EA:A9:93:E6
            X509v3 Authority Key Identifier:
                keyid:7A:D0:7C:DE:67:82:FD:4F:C5:68:85:7E:84:84:65:5B:50:24:87:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/etB83meC_U_FaIV-hIRlW1AkhxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c95baf-01b8-479f-90bd-05a1d5cb8eeb/1/5QUGHPk-o58ouOZ4ONwhM-qpk-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c95baf-01b8-479f-90bd-05a1d5cb8eeb/1/etB83meC_U_FaIV-hIRlW1AkhxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:c6:5d:7f:35:0b:10:11:0f:3e:45:81:0b:ec:a1:2d:78:14:
         46:df:77:a2:d3:9e:31:40:82:0a:cc:f8:45:15:80:ea:56:48:
         9c:86:a1:6c:a8:15:c4:0c:0a:f8:18:02:c8:35:1b:46:05:50:
         d2:75:3d:cc:da:56:1b:10:71:06:4d:d9:96:a4:9a:3b:43:3b:
         48:de:57:ee:99:ce:c6:0f:06:89:d9:6f:39:54:12:6f:9e:ae:
         9e:32:b4:71:88:ce:09:c4:63:ea:2e:98:2e:94:39:4f:a4:43:
         12:60:60:19:04:4b:48:41:74:64:8a:57:36:fb:ce:28:a1:12:
         ed:52:f7:bb:57:93:6a:2c:85:79:05:5c:62:31:e2:66:c1:e4:
         88:9e:1b:22:08:d7:e6:82:e4:47:31:5e:42:58:d6:5e:a2:35:
         17:6c:b6:8b:89:cb:41:00:d3:11:66:15:ab:ab:7e:4f:54:87:
         ea:14:fa:bc:c5:c5:81:8f:84:5b:8b:c0:9f:2d:02:1e:a4:9f:
         6d:98:7e:c6:1c:17:1d:c0:b3:f5:cc:c5:cc:f1:cf:7a:a5:b8:
         c3:80:21:0e:14:f8:30:37:09:ef:b7:c6:2c:a6:ff:65:bb:6e:
         d9:e7:bf:39:ea:d0:8f:20:ce:6a:2f:81:fd:54:55:a4:b0:79:
         9a:ad:7b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBtKM2T1ckFF7N0wHZzxr9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZDA3Y2RlNjc4MmZkNGZjNTY4ODU3ZTg0ODQ2NTViNTAy
NDg3MTAwHhcNMjQwNzAxMDcxODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA1MDYxY2Y5M2VhMzlmMjhiOGU2NzgzOGRjMjEzM2VhYTk5M2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsalUxIBa2dM3kuhds/H6l9If4DbF
2Te551X5k7v019USKSJhAHpczB2Ba7HVQmVlAThz2vrL5etYhlVXsEdN583ocPMg
4O+Z/8vFCviLXQdMyEmqm+bumk78rEaxRIEsMp6Ok0T0uejjbRgqFj3jtvHZ+Pj3
8tsJItGctfHBCENaTzpUDkv3Y5M4vs6+PWxZa1ibzlKs4DIqd0B9VL51CdCnpP4p
OTmhZKviPM9ssFb6zvzQGSIewuuCP6jzHEcCS/p8FdgWGBKuV88LzXrmt4gY61y8
+JZ5nNlBWrJqbbmob1LjRtXNaukhJnUO8x1AOzNgnwydSPlkLZrHn3HMZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUFBhz5PqOfKLjmeDjcITPqqZPmMB8GA1UdIwQY
MBaAFHrQfN5ngv1PxWiFfoSEZVtQJIcQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXRCODNtZUNfVV9GYUlWLWhJUmxXMUFraHhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jOTViYWYtMDFiOC00NzlmLTkwYmQt
MDVhMWQ1Y2I4ZWViLzEvNVFVR0hQay1vNThvdU9aNE9Od2hNLXFway1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jOTViYWYtMDFiOC00NzlmLTkwYmQtMDVhMWQ1Y2I4ZWVi
LzEvZXRCODNtZUNfVV9GYUlWLWhJUmxXMUFraHhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFwAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1xl1/NQsQEQ8+RYEL7KEteBRG33ei054xQIIKzPhF
FYDqVkichqFsqBXEDAr4GALINRtGBVDSdT3M2lYbEHEGTdmWpJo7QztI3lfumc7G
DwaJ2W85VBJvnq6eMrRxiM4JxGPqLpgulDlPpEMSYGAZBEtIQXRkilc2+84ooRLt
Uve7V5NqLIV5BVxiMeJmweSInhsiCNfmguRHMV5CWNZeojUXbLaLictBANMRZhWr
q35PVIfqFPq8xcWBj4Rbi8CfLQIepJ9tmH7GHBcdwLP1zMXM8c96pbjDgCEOFPgw
Nwnvt8Yspv9lu27Z57856tCPIM5qL4H9VFWksHmarXtu
-----END CERTIFICATE-----