Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/ZyoU0jW6Bmgy3uEe-aextVch-A0.roa
File:                     ZyoU0jW6Bmgy3uEe-aextVch-A0.roa (raw, json)
Hash identifier:          hQ2ZnSobSVoCandMJ91GKEPDEW5hMyMeQYN3RL8Zmuw=
Subject key identifier:   67:2A:14:D2:35:BA:06:68:32:DE:E1:1E:F9:A7:B1:B5:57:21:F8:0D
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019426D8554CA84E10B65536ACAB5BCD24D7
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/ZyoU0jW6Bmgy3uEe-aextVch-A0.roa
Signing time:             Thu 02 Jan 2025 11:48:19 +0000
ROA not before:           Thu 02 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        185.92.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 06:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:55:4c:a8:4e:10:b6:55:36:ac:ab:5b:cd:24:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan  2 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=672a14d235ba066832dee11ef9a7b1b55721f80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ec:38:e0:cb:7f:ec:52:2f:8b:2d:c5:09:72:
                    e8:a1:80:61:40:f5:16:6a:83:bb:b7:20:15:b6:68:
                    6e:ed:cb:ff:5a:5a:5c:64:bc:35:34:41:27:05:db:
                    7a:21:40:1c:f8:f2:b3:03:45:56:0e:7f:d2:fa:9e:
                    64:6c:f0:a6:42:e4:78:04:87:01:f4:2a:e3:d4:56:
                    ca:92:4b:de:87:7b:88:25:6e:62:7f:c3:0a:26:23:
                    6a:e5:16:84:c0:bf:46:a6:89:a2:ab:c0:5b:5b:c4:
                    d1:52:62:e7:34:f2:c0:48:ed:42:8e:63:7b:88:73:
                    8f:c6:9a:07:79:e8:bc:39:33:ca:d2:5b:64:30:b7:
                    50:0b:3d:4a:c1:e7:e3:9c:5d:b4:fb:eb:b9:b5:3a:
                    12:a2:b4:92:ca:62:1e:b6:41:36:89:49:71:ff:3a:
                    5f:28:4d:51:a1:1c:1e:5d:a2:4d:30:7d:f6:b6:ab:
                    3e:bc:49:9d:f6:90:ed:59:1a:ef:9b:0e:f1:79:2f:
                    92:b3:30:93:8d:66:e9:e9:47:4e:83:d8:76:11:0d:
                    52:ab:8b:bd:42:25:b6:1a:24:62:0e:4a:30:3a:ab:
                    2c:af:02:88:f1:2d:19:53:39:d3:25:2d:e8:aa:b6:
                    f8:14:65:10:81:61:97:8c:1a:3f:a4:0f:8c:5b:b5:
                    ad:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:2A:14:D2:35:BA:06:68:32:DE:E1:1E:F9:A7:B1:B5:57:21:F8:0D
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/ZyoU0jW6Bmgy3uEe-aextVch-A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:78:2a:25:e8:13:a0:c1:76:4e:c9:a1:e6:81:14:5a:2e:26:
         e2:1d:09:3e:57:57:d5:68:78:92:28:78:f3:a0:e9:66:5e:d0:
         bb:2d:03:d8:ec:9a:3a:aa:f3:5e:e1:fc:50:58:e9:78:2c:2a:
         73:84:5a:ec:46:63:cb:71:3d:98:3b:fd:2f:9f:18:71:db:37:
         5f:5d:6b:ca:24:57:e3:fa:f0:53:0a:70:31:51:d3:3b:20:d8:
         12:5c:ee:94:bc:d7:44:08:ee:f6:08:b2:45:fc:e3:1b:17:01:
         94:20:a5:cf:f1:fb:c0:66:d1:dd:ab:2d:6a:da:d7:81:6f:4f:
         e2:f6:fb:f0:6a:75:00:08:a9:46:79:63:35:bb:68:82:9b:a7:
         b7:1c:95:90:91:96:36:fe:4b:1e:ae:37:f4:0d:77:fd:43:1b:
         a1:1a:1d:3e:75:e7:53:58:5e:8c:a8:50:17:ff:42:b6:08:9f:
         22:46:3c:6c:30:9b:9f:f4:bd:74:a1:eb:83:ab:38:87:06:b7:
         28:59:18:b4:05:9f:e5:5d:d7:9e:1b:f7:86:69:86:cd:84:a1:
         c1:63:29:43:52:54:52:ae:fc:f1:db:b6:dd:80:28:a0:1b:47:
         9c:60:cf:da:f3:f0:c5:08:3e:3f:27:12:46:b6:08:37:1d:c2:
         6c:8f:6f:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2FVMqE4QtlU2rKtbzSTXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwMTAyMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzJhMTRkMjM1YmEwNjY4MzJkZWUxMWVmOWE3YjFiNTU3MjFmODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuw44Mt/7FIviy3FCXLooYBhQPUW
aoO7tyAVtmhu7cv/WlpcZLw1NEEnBdt6IUAc+PKzA0VWDn/S+p5kbPCmQuR4BIcB
9Crj1FbKkkveh3uIJW5if8MKJiNq5RaEwL9Gpomiq8BbW8TRUmLnNPLASO1CjmN7
iHOPxpoHeei8OTPK0ltkMLdQCz1KwefjnF20++u5tToSorSSymIetkE2iUlx/zpf
KE1RoRweXaJNMH32tqs+vEmd9pDtWRrvmw7xeS+SszCTjWbp6UdOg9h2EQ1Sq4u9
QiW2GiRiDkowOqssrwKI8S0ZUznTJS3oqrb4FGUQgWGXjBo/pA+MW7WtQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcqFNI1ugZoMt7hHvmnsbVXIfgNMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvWnlvVTBqVzZCbWd5M3VFZS1hZXh0VmNoLUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwuMA0G
CSqGSIb3DQEBCwUAA4IBAQBieCol6BOgwXZOyaHmgRRaLibiHQk+V1fVaHiSKHjz
oOlmXtC7LQPY7Jo6qvNe4fxQWOl4LCpzhFrsRmPLcT2YO/0vnxhx2zdfXWvKJFfj
+vBTCnAxUdM7INgSXO6UvNdECO72CLJF/OMbFwGUIKXP8fvAZtHdqy1q2teBb0/i
9vvwanUACKlGeWM1u2iCm6e3HJWQkZY2/kserjf0DXf9QxuhGh0+dedTWF6MqFAX
/0K2CJ8iRjxsMJuf9L10oeuDqziHBrcoWRi0BZ/lXdeeG/eGaYbNhKHBYylDUlRS
rvzx27bdgCigG0ecYM/a8/DFCD4/JxJGtgg3HcJsj29z
-----END CERTIFICATE-----