Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/dftdL0t-EXs-lONPKB-773pXyAU.roa
File:                     dftdL0t-EXs-lONPKB-773pXyAU.roa (raw, json)
Hash identifier:          avVYs7GuiW3qZEbevEySaxe43oBQGD8AcC9UIUIOqtY=
Subject key identifier:   75:FB:5D:2F:4B:7E:11:7B:3E:94:E3:4F:28:1F:BB:EF:7A:57:C8:05
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       018D1982B079A81777C010575186CF4642D9
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/dftdL0t-EXs-lONPKB-773pXyAU.roa
Signing time:             Wed 17 Jan 2024 22:20:11 +0000
ROA not before:           Wed 17 Jan 2024 22:20:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40065
IP address blocks:        185.92.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:19:82:b0:79:a8:17:77:c0:10:57:51:86:cf:46:42:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jan 17 22:20:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75fb5d2f4b7e117b3e94e34f281fbbef7a57c805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:33:ac:66:84:3a:66:81:6c:24:72:6c:c0:46:
                    87:ba:34:eb:7e:96:20:f1:5b:ea:40:8b:56:ed:75:
                    16:b0:72:9b:15:dc:f0:fd:f6:c7:3d:34:66:cd:03:
                    68:ee:47:18:ca:45:8c:83:78:31:3d:1e:09:86:d8:
                    c1:9a:e7:75:c8:bf:f5:b4:a0:42:3b:9f:24:9d:3f:
                    ff:46:b6:02:42:95:d4:5c:fa:45:98:fb:d9:83:a6:
                    af:b4:1b:a3:05:5a:8f:a1:c8:86:99:da:49:13:ec:
                    36:6b:27:b3:c8:bf:c5:26:ce:7f:6f:e4:17:0f:bb:
                    17:ec:76:de:33:f1:d6:32:62:d6:2d:c6:4f:a0:76:
                    22:ba:0e:e1:cc:c8:bd:16:ff:c2:b4:24:82:ff:75:
                    f9:f4:70:70:e9:59:99:da:7e:29:3f:6d:1b:67:b9:
                    f0:da:16:3e:bc:35:12:f9:45:48:34:10:e1:75:15:
                    9f:55:6d:53:f5:0f:32:63:5b:95:4d:07:97:20:62:
                    6c:b7:ce:37:10:85:c9:3d:26:26:8c:68:e7:ab:62:
                    bd:73:04:a7:30:f4:53:83:79:3a:cc:d4:81:3e:b2:
                    88:af:08:df:c4:dc:ba:f4:bf:bd:ef:92:11:99:ed:
                    38:41:79:3f:af:20:23:ca:db:c7:79:f3:d0:da:67:
                    4d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FB:5D:2F:4B:7E:11:7B:3E:94:E3:4F:28:1F:BB:EF:7A:57:C8:05
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/dftdL0t-EXs-lONPKB-773pXyAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:45:6a:bb:75:15:de:c7:20:88:de:f5:74:14:90:4e:12:2f:
         e2:fc:27:81:ed:fc:7f:e1:0b:6d:83:25:a1:e1:6b:46:e1:5f:
         69:64:fa:4a:95:3d:2c:ff:e1:5e:b1:cd:3b:96:0f:00:a5:c4:
         29:d6:c7:eb:b9:73:46:b2:33:29:22:30:30:39:11:b9:ba:dc:
         7a:bc:b3:cb:63:95:d5:93:b2:17:59:49:16:9f:6c:85:bd:b3:
         21:e7:a2:ce:29:c4:4d:42:d7:92:56:a1:71:d6:5d:a4:55:3b:
         f1:36:42:53:68:f1:1d:e7:2a:5c:98:98:4a:62:7b:74:66:6a:
         54:4a:ce:2d:c1:c7:19:44:5e:5e:1d:ed:b5:a3:31:e4:b1:85:
         01:80:65:b7:38:d5:e1:e3:77:1c:cb:d7:62:04:c5:fa:0b:27:
         1d:25:a7:4d:f0:7e:dd:74:ec:24:19:cb:6b:7c:3d:36:70:21:
         24:9a:20:03:16:01:b4:3f:85:f3:e8:b6:fe:ce:6a:fc:d5:72:
         79:4a:62:51:3f:7f:37:3c:fb:7a:71:19:7a:4e:72:05:1c:28:
         49:d2:4d:64:b3:64:d2:3f:0b:a6:eb:68:ee:7d:e3:21:6c:2a:
         35:8f:96:65:11:72:d5:ba:b5:f2:b8:a4:e5:44:fd:c9:64:84:
         30:df:05:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0ZgrB5qBd3wBBXUYbPRkLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQwMTE3MjIyMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZiNWQyZjRiN2UxMTdiM2U5NGUzNGYyODFmYmJlZjdhNTdjODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDOsZoQ6ZoFsJHJswEaHujTrfpYg
8VvqQItW7XUWsHKbFdzw/fbHPTRmzQNo7kcYykWMg3gxPR4JhtjBmud1yL/1tKBC
O58knT//RrYCQpXUXPpFmPvZg6avtBujBVqPociGmdpJE+w2ayezyL/FJs5/b+QX
D7sX7HbeM/HWMmLWLcZPoHYiug7hzMi9Fv/CtCSC/3X59HBw6VmZ2n4pP20bZ7nw
2hY+vDUS+UVINBDhdRWfVW1T9Q8yY1uVTQeXIGJst843EIXJPSYmjGjnq2K9cwSn
MPRTg3k6zNSBPrKIrwjfxNy69L+975IRme04QXk/ryAjytvHefPQ2mdN5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX7XS9LfhF7PpTjTygfu+96V8gFMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvZGZ0ZEwwdC1FWHMtbE9OUEtCLTc3M3BYeUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwvMA0G
CSqGSIb3DQEBCwUAA4IBAQCzRWq7dRXexyCI3vV0FJBOEi/i/CeB7fx/4QttgyWh
4WtG4V9pZPpKlT0s/+Fesc07lg8ApcQp1sfruXNGsjMpIjAwORG5utx6vLPLY5XV
k7IXWUkWn2yFvbMh56LOKcRNQteSVqFx1l2kVTvxNkJTaPEd5ypcmJhKYnt0ZmpU
Ss4twccZRF5eHe21ozHksYUBgGW3ONXh43ccy9diBMX6CycdJadN8H7ddOwkGctr
fD02cCEkmiADFgG0P4Xz6Lb+zmr81XJ5SmJRP383PPt6cRl6TnIFHChJ0k1ks2TS
Pwum62jufeMhbCo1j5ZlEXLVurXyuKTlRP3JZIQw3wUG
-----END CERTIFICATE-----