Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/G_07xGG_d_NvtW7W9eG7k3fYCv0.roa
File:                     G_07xGG_d_NvtW7W9eG7k3fYCv0.roa (raw, json)
Hash identifier:          0eZUQY5U5Xrpw23pxnWOvfqfETTV4lw8E1Uegc5TkQE=
Subject key identifier:   1B:FD:3B:C4:61:BF:77:F3:6F:B5:6E:D6:F5:E1:BB:93:77:D8:0A:FD
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       018CC500FFBA5FE61CFAAFD2F326BA8EC1E3
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/G_07xGG_d_NvtW7W9eG7k3fYCv0.roa
Signing time:             Mon 01 Jan 2024 12:30:26 +0000
ROA not before:           Mon 01 Jan 2024 12:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208685
IP address blocks:        92.60.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ff:ba:5f:e6:1c:fa:af:d2:f3:26:ba:8e:c1:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bfd3bc461bf77f36fb56ed6f5e1bb9377d80afd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3b:f2:93:7f:16:2b:0c:78:db:34:82:9e:35:
                    96:8d:13:19:e8:13:a3:c2:ce:e3:8a:83:ce:8d:78:
                    c1:70:69:ca:17:76:73:92:97:b4:e8:e4:38:40:da:
                    e5:75:65:04:82:73:57:fe:57:37:4c:e4:df:22:d3:
                    0d:b2:e8:26:a2:42:90:5d:37:8d:9a:5d:ab:f6:fd:
                    e2:dc:17:e8:84:7a:22:c0:e9:6b:5d:c4:8c:7c:4e:
                    f1:23:43:7a:36:fd:c4:66:c2:c6:f2:6d:2b:7e:44:
                    30:d3:6c:12:7d:d3:cf:7e:23:5b:bc:1f:de:1b:7c:
                    25:71:f2:b5:5f:b0:86:24:31:dc:47:f3:62:ec:41:
                    fe:4c:3b:04:65:32:c5:2a:9d:c4:ed:cb:41:25:60:
                    e6:d0:80:92:07:b0:e5:85:1e:84:d7:9e:a0:28:63:
                    c9:28:59:b2:e1:a4:1e:21:77:6a:59:09:63:25:1e:
                    ce:3c:6c:d7:97:4c:7f:45:1d:0b:42:58:fc:44:64:
                    16:ea:09:94:fc:ed:a1:7b:b6:e9:f9:6b:ae:06:83:
                    a2:db:37:94:25:c3:9e:18:3c:28:e2:8e:54:c1:fc:
                    bf:2e:af:c3:8d:5d:c4:cb:6b:42:0e:b3:22:8d:20:
                    af:be:99:a8:8e:38:d9:ea:eb:57:d2:63:b8:12:bc:
                    be:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FD:3B:C4:61:BF:77:F3:6F:B5:6E:D6:F5:E1:BB:93:77:D8:0A:FD
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/G_07xGG_d_NvtW7W9eG7k3fYCv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:0c:ee:2c:5f:02:46:03:4f:ff:6d:5c:88:a1:12:0e:50:dc:
         f6:40:f1:cc:fc:1e:d7:9c:7b:a2:c4:a4:af:16:52:9f:ce:42:
         4a:24:8d:dc:01:d3:7f:0d:73:44:e4:3d:d8:35:b2:87:25:6f:
         f7:66:5f:40:86:c4:94:34:a5:62:92:cb:e4:90:14:7a:e3:3f:
         38:ec:3d:cd:6f:8a:d5:db:49:2b:18:8b:3d:13:fd:10:ce:8f:
         b4:c7:e0:18:9f:5d:62:43:71:59:c3:d7:48:45:83:8a:07:7b:
         45:dd:5f:31:fb:1c:09:52:24:b7:5b:f4:24:15:5c:ab:85:e0:
         7a:f3:e6:85:23:0b:c1:c1:01:58:d3:ec:7c:07:96:d6:09:61:
         87:60:3b:fd:60:2c:e9:bf:fa:32:7c:5f:4e:d1:cb:d1:11:7e:
         8b:88:ed:ac:ae:30:f6:72:0e:fd:df:1e:32:7c:dd:cf:16:15:
         f4:75:f7:5c:ba:c1:df:8d:e0:74:48:d0:05:13:57:c8:19:98:
         14:cf:b1:fc:98:83:15:e6:c0:b2:30:b2:01:70:13:3f:9c:67:
         e8:8b:71:7b:d4:5b:2b:08:e7:33:66:5c:6c:b2:38:b8:9a:9e:
         f0:4a:49:34:5c:83:9f:a1:ba:14:ee:69:d4:94:dd:b8:5d:6b:
         10:6d:e0:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAP+6X+Yc+q/S8ya6jsHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZkM2JjNDYxYmY3N2YzNmZiNTZlZDZmNWUxYmI5Mzc3ZDgwYWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTvyk38WKwx42zSCnjWWjRMZ6BOj
ws7jioPOjXjBcGnKF3Zzkpe06OQ4QNrldWUEgnNX/lc3TOTfItMNsugmokKQXTeN
ml2r9v3i3BfohHoiwOlrXcSMfE7xI0N6Nv3EZsLG8m0rfkQw02wSfdPPfiNbvB/e
G3wlcfK1X7CGJDHcR/Ni7EH+TDsEZTLFKp3E7ctBJWDm0ICSB7DlhR6E156gKGPJ
KFmy4aQeIXdqWQljJR7OPGzXl0x/RR0LQlj8RGQW6gmU/O2he7bp+WuuBoOi2zeU
JcOeGDwo4o5Uwfy/Lq/DjV3Ey2tCDrMijSCvvpmojjjZ6utX0mO4Ery+NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBv9O8Rhv3fzb7Vu1vXhu5N32Ar9MB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvR18wN3hHR19kX052dFc3VzllRzdrM2ZZQ3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDxIMA0G
CSqGSIb3DQEBCwUAA4IBAQBrDO4sXwJGA0//bVyIoRIOUNz2QPHM/B7XnHuixKSv
FlKfzkJKJI3cAdN/DXNE5D3YNbKHJW/3Zl9AhsSUNKViksvkkBR64z847D3Nb4rV
20krGIs9E/0Qzo+0x+AYn11iQ3FZw9dIRYOKB3tF3V8x+xwJUiS3W/QkFVyrheB6
8+aFIwvBwQFY0+x8B5bWCWGHYDv9YCzpv/oyfF9O0cvREX6LiO2srjD2cg793x4y
fN3PFhX0dfdcusHfjeB0SNAFE1fIGZgUz7H8mIMV5sCyMLIBcBM/nGfoi3F71Fsr
COczZlxssji4mp7wSkk0XIOfoboU7mnUlN24XWsQbeC3
-----END CERTIFICATE-----