Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/sVY6mrM4u5PvskO5kRvvAZ2Yyn0.roa
File:                     sVY6mrM4u5PvskO5kRvvAZ2Yyn0.roa (raw, json)
Hash identifier:          E31S4MRhR3nbrG0HQYHLrF++ONtRw4D2uekZGsUpoZ4=
Subject key identifier:   B1:56:3A:9A:B3:38:BB:93:EF:B2:43:B9:91:1B:EF:01:9D:98:CA:7D
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       018E4205925329A02C0D67F54B2422CB0899
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/sVY6mrM4u5PvskO5kRvvAZ2Yyn0.roa
Signing time:             Fri 15 Mar 2024 12:10:45 +0000
ROA not before:           Fri 15 Mar 2024 12:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        92.60.74.0/24 maxlen: 24
                          92.60.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:05:92:53:29:a0:2c:0d:67:f5:4b:24:22:cb:08:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Mar 15 12:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1563a9ab338bb93efb243b9911bef019d98ca7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fa:6e:74:37:57:2d:88:4e:55:74:81:d1:5d:
                    11:c5:bf:01:0c:92:c3:28:1b:c6:68:7f:06:91:28:
                    53:98:5a:08:90:51:18:c4:9c:9c:7b:d3:83:30:41:
                    92:26:32:28:1b:c7:32:3c:97:68:4f:75:d8:9c:1c:
                    ec:2c:b6:58:f1:f7:bf:14:f7:00:e0:91:a6:65:e1:
                    e4:80:a1:69:06:39:34:59:0a:56:9d:7d:f2:10:b8:
                    8c:4d:7a:53:e3:15:df:b1:5a:74:7b:89:e7:4b:04:
                    0a:99:dc:90:66:11:e1:52:26:c3:5c:4b:83:bf:1c:
                    56:8f:69:fb:c1:47:c3:65:6e:9d:e3:fa:4e:27:31:
                    31:3c:06:f7:68:77:e8:fa:db:c8:8f:e5:fd:99:70:
                    03:72:a1:c3:36:e2:a4:4f:2f:02:0a:56:12:b2:ed:
                    a4:f4:19:1d:a7:0f:c8:9d:8c:66:71:71:20:95:fe:
                    37:aa:33:2c:5c:83:79:8a:cd:14:77:dd:ab:65:ba:
                    5f:29:0e:39:d0:31:a9:34:37:24:46:94:ad:64:83:
                    13:c5:94:10:69:97:bf:4b:95:05:63:2e:00:3f:8e:
                    7e:42:64:c6:30:15:3b:ba:54:ab:67:ee:e1:98:75:
                    b0:0c:24:68:39:a2:58:ac:38:85:c0:b6:cb:4c:a0:
                    05:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:56:3A:9A:B3:38:BB:93:EF:B2:43:B9:91:1B:EF:01:9D:98:CA:7D
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/sVY6mrM4u5PvskO5kRvvAZ2Yyn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:88:d8:5d:c5:c8:21:b1:ce:cc:54:ca:81:fb:f3:4b:bf:dc:
         58:df:0a:c0:c4:9b:85:ff:b5:85:29:f9:2e:80:87:85:31:fc:
         de:1f:76:69:91:c2:ed:df:95:25:76:0e:fa:bb:e6:42:62:f7:
         62:51:ae:e4:ef:84:85:db:2f:b0:91:17:47:a8:d9:24:79:7a:
         c7:0a:92:d5:41:7b:06:f9:5b:23:81:d4:31:b5:dc:38:5b:12:
         e6:fc:9e:0d:70:d4:7c:62:a4:40:57:01:d0:8e:75:28:43:e0:
         83:25:c4:4c:76:32:e2:8d:de:29:13:f9:ca:9a:98:26:6b:19:
         0e:c8:71:3b:fa:e7:e9:28:7d:9e:07:cd:f5:76:1a:17:bf:28:
         ce:b7:e5:aa:b2:e1:13:71:45:26:e3:72:40:83:bc:c9:3c:d9:
         a5:83:fb:9f:7a:32:3f:e4:08:ab:90:70:89:84:14:17:82:40:
         a9:a1:90:3c:be:38:b2:0d:7f:3b:e0:24:f9:22:cc:e5:3a:99:
         2a:45:01:89:03:a7:d2:3d:fd:44:be:0d:05:ef:d8:fc:a2:0b:
         42:98:0a:6a:ea:db:9b:fd:bc:79:a8:26:51:d5:58:08:29:ad:
         a8:3d:00:b9:e6:3a:35:2f:ee:f7:49:c9:a4:16:b7:51:9a:7b:
         96:56:75:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5CBZJTKaAsDWf1SyQiywiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjQwMzE1MTIxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU2M2E5YWIzMzhiYjkzZWZiMjQzYjk5MTFiZWYwMTlkOThjYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/pudDdXLYhOVXSB0V0Rxb8BDJLD
KBvGaH8GkShTmFoIkFEYxJyce9ODMEGSJjIoG8cyPJdoT3XYnBzsLLZY8fe/FPcA
4JGmZeHkgKFpBjk0WQpWnX3yELiMTXpT4xXfsVp0e4nnSwQKmdyQZhHhUibDXEuD
vxxWj2n7wUfDZW6d4/pOJzExPAb3aHfo+tvIj+X9mXADcqHDNuKkTy8CClYSsu2k
9Bkdpw/InYxmcXEglf43qjMsXIN5is0Ud92rZbpfKQ450DGpNDckRpStZIMTxZQQ
aZe/S5UFYy4AP45+QmTGMBU7ulSrZ+7hmHWwDCRoOaJYrDiFwLbLTKAFDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFWOpqzOLuT77JDuZEb7wGdmMp9MB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvc1ZZNm1yTTR1NVB2c2tPNWtSdnZBWjJZeW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDxKMA0G
CSqGSIb3DQEBCwUAA4IBAQAsiNhdxcghsc7MVMqB+/NLv9xY3wrAxJuF/7WFKfku
gIeFMfzeH3ZpkcLt35Uldg76u+ZCYvdiUa7k74SF2y+wkRdHqNkkeXrHCpLVQXsG
+VsjgdQxtdw4WxLm/J4NcNR8YqRAVwHQjnUoQ+CDJcRMdjLijd4pE/nKmpgmaxkO
yHE7+ufpKH2eB831dhoXvyjOt+WqsuETcUUm43JAg7zJPNmlg/ufejI/5AirkHCJ
hBQXgkCpoZA8vjiyDX874CT5IszlOpkqRQGJA6fSPf1Evg0F79j8ogtCmApq6tub
/bx5qCZR1VgIKa2oPQC55jo1L+73ScmkFrdRmnuWVnUu
-----END CERTIFICATE-----