Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/taN2TjS37JJ2wLmZ9fjO-wAeFfs.roa
File:                     taN2TjS37JJ2wLmZ9fjO-wAeFfs.roa (raw, json)
Hash identifier:          QrEOaP3h0m5y/WAsmnlyC8JhF+ogKj9wOARV7jl2vBA=
Subject key identifier:   B5:A3:76:4E:34:B7:EC:92:76:C0:B9:99:F5:F8:CE:FB:00:1E:15:FB
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01934419040752E01A27D2B70128790809D8
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/taN2TjS37JJ2wLmZ9fjO-wAeFfs.roa
Signing time:             Tue 19 Nov 2024 11:05:10 +0000
ROA not before:           Tue 19 Nov 2024 11:05:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40065
IP address blocks:        185.92.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:19:04:07:52:e0:1a:27:d2:b7:01:28:79:08:09:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Nov 19 11:05:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5a3764e34b7ec9276c0b999f5f8cefb001e15fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:df:d2:c4:f2:ca:35:ce:d8:fd:dd:72:a4:3e:
                    6c:34:f2:6f:0e:2f:72:93:ea:60:64:5c:6d:9b:9a:
                    97:83:ca:12:fb:c4:10:11:09:5d:90:7d:a9:07:a1:
                    0d:03:3e:33:ef:f3:af:b9:a0:32:37:d0:06:38:b7:
                    b7:83:8c:10:79:5b:f4:f9:65:ba:28:92:a8:0d:c1:
                    73:f9:76:b2:92:13:1c:fe:43:4d:06:cf:57:51:38:
                    f3:65:a9:b7:1d:07:81:c1:67:df:ad:39:76:b8:8a:
                    47:5b:b1:f3:44:34:fb:ac:8d:08:c3:de:f2:36:69:
                    67:01:5d:6e:55:51:74:12:1c:3d:32:b8:e0:eb:05:
                    46:13:77:20:c9:1b:de:85:ed:65:6d:76:0f:a5:3b:
                    7c:85:ef:c3:fc:37:00:5f:e7:13:bf:6c:cf:a7:74:
                    40:01:3a:75:ff:37:77:e0:3f:81:02:d1:c4:cc:78:
                    93:f9:2a:71:7f:b3:47:6a:ff:01:15:7b:e3:dd:f6:
                    ce:0f:f9:9a:6f:11:cb:ea:cf:21:11:1d:2f:54:2f:
                    ab:d6:78:fd:15:09:3f:16:bf:87:84:e9:0b:e7:41:
                    6b:9e:f6:b4:cf:4a:2a:cf:37:f0:0e:8d:d8:15:1b:
                    85:78:d9:54:f7:1f:f4:12:04:26:5d:4e:90:db:22:
                    10:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A3:76:4E:34:B7:EC:92:76:C0:B9:99:F5:F8:CE:FB:00:1E:15:FB
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/taN2TjS37JJ2wLmZ9fjO-wAeFfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:16:2b:ee:03:da:e3:f5:59:2f:aa:fc:b7:0f:b3:a0:d3:ab:
         4d:5a:fe:81:66:e9:62:96:58:5e:8e:5f:fa:31:55:17:66:2a:
         31:b3:12:20:58:99:e8:63:1b:20:7f:8a:90:68:3e:9d:ba:a0:
         20:23:96:6e:40:61:1b:4f:5e:f7:c5:97:5a:77:79:bd:a3:9e:
         14:a0:f3:3c:e2:69:d3:ca:2f:b9:48:ed:bb:be:f6:ee:89:3e:
         78:bb:6f:9b:b6:87:7a:71:e8:06:8b:8d:b5:56:e1:32:bb:8f:
         a2:65:f1:e1:1e:91:15:41:b5:4c:42:2b:87:73:ae:53:43:12:
         86:98:8d:87:b1:61:eb:31:43:c9:1c:92:84:f4:d9:52:90:ce:
         7b:ae:ac:49:dd:bc:7e:e1:82:cd:70:26:39:b5:57:ac:67:21:
         63:d2:a2:82:12:77:40:7d:1c:7c:d1:d6:e9:23:f6:60:4f:46:
         28:37:a7:23:b9:d6:33:84:1f:1d:17:10:44:cb:3e:95:6c:4c:
         68:e6:f0:27:33:3c:cf:10:95:95:3a:32:62:2b:42:8d:10:62:
         42:78:c8:5a:4b:8a:b9:72:66:e4:ea:d5:ed:eb:1a:e8:51:68:
         85:8d:29:6c:55:bb:2a:76:a8:67:de:45:93:85:19:ce:ce:f5:
         8b:c8:d7:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNEGQQHUuAaJ9K3ASh5CAnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjQxMTE5MTEwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWEzNzY0ZTM0YjdlYzkyNzZjMGI5OTlmNWY4Y2VmYjAwMWUxNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAit/SxPLKNc7Y/d1ypD5sNPJvDi9y
k+pgZFxtm5qXg8oS+8QQEQldkH2pB6ENAz4z7/OvuaAyN9AGOLe3g4wQeVv0+WW6
KJKoDcFz+XaykhMc/kNNBs9XUTjzZam3HQeBwWffrTl2uIpHW7HzRDT7rI0Iw97y
NmlnAV1uVVF0Ehw9Mrjg6wVGE3cgyRvehe1lbXYPpTt8he/D/DcAX+cTv2zPp3RA
ATp1/zd34D+BAtHEzHiT+Spxf7NHav8BFXvj3fbOD/mabxHL6s8hER0vVC+r1nj9
FQk/Fr+HhOkL50Frnva0z0oqzzfwDo3YFRuFeNlU9x/0EgQmXU6Q2yIQfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWjdk40t+ySdsC5mfX4zvsAHhX7MB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvdGFOMlRqUzM3Skoyd0xtWjlmak8td0FlRmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwvMA0G
CSqGSIb3DQEBCwUAA4IBAQBJFivuA9rj9Vkvqvy3D7Og06tNWv6BZulillhejl/6
MVUXZioxsxIgWJnoYxsgf4qQaD6duqAgI5ZuQGEbT173xZdad3m9o54UoPM84mnT
yi+5SO27vvbuiT54u2+btod6cegGi421VuEyu4+iZfHhHpEVQbVMQiuHc65TQxKG
mI2HsWHrMUPJHJKE9NlSkM57rqxJ3bx+4YLNcCY5tVesZyFj0qKCEndAfRx80dbp
I/ZgT0YoN6cjudYzhB8dFxBEyz6VbExo5vAnMzzPEJWVOjJiK0KNEGJCeMhaS4q5
cmbk6tXt6xroUWiFjSlsVbsqdqhn3kWThRnOzvWLyNeC
-----END CERTIFICATE-----