Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/UzREirAX6VmQnwWkmTPQnJ3DujY.roa
File:                     UzREirAX6VmQnwWkmTPQnJ3DujY.roa (raw, json)
Hash identifier:          tgy1GhN4Whlbtw53NmX5bwyInXLrh728rMVnn33TByE=
Subject key identifier:   53:34:44:8A:B0:17:E9:59:90:9F:05:A4:99:33:D0:9C:9D:C3:BA:36
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       019150329C3903E2F76526CC5F9B710E30DF
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/UzREirAX6VmQnwWkmTPQnJ3DujY.roa
Signing time:             Wed 14 Aug 2024 09:22:59 +0000
ROA not before:           Wed 14 Aug 2024 09:22:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        92.60.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:50:32:9c:39:03:e2:f7:65:26:cc:5f:9b:71:0e:30:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Aug 14 09:22:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5334448ab017e959909f05a49933d09c9dc3ba36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:40:6d:31:e0:18:05:10:f1:83:61:97:94:05:
                    0c:ef:6a:b6:e0:3b:b5:b2:9a:96:fa:da:7c:8f:05:
                    92:80:e8:6c:02:3d:a4:59:fc:00:85:a9:06:bf:af:
                    8d:35:ab:ab:c6:fa:9d:66:62:6f:e6:c2:3e:d0:30:
                    5d:54:d1:82:d8:e3:e9:ba:e9:71:d5:a8:1d:c2:38:
                    24:f9:ca:93:d2:16:5e:0f:28:f6:40:74:63:f3:67:
                    96:94:b1:17:b4:78:63:3c:c7:64:bf:5b:2d:d4:2f:
                    ba:55:f5:23:f0:7b:52:65:3b:4f:a1:27:71:f7:7d:
                    05:4e:01:95:e2:01:c8:af:87:7b:6b:0e:f6:1f:e7:
                    bf:b4:d3:76:15:2b:93:de:7e:da:c0:3f:e5:07:a2:
                    84:84:74:4e:1e:fe:29:ce:d1:bd:ee:5a:58:70:47:
                    b5:34:86:6d:18:03:29:11:75:f6:02:c8:6f:a2:a0:
                    c6:da:5c:8e:38:5e:08:e7:42:fd:38:12:7a:b5:4f:
                    a1:3f:cb:ef:9f:da:2c:5c:73:f0:1c:da:32:93:ca:
                    5d:e1:74:9b:bb:b6:b1:9a:79:cd:0a:6c:cd:55:48:
                    d8:f8:ef:73:19:f4:f3:c3:c5:0a:0e:76:b3:ec:eb:
                    12:a3:1d:8f:3b:e1:fb:ad:25:3b:94:d9:94:65:9c:
                    2d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:34:44:8A:B0:17:E9:59:90:9F:05:A4:99:33:D0:9C:9D:C3:BA:36
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/UzREirAX6VmQnwWkmTPQnJ3DujY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:03:e0:22:df:81:40:9a:c1:52:c7:dc:f8:06:fd:0e:c7:13:
         00:b3:ac:35:27:1c:85:ba:9b:d9:84:80:65:96:87:20:62:38:
         42:46:54:7d:d9:ad:5a:ed:e1:8a:c7:72:ab:77:02:41:d9:75:
         e1:27:28:63:bc:3f:af:f8:88:2a:16:20:b9:c1:bb:6f:cc:2c:
         f9:ac:ab:f4:eb:5a:de:21:69:90:5c:fe:c3:fe:e9:f0:d0:06:
         51:78:a5:31:97:67:ce:bd:12:ae:4b:ed:3e:16:99:d6:2c:66:
         54:59:2c:22:15:18:b6:4e:7a:74:b1:b3:4e:60:d8:6f:a2:64:
         49:3f:7f:4f:f5:45:ae:b4:30:4f:b2:10:f4:86:a3:db:77:9c:
         1a:ac:fd:d4:ff:d3:b0:65:e3:44:77:b4:66:87:a8:cd:c7:10:
         d3:6b:60:e1:a9:f4:d0:b6:9f:f5:6c:f9:7a:58:96:80:57:f4:
         cf:40:c1:8d:d3:22:4f:b0:06:96:34:7b:ae:28:1c:5e:af:83:
         a9:ea:f8:49:a9:cc:12:30:a2:93:0b:b5:75:5e:f8:f7:2e:1d:
         f5:f6:63:d9:d1:c7:2d:57:a2:37:df:52:83:50:8e:14:d8:ce:
         a5:85:86:f8:dc:c7:ff:a3:bc:41:55:be:d0:69:5a:95:a5:31:
         10:96:aa:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFQMpw5A+L3ZSbMX5txDjDfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjQwODE0MDkyMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzM0NDQ4YWIwMTdlOTU5OTA5ZjA1YTQ5OTMzZDA5YzlkYzNiYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUBtMeAYBRDxg2GXlAUM72q24Du1
spqW+tp8jwWSgOhsAj2kWfwAhakGv6+NNaurxvqdZmJv5sI+0DBdVNGC2OPpuulx
1agdwjgk+cqT0hZeDyj2QHRj82eWlLEXtHhjPMdkv1st1C+6VfUj8HtSZTtPoSdx
930FTgGV4gHIr4d7aw72H+e/tNN2FSuT3n7awD/lB6KEhHROHv4pztG97lpYcEe1
NIZtGAMpEXX2AshvoqDG2lyOOF4I50L9OBJ6tU+hP8vvn9osXHPwHNoyk8pd4XSb
u7axmnnNCmzNVUjY+O9zGfTzw8UKDnaz7OsSox2PO+H7rSU7lNmUZZwt8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFM0RIqwF+lZkJ8FpJkz0Jydw7o2MB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvVXpSRWlyQVg2Vm1RbndXa21UUFFuSjNEdWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDxOMA0G
CSqGSIb3DQEBCwUAA4IBAQCHA+Ai34FAmsFSx9z4Bv0OxxMAs6w1JxyFupvZhIBl
locgYjhCRlR92a1a7eGKx3KrdwJB2XXhJyhjvD+v+IgqFiC5wbtvzCz5rKv061re
IWmQXP7D/unw0AZReKUxl2fOvRKuS+0+FpnWLGZUWSwiFRi2Tnp0sbNOYNhvomRJ
P39P9UWutDBPshD0hqPbd5warP3U/9OwZeNEd7Rmh6jNxxDTa2DhqfTQtp/1bPl6
WJaAV/TPQMGN0yJPsAaWNHuuKBxer4Op6vhJqcwSMKKTC7V1Xvj3Lh319mPZ0cct
V6I331KDUI4U2M6lhYb43Mf/o7xBVb7QaVqVpTEQlqr9
-----END CERTIFICATE-----