Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/2d95e7-ba17-477f-89b7-da5f6a658f8b/1/JbI3998fNAziu4acCCWySRwTBl8.roa
File:                     JbI3998fNAziu4acCCWySRwTBl8.roa (raw, json)
Hash identifier:          uVyS+kgzk1gk8yrYfDSL9Oae9ATpCBQl4rC8axvCSzA=
Subject key identifier:   25:B2:37:F7:DF:1F:34:0C:E2:BB:86:9C:08:25:B2:49:1C:13:06:5F
Certificate issuer:       /CN=c8ec7c4a57155ce8dec5b1cd62ffa84017b16f58
Certificate serial:       0192D783E0207A55B2431C0EBBB8FAD9C737
Authority key identifier: C8:EC:7C:4A:57:15:5C:E8:DE:C5:B1:CD:62:FF:A8:40:17:B1:6F:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yOx8SlcVXOjexbHNYv-oQBexb1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/2d95e7-ba17-477f-89b7-da5f6a658f8b/1/JbI3998fNAziu4acCCWySRwTBl8.roa
Signing time:             Tue 29 Oct 2024 09:03:16 +0000
ROA not before:           Tue 29 Oct 2024 09:03:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47447
IP address blocks:        92.42.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/2d95e7-ba17-477f-89b7-da5f6a658f8b/1/yOx8SlcVXOjexbHNYv-oQBexb1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/2d95e7-ba17-477f-89b7-da5f6a658f8b/1/yOx8SlcVXOjexbHNYv-oQBexb1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yOx8SlcVXOjexbHNYv-oQBexb1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:83:e0:20:7a:55:b2:43:1c:0e:bb:b8:fa:d9:c7:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8ec7c4a57155ce8dec5b1cd62ffa84017b16f58
        Validity
            Not Before: Oct 29 09:03:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25b237f7df1f340ce2bb869c0825b2491c13065f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:19:62:76:51:be:16:3d:b9:df:0f:86:8d:2f:
                    8f:db:80:77:9a:c6:f9:4c:82:2b:a4:c4:2c:3f:a5:
                    36:ca:ae:05:41:c4:99:9a:66:59:0e:72:27:1f:a5:
                    c4:ba:39:e7:b0:f1:d6:68:25:8c:e9:89:19:a5:81:
                    a2:c2:86:4c:b4:fd:ae:3d:e9:0a:aa:3c:7a:14:16:
                    10:d0:be:a0:e7:d8:42:11:c1:8e:32:fc:44:ba:03:
                    b5:3f:05:3d:cd:6f:06:b0:91:d4:d7:35:06:e0:01:
                    e5:0b:fe:0c:26:f7:aa:02:f7:f5:87:0a:7d:f4:e4:
                    12:c4:c0:57:b2:22:ca:88:84:60:7c:24:99:12:71:
                    9d:81:1c:68:b3:20:43:27:93:11:cf:6f:c2:d4:e0:
                    d8:b4:78:0c:93:ab:0d:c0:0d:ab:4d:3a:b0:e3:22:
                    d2:07:e9:ba:b2:20:0d:05:99:85:77:84:90:3d:59:
                    7d:dc:fb:d8:d7:fb:6b:da:ab:1c:17:21:16:e8:8e:
                    93:d2:d8:0b:dd:4d:4d:e0:75:4d:06:1f:48:68:25:
                    01:71:c0:83:34:0e:d3:46:fd:f2:d4:22:38:3c:d6:
                    be:30:f0:6a:a7:32:c9:d0:53:15:dd:4d:e2:0a:01:
                    54:53:46:cf:9b:8a:dc:95:a0:49:1f:fb:30:2e:74:
                    60:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B2:37:F7:DF:1F:34:0C:E2:BB:86:9C:08:25:B2:49:1C:13:06:5F
            X509v3 Authority Key Identifier:
                keyid:C8:EC:7C:4A:57:15:5C:E8:DE:C5:B1:CD:62:FF:A8:40:17:B1:6F:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yOx8SlcVXOjexbHNYv-oQBexb1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/2d95e7-ba17-477f-89b7-da5f6a658f8b/1/JbI3998fNAziu4acCCWySRwTBl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/2d95e7-ba17-477f-89b7-da5f6a658f8b/1/yOx8SlcVXOjexbHNYv-oQBexb1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:92:fa:32:ac:09:68:f9:85:fd:e7:ee:bb:75:15:32:70:1e:
         8b:ad:9b:ed:81:d6:8a:52:66:1e:b0:a8:b2:3e:b7:5a:cf:c4:
         ba:9b:b6:2c:e9:f0:5c:e1:2d:65:2d:c8:1a:e9:53:91:c9:94:
         65:03:40:59:41:cc:20:61:7b:a7:e0:77:35:ef:3f:23:70:2b:
         b4:0d:84:50:c2:a9:a1:23:92:71:b3:cd:a7:44:5f:7b:06:4e:
         9a:f3:1f:d9:17:5b:7d:b8:7f:78:ca:20:aa:b0:3c:c1:bc:c2:
         7f:10:6c:91:12:57:8e:a0:ef:ad:a8:52:98:de:2b:51:52:fb:
         5c:58:4c:32:da:89:e8:9e:fb:f5:b3:87:03:63:d4:7c:fa:62:
         96:3c:94:af:1e:6e:91:d7:3f:9d:7a:3a:bd:5a:64:eb:9a:f7:
         a6:7c:cc:7c:51:a6:ce:85:2a:85:0f:33:37:38:bc:ff:ff:35:
         bb:db:aa:1b:5c:94:4d:09:ee:f4:b6:7d:00:14:8c:25:fc:65:
         c1:b0:9d:3b:99:fa:31:38:b4:ad:e3:ee:f7:54:e1:f1:a8:d9:
         bf:f0:ba:e4:ba:a4:22:e7:b5:50:37:2a:92:18:4f:4e:4c:1c:
         b5:bc:ab:7f:ce:ef:d4:f8:56:ba:75:fb:01:61:26:7a:be:16:
         9f:a1:2f:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLXg+AgelWyQxwOu7j62cc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZWM3YzRhNTcxNTVjZThkZWM1YjFjZDYyZmZhODQwMTdi
MTZmNTgwHhcNMjQxMDI5MDkwMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWIyMzdmN2RmMWYzNDBjZTJiYjg2OWMwODI1YjI0OTFjMTMwNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohlidlG+Fj253w+GjS+P24B3msb5
TIIrpMQsP6U2yq4FQcSZmmZZDnInH6XEujnnsPHWaCWM6YkZpYGiwoZMtP2uPekK
qjx6FBYQ0L6g59hCEcGOMvxEugO1PwU9zW8GsJHU1zUG4AHlC/4MJveqAvf1hwp9
9OQSxMBXsiLKiIRgfCSZEnGdgRxosyBDJ5MRz2/C1ODYtHgMk6sNwA2rTTqw4yLS
B+m6siANBZmFd4SQPVl93PvY1/tr2qscFyEW6I6T0tgL3U1N4HVNBh9IaCUBccCD
NA7TRv3y1CI4PNa+MPBqpzLJ0FMV3U3iCgFUU0bPm4rclaBJH/swLnRgZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWyN/ffHzQM4ruGnAglskkcEwZfMB8GA1UdIwQY
MBaAFMjsfEpXFVzo3sWxzWL/qEAXsW9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU94OFNsY1ZYT2pleGJITll2LW9RQmV4YjFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yZDk1ZTctYmExNy00NzdmLTg5Yjct
ZGE1ZjZhNjU4ZjhiLzEvSmJJMzk5OGZOQXppdTRhY0NDV3lTUndUQmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yZDk1ZTctYmExNy00NzdmLTg5YjctZGE1ZjZhNjU4Zjhi
LzEveU94OFNsY1ZYT2pleGJITll2LW9RQmV4YjFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCpjMA0G
CSqGSIb3DQEBCwUAA4IBAQB9kvoyrAlo+YX95+67dRUycB6LrZvtgdaKUmYesKiy
Prdaz8S6m7Ys6fBc4S1lLcga6VORyZRlA0BZQcwgYXun4Hc17z8jcCu0DYRQwqmh
I5Jxs82nRF97Bk6a8x/ZF1t9uH94yiCqsDzBvMJ/EGyREleOoO+tqFKY3itRUvtc
WEwy2ononvv1s4cDY9R8+mKWPJSvHm6R1z+dejq9WmTrmvemfMx8UabOhSqFDzM3
OLz//zW726obXJRNCe70tn0AFIwl/GXBsJ07mfoxOLSt4+73VOHxqNm/8LrkuqQi
57VQNyqSGE9OTBy1vKt/zu/U+Fa6dfsBYSZ6vhafoS+F
-----END CERTIFICATE-----