Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/RCUtTKBPBoSKR2wwa8B0W47XWEM.roa
File:                     RCUtTKBPBoSKR2wwa8B0W47XWEM.roa (raw, json)
Hash identifier:          AEJlL4bhsHAgCbizEJxDPTW1T7XXa+3+vQvB/un6vPo=
Subject key identifier:   44:25:2D:4C:A0:4F:06:84:8A:47:6C:30:6B:C0:74:5B:8E:D7:58:43
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       019423D7809BEC954CEA12E05EB571D573BF
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/RCUtTKBPBoSKR2wwa8B0W47XWEM.roa
Signing time:             Wed 01 Jan 2025 21:48:33 +0000
ROA not before:           Wed 01 Jan 2025 21:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203446
IP address blocks:        92.242.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:80:9b:ec:95:4c:ea:12:e0:5e:b5:71:d5:73:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: Jan  1 21:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44252d4ca04f06848a476c306bc0745b8ed75843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b5:bb:94:33:8f:91:00:95:e0:74:30:6b:3a:
                    4c:b6:36:ff:0c:d5:ad:6e:0f:cc:b7:d4:a3:6f:93:
                    42:05:3a:d4:d7:65:bb:8a:93:d3:dd:62:81:6a:e4:
                    29:27:b2:56:62:e4:e8:51:10:1e:1a:6a:a6:26:ba:
                    7e:61:d0:64:0b:11:3a:bc:73:be:05:4f:af:88:c9:
                    f8:df:5a:1f:49:92:f1:47:6f:d5:30:c1:ae:80:1b:
                    af:27:7d:6a:e4:e7:13:64:28:f9:dc:ee:c1:a0:40:
                    27:e7:6f:05:9e:08:83:f9:8e:43:b7:98:66:b0:3b:
                    30:07:6e:75:1e:99:a0:8e:7a:a8:d7:5b:9b:80:fa:
                    93:bb:e1:38:f5:df:3c:93:8c:ea:18:50:fb:c6:c5:
                    38:e9:f6:b5:ba:42:e0:f4:cb:ac:bf:0d:2d:3b:57:
                    7b:6b:cb:5e:bc:ba:32:cc:2d:d1:fb:60:ae:de:34:
                    d1:5f:41:ac:cb:4b:ae:b5:7e:9e:7a:5b:18:cd:73:
                    5d:72:a8:51:7c:3e:83:98:42:9f:22:f4:0c:07:7e:
                    7b:96:fd:f6:79:46:95:99:69:5b:c9:71:2c:e2:d1:
                    9e:1c:4e:8c:31:4b:17:f9:10:7b:55:6c:d0:f6:88:
                    4d:fd:85:4e:94:ac:dc:98:10:8d:cc:9f:b9:55:25:
                    a5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:25:2D:4C:A0:4F:06:84:8A:47:6C:30:6B:C0:74:5B:8E:D7:58:43
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/RCUtTKBPBoSKR2wwa8B0W47XWEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:62:87:94:ca:f3:02:b7:03:02:1e:d0:05:36:94:72:c9:ff:
         a7:f9:17:a5:ba:04:21:46:27:bf:09:92:ae:ac:0b:a8:6c:52:
         3b:1f:b2:1d:53:d8:38:c9:89:d9:2c:ba:d2:87:ee:e5:19:a1:
         6e:6f:06:5b:3f:57:24:50:ec:f2:b2:e5:91:90:80:10:5f:c2:
         b4:c5:5e:43:05:04:e2:5d:c5:b5:26:19:c4:a5:d9:8d:ef:e7:
         4e:a4:58:a0:ba:80:56:28:31:24:93:40:dd:e1:48:de:65:85:
         92:8f:21:87:b4:a7:cd:b2:48:5c:c0:4b:3f:6f:68:e8:16:ac:
         63:a0:97:09:b5:c9:7e:c7:2e:92:52:15:98:8a:94:eb:7f:4a:
         1b:8b:92:a1:c8:5f:3d:f6:eb:73:0c:6f:31:4c:5b:a8:a9:5a:
         72:ba:df:dd:19:da:c6:47:d4:b1:26:e0:a1:2c:3e:a6:01:d2:
         5e:31:fe:e1:5e:11:5a:80:b2:e5:74:85:27:d6:59:50:90:1d:
         d2:56:fc:21:ed:91:31:02:f3:2d:78:37:ea:96:6a:e5:68:12:
         d7:75:99:b1:58:37:e8:43:33:9e:07:72:3b:74:e5:1c:e8:cf:
         c5:1b:65:e5:74:51:a9:24:b7:f5:79:60:88:82:50:22:3f:83:
         d4:b3:35:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj14Cb7JVM6hLgXrVx1XO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjUwMTAxMjE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDI1MmQ0Y2EwNGYwNjg0OGE0NzZjMzA2YmMwNzQ1YjhlZDc1ODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLW7lDOPkQCV4HQwazpMtjb/DNWt
bg/Mt9Sjb5NCBTrU12W7ipPT3WKBauQpJ7JWYuToURAeGmqmJrp+YdBkCxE6vHO+
BU+viMn431ofSZLxR2/VMMGugBuvJ31q5OcTZCj53O7BoEAn528FngiD+Y5Dt5hm
sDswB251Hpmgjnqo11ubgPqTu+E49d88k4zqGFD7xsU46fa1ukLg9Musvw0tO1d7
a8tevLoyzC3R+2Cu3jTRX0Gsy0uutX6eelsYzXNdcqhRfD6DmEKfIvQMB357lv32
eUaVmWlbyXEs4tGeHE6MMUsX+RB7VWzQ9ohN/YVOlKzcmBCNzJ+5VSWl2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQlLUygTwaEikdsMGvAdFuO11hDMB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvUkNVdFRLQlBCb1NLUjJ3d2E4QjBXNDdYV0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPKmMA0G
CSqGSIb3DQEBCwUAA4IBAQBmYoeUyvMCtwMCHtAFNpRyyf+n+RelugQhRie/CZKu
rAuobFI7H7IdU9g4yYnZLLrSh+7lGaFubwZbP1ckUOzysuWRkIAQX8K0xV5DBQTi
XcW1JhnEpdmN7+dOpFiguoBWKDEkk0Dd4UjeZYWSjyGHtKfNskhcwEs/b2joFqxj
oJcJtcl+xy6SUhWYipTrf0obi5KhyF899utzDG8xTFuoqVpyut/dGdrGR9SxJuCh
LD6mAdJeMf7hXhFagLLldIUn1llQkB3SVvwh7ZExAvMteDfqlmrlaBLXdZmxWDfo
QzOeB3I7dOUc6M/FG2XldFGpJLf1eWCIglAiP4PUszV4
-----END CERTIFICATE-----