Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/YHeQEmUnPn9Hp2jfml5glLi-6xc.roa
File:                     YHeQEmUnPn9Hp2jfml5glLi-6xc.roa (raw, json)
Hash identifier:          KV/DxZuKL1I3zwMpkKGlLjGO/BeuqgyO21MAxrYFHAE=
Subject key identifier:   60:77:90:12:65:27:3E:7F:47:A7:68:DF:9A:5E:60:94:B8:BE:EB:17
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01906D9CEADA50B14F249DF71F9F8D07016A
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/YHeQEmUnPn9Hp2jfml5glLi-6xc.roa
Signing time:             Mon 01 Jul 2024 09:25:18 +0000
ROA not before:           Mon 01 Jul 2024 09:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62213
IP address blocks:        92.55.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:9c:ea:da:50:b1:4f:24:9d:f7:1f:9f:8d:07:01:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jul  1 09:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6077901265273e7f47a768df9a5e6094b8beeb17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:60:75:df:13:e0:88:b5:b5:df:94:25:5c:
                    b4:5a:eb:25:e9:70:58:66:f3:ac:bc:76:bc:11:cd:
                    d9:c7:87:5a:78:66:79:ed:28:a0:18:31:01:bb:ca:
                    7f:a5:f6:05:28:8f:a5:5a:86:23:7e:bd:e4:ac:96:
                    86:fb:e0:85:ce:e4:33:59:68:11:ca:9d:d2:fc:77:
                    ef:a6:f2:ac:57:b6:e8:d7:5c:6b:70:ea:f2:ae:df:
                    9e:74:b3:40:c7:35:ea:cf:ef:78:57:25:7e:8f:19:
                    a8:cc:ad:24:de:16:ce:12:13:bc:68:5b:3c:02:20:
                    00:bc:eb:a5:2d:0b:2b:e6:23:2d:65:20:3f:d0:3c:
                    f3:b2:ac:a0:3c:09:18:de:54:95:03:ef:d3:9b:34:
                    e7:38:14:a8:cf:71:d6:7a:e9:4a:52:32:21:6e:96:
                    05:cc:23:52:16:c6:5d:b8:da:c8:fa:06:a8:01:d5:
                    ff:25:30:55:67:c1:fe:2e:50:63:61:69:f3:6a:f7:
                    c5:85:7f:57:6b:0f:ce:0b:dc:1c:df:08:d8:a7:50:
                    33:d3:d6:71:de:13:6e:a3:0a:8b:e2:39:f1:b7:d5:
                    81:c6:05:8b:33:d8:73:82:60:8e:b1:ae:9f:24:3e:
                    85:54:75:e2:d0:51:b1:3f:c8:03:f0:23:af:dc:99:
                    d7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:77:90:12:65:27:3E:7F:47:A7:68:DF:9A:5E:60:94:B8:BE:EB:17
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/YHeQEmUnPn9Hp2jfml5glLi-6xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:89:40:23:88:cf:1c:81:b8:07:88:eb:fe:87:62:4d:b3:e4:
         e7:58:21:73:52:1a:03:ce:c7:8e:7b:6e:0b:8f:06:f8:10:b9:
         f0:2d:b8:e0:f4:46:5a:ed:ba:32:21:02:fb:1f:3d:96:66:f5:
         9e:ce:cb:53:bb:fe:0f:4d:78:de:63:37:13:8f:0f:c6:1f:42:
         9f:8d:55:c5:55:c5:ac:b5:f1:36:c4:e5:64:7e:00:df:ed:49:
         6b:33:09:7f:a3:9d:aa:17:a9:47:7f:b1:f2:42:e5:12:47:96:
         15:0b:ce:6d:0a:f4:d1:aa:4a:13:02:75:0b:50:02:91:10:46:
         fb:b4:79:0c:db:01:07:46:a4:59:fb:69:78:b1:69:ba:bc:eb:
         fe:c6:ec:29:b8:cd:a9:39:5c:31:55:c8:15:75:1f:c5:25:f9:
         d1:ec:a8:f6:75:5b:59:45:6c:22:01:89:18:9f:61:6b:fb:a1:
         7f:df:40:60:85:d6:4d:a3:70:4c:45:c7:3a:92:36:7a:38:5d:
         f2:c9:5c:01:6d:52:c3:66:63:7c:36:4a:d8:59:79:48:0e:b2:
         48:ec:ed:16:a2:ac:2b:a4:45:9d:bf:ab:27:fd:e7:33:46:d7:
         70:66:10:60:6a:49:05:d2:27:b5:60:1c:09:d2:25:c2:41:ed:
         98:5c:9a:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBtnOraULFPJJ33H5+NBwFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwNzAxMDkyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc3OTAxMjY1MjczZTdmNDdhNzY4ZGY5YTVlNjA5NGI4YmVlYjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkhgdd8T4Ii1td+UJVy0Wusl6XBY
ZvOsvHa8Ec3Zx4daeGZ57SigGDEBu8p/pfYFKI+lWoYjfr3krJaG++CFzuQzWWgR
yp3S/HfvpvKsV7bo11xrcOryrt+edLNAxzXqz+94VyV+jxmozK0k3hbOEhO8aFs8
AiAAvOulLQsr5iMtZSA/0DzzsqygPAkY3lSVA+/TmzTnOBSoz3HWeulKUjIhbpYF
zCNSFsZduNrI+gaoAdX/JTBVZ8H+LlBjYWnzavfFhX9Xaw/OC9wc3wjYp1Az09Zx
3hNuowqL4jnxt9WBxgWLM9hzgmCOsa6fJD6FVHXi0FGxP8gD8COv3JnXyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB3kBJlJz5/R6do35peYJS4vusXMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvWUhlUUVtVW5QbjlIcDJqZm1sNWdsTGktNnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDfOMA0G
CSqGSIb3DQEBCwUAA4IBAQBhiUAjiM8cgbgHiOv+h2JNs+TnWCFzUhoDzseOe24L
jwb4ELnwLbjg9EZa7boyIQL7Hz2WZvWezstTu/4PTXjeYzcTjw/GH0KfjVXFVcWs
tfE2xOVkfgDf7UlrMwl/o52qF6lHf7HyQuUSR5YVC85tCvTRqkoTAnULUAKREEb7
tHkM2wEHRqRZ+2l4sWm6vOv+xuwpuM2pOVwxVcgVdR/FJfnR7Kj2dVtZRWwiAYkY
n2Fr+6F/30BghdZNo3BMRcc6kjZ6OF3yyVwBbVLDZmN8NkrYWXlIDrJI7O0Woqwr
pEWdv6sn/eczRtdwZhBgakkF0ie1YBwJ0iXCQe2YXJqd
-----END CERTIFICATE-----