Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/mtXjkoNsjOecpPrG9MvyHSxZj9k.roa
File:                     mtXjkoNsjOecpPrG9MvyHSxZj9k.roa (raw, json)
Hash identifier:          1+0a7cz59y/3QGzur+pjOByjG5tnx2XtIsg6z6xDduQ=
Subject key identifier:   9A:D5:E3:92:83:6C:8C:E7:9C:A4:FA:C6:F4:CB:F2:1D:2C:59:8F:D9
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01906D9CEB4CCCE15A124A851E756A1AC1F6
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/mtXjkoNsjOecpPrG9MvyHSxZj9k.roa
Signing time:             Mon 01 Jul 2024 09:25:18 +0000
ROA not before:           Mon 01 Jul 2024 09:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199761
IP address blocks:        92.55.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:9c:eb:4c:cc:e1:5a:12:4a:85:1e:75:6a:1a:c1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jul  1 09:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ad5e392836c8ce79ca4fac6f4cbf21d2c598fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6c:43:2c:7e:2f:0c:37:d1:db:4a:35:1c:54:
                    c8:86:92:11:2a:3a:cb:03:14:c3:3c:d9:a2:b3:cc:
                    6c:19:2d:c0:b4:1c:77:0a:f1:67:16:f2:91:eb:40:
                    69:fd:6c:60:c2:a7:f2:c5:be:6b:a1:b1:6a:ce:3d:
                    9a:3f:eb:1b:89:e6:a3:c6:15:b7:ef:a7:c3:dd:e7:
                    97:11:46:7f:18:57:88:05:e2:fb:30:a5:e0:5d:c1:
                    e9:8f:fe:ba:4b:04:f3:62:ab:a7:de:b3:54:ae:57:
                    11:a7:7c:df:71:c0:6c:3a:ed:a2:97:84:00:86:b5:
                    6b:0f:d7:59:3b:63:fa:11:8c:10:86:ae:fb:23:bf:
                    c8:c6:79:ab:33:ab:99:41:c0:7e:4d:05:eb:cf:e0:
                    2f:6c:e9:3f:55:92:d7:15:4d:00:ed:6f:fc:bd:16:
                    b8:66:90:a6:f5:5a:52:ad:23:31:31:7f:09:f3:38:
                    95:64:4f:e6:6c:2d:e8:20:6c:e4:c5:84:3f:6c:44:
                    ec:27:07:a7:37:41:75:83:39:b4:a6:76:36:ba:dc:
                    70:82:67:9f:ed:c3:a0:cd:75:20:a2:b1:9c:69:ca:
                    a8:69:97:27:10:57:37:d9:ae:b8:2d:2e:05:5b:02:
                    12:04:6f:cc:38:3b:39:af:55:63:f2:be:cb:4f:71:
                    7a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D5:E3:92:83:6C:8C:E7:9C:A4:FA:C6:F4:CB:F2:1D:2C:59:8F:D9
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/mtXjkoNsjOecpPrG9MvyHSxZj9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:cf:45:55:95:c2:61:3e:73:30:e8:36:4f:98:dc:40:a8:67:
         f3:75:43:65:86:b5:74:1b:f8:29:3c:d2:26:08:09:22:f0:c9:
         4c:3b:f5:73:2a:6f:31:fc:2c:ca:ef:45:5a:ae:98:1b:3e:4b:
         4c:85:a8:9f:53:ef:42:3c:ca:94:9d:5d:4b:f4:19:29:02:5a:
         8e:17:2a:5f:60:41:35:25:14:2f:f8:83:d4:7b:3a:cd:db:a5:
         af:7e:e8:f9:ad:7d:35:a2:80:35:c9:56:59:45:b7:0f:1e:38:
         bb:b2:d4:81:0b:c7:3a:06:ec:63:2e:b3:37:b0:60:a8:81:7f:
         7e:87:a4:bf:69:7a:66:bc:5c:03:6e:45:7c:2a:f8:f3:04:12:
         d3:df:bd:ce:92:e1:b6:a4:0e:23:15:77:c4:97:47:88:b2:c7:
         45:34:eb:9d:6c:2f:8f:52:66:b3:9e:da:df:40:ad:d3:1b:8e:
         d9:1d:83:3b:cc:09:d2:a6:64:32:c9:88:99:a7:80:5f:87:84:
         11:be:44:e5:a3:de:b1:00:ff:27:29:5c:d2:f8:2c:c4:30:7c:
         21:01:16:7d:ae:5b:a4:69:ee:87:cc:35:43:8e:91:b2:85:4d:
         2f:95:32:d0:f5:a3:c2:ee:fc:7c:8d:2e:a2:28:b8:68:6d:67:
         61:95:9d:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBtnOtMzOFaEkqFHnVqGsH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwNzAxMDkyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQ1ZTM5MjgzNmM4Y2U3OWNhNGZhYzZmNGNiZjIxZDJjNTk4ZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGxDLH4vDDfR20o1HFTIhpIRKjrL
AxTDPNmis8xsGS3AtBx3CvFnFvKR60Bp/Wxgwqfyxb5robFqzj2aP+sbieajxhW3
76fD3eeXEUZ/GFeIBeL7MKXgXcHpj/66SwTzYqun3rNUrlcRp3zfccBsOu2il4QA
hrVrD9dZO2P6EYwQhq77I7/IxnmrM6uZQcB+TQXrz+AvbOk/VZLXFU0A7W/8vRa4
ZpCm9VpSrSMxMX8J8ziVZE/mbC3oIGzkxYQ/bETsJwenN0F1gzm0pnY2utxwgmef
7cOgzXUgorGcacqoaZcnEFc32a64LS4FWwISBG/MODs5r1Vj8r7LT3F6/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrV45KDbIznnKT6xvTL8h0sWY/ZMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvbXRYamtvTnNqT2VjcFByRzlNdnlIU3haajlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDfPMA0G
CSqGSIb3DQEBCwUAA4IBAQBuz0VVlcJhPnMw6DZPmNxAqGfzdUNlhrV0G/gpPNIm
CAki8MlMO/VzKm8x/CzK70VarpgbPktMhaifU+9CPMqUnV1L9BkpAlqOFypfYEE1
JRQv+IPUezrN26Wvfuj5rX01ooA1yVZZRbcPHji7stSBC8c6BuxjLrM3sGCogX9+
h6S/aXpmvFwDbkV8KvjzBBLT373OkuG2pA4jFXfEl0eIssdFNOudbC+PUmazntrf
QK3TG47ZHYM7zAnSpmQyyYiZp4Bfh4QRvkTlo96xAP8nKVzS+CzEMHwhARZ9rluk
ae6HzDVDjpGyhU0vlTLQ9aPC7vx8jS6iKLhobWdhlZ2c
-----END CERTIFICATE-----