Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/c903f3-8246-4c4b-aa4f-ae6469ab3f40/1/S35kAute2hjU5WLL92imzk2-qpc.roa
File:                     S35kAute2hjU5WLL92imzk2-qpc.roa (raw, json)
Hash identifier:          SX7w8JLtSuTn1SBeRw8gl6M0EWV8kQO8U4Uyo3CcXOw=
Subject key identifier:   4B:7E:64:02:EB:5E:DA:18:D4:E5:62:CB:F7:68:A6:CE:4D:BE:AA:97
Certificate issuer:       /CN=82248b5e08858964ba2b5473152015fd5991fdf8
Certificate serial:       018CC5010DFD8B23EB5ADBF4E68490191327
Authority key identifier: 82:24:8B:5E:08:85:89:64:BA:2B:54:73:15:20:15:FD:59:91:FD:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/giSLXgiFiWS6K1RzFSAV_VmR_fg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/c903f3-8246-4c4b-aa4f-ae6469ab3f40/1/S35kAute2hjU5WLL92imzk2-qpc.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.92.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/c903f3-8246-4c4b-aa4f-ae6469ab3f40/1/giSLXgiFiWS6K1RzFSAV_VmR_fg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/c903f3-8246-4c4b-aa4f-ae6469ab3f40/1/giSLXgiFiWS6K1RzFSAV_VmR_fg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/giSLXgiFiWS6K1RzFSAV_VmR_fg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0d:fd:8b:23:eb:5a:db:f4:e6:84:90:19:13:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82248b5e08858964ba2b5473152015fd5991fdf8
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7e6402eb5eda18d4e562cbf768a6ce4dbeaa97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:90:46:e7:99:ab:71:1c:b5:f9:9d:48:0c:05:
                    74:68:3c:be:a3:fd:92:14:7d:31:e0:3c:77:e6:b0:
                    3a:8a:6d:e3:f5:39:24:01:46:54:88:c8:3e:a6:c5:
                    3a:45:71:90:22:53:fe:88:d8:b5:3f:b5:1f:88:e9:
                    e8:e9:83:84:71:78:c7:c3:1b:e7:58:b6:6d:05:c8:
                    30:70:96:34:bf:ec:d2:78:60:72:e5:9e:2e:66:3b:
                    4c:81:dc:1a:c2:f0:3a:30:32:5d:c3:e5:35:af:e4:
                    b4:8b:7c:94:fb:4a:d8:19:93:3d:5b:d9:d7:6e:6a:
                    1a:91:b2:09:49:c2:2e:b4:7f:9a:58:e1:71:4a:59:
                    7f:17:b2:ba:f5:b2:b1:da:77:aa:ee:1c:71:52:5e:
                    69:c1:09:c2:61:54:b2:23:03:13:5c:4f:00:c0:2a:
                    13:59:d6:26:18:65:dc:ff:c5:1c:09:68:66:aa:f0:
                    b8:f8:28:c7:3c:8d:ae:ed:30:ed:b7:5a:8b:e1:d6:
                    d3:d9:9d:5e:c4:c6:73:e6:62:d9:58:eb:1c:ec:dc:
                    f9:ae:2f:93:50:4a:63:23:8d:09:17:43:67:f8:ed:
                    aa:5a:eb:ce:2e:6a:83:a9:ff:19:3b:30:56:3a:f9:
                    91:ac:46:69:56:d1:72:25:31:cf:71:80:fe:bf:55:
                    e0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7E:64:02:EB:5E:DA:18:D4:E5:62:CB:F7:68:A6:CE:4D:BE:AA:97
            X509v3 Authority Key Identifier:
                keyid:82:24:8B:5E:08:85:89:64:BA:2B:54:73:15:20:15:FD:59:91:FD:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/giSLXgiFiWS6K1RzFSAV_VmR_fg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c903f3-8246-4c4b-aa4f-ae6469ab3f40/1/S35kAute2hjU5WLL92imzk2-qpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c903f3-8246-4c4b-aa4f-ae6469ab3f40/1/giSLXgiFiWS6K1RzFSAV_VmR_fg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.92.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:2c:46:d6:03:43:97:c3:93:af:e4:eb:70:02:a2:0e:6c:b7:
         50:a9:2c:79:82:5a:bb:8a:7e:97:2b:9d:2d:e5:0d:5c:9d:e4:
         99:93:5d:62:94:79:f9:e8:c5:aa:34:04:36:56:8e:66:f3:0b:
         ff:4d:ba:2f:0a:c8:44:db:f3:7a:7c:8e:47:9b:18:ce:7a:9b:
         ea:5b:b5:fd:6e:80:00:9c:95:b2:58:ba:3f:97:1f:a2:da:1c:
         e5:19:ca:7a:df:af:a3:50:6c:38:47:fc:1a:f2:3e:11:b9:e0:
         a7:e5:28:15:57:01:3a:3b:2d:8f:48:76:fd:e1:a2:e3:3f:5e:
         1c:8c:ad:67:2f:1c:35:f6:d2:23:7b:83:b1:7f:1e:2d:72:a8:
         51:c5:57:4e:ff:90:af:71:d8:cb:0e:36:4f:09:a2:fb:70:5b:
         47:d7:54:c4:f8:fc:89:7b:8a:a1:b1:04:02:b2:27:29:a6:58:
         b5:8f:b7:e3:fd:0d:9a:a4:4d:12:07:6a:50:fd:78:19:a6:78:
         4c:50:35:db:2f:28:bc:96:eb:c4:b7:83:62:e4:6f:13:38:5c:
         61:7a:1f:63:4f:b1:e7:dd:44:f8:51:d0:22:e2:cf:0d:50:e6:
         cd:5b:41:83:02:96:51:32:b5:25:bd:d1:01:9d:7c:3a:ea:9f:
         14:cf:7f:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQ39iyPrWtv05oSQGRMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMjQ4YjVlMDg4NTg5NjRiYTJiNTQ3MzE1MjAxNWZkNTk5
MWZkZjgwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdlNjQwMmViNWVkYTE4ZDRlNTYyY2JmNzY4YTZjZTRkYmVhYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5BG55mrcRy1+Z1IDAV0aDy+o/2S
FH0x4Dx35rA6im3j9TkkAUZUiMg+psU6RXGQIlP+iNi1P7UfiOno6YOEcXjHwxvn
WLZtBcgwcJY0v+zSeGBy5Z4uZjtMgdwawvA6MDJdw+U1r+S0i3yU+0rYGZM9W9nX
bmoakbIJScIutH+aWOFxSll/F7K69bKx2neq7hxxUl5pwQnCYVSyIwMTXE8AwCoT
WdYmGGXc/8UcCWhmqvC4+CjHPI2u7TDtt1qL4dbT2Z1exMZz5mLZWOsc7Nz5ri+T
UEpjI40JF0Nn+O2qWuvOLmqDqf8ZOzBWOvmRrEZpVtFyJTHPcYD+v1XgXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEt+ZALrXtoY1OViy/dops5NvqqXMB8GA1UdIwQY
MBaAFIIki14IhYlkuitUcxUgFf1Zkf34MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2lTTFhnaUZpV1M2SzFSekZTQVZfVm1SX2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9jOTAzZjMtODI0Ni00YzRiLWFhNGYt
YWU2NDY5YWIzZjQwLzEvUzM1a0F1dGUyaGpVNVdMTDkyaW16azItcXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9jOTAzZjMtODI0Ni00YzRiLWFhNGYtYWU2NDY5YWIzZjQw
LzEvZ2lTTFhnaUZpV1M2SzFSekZTQVZfVm1SX2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwFyZMA0G
CSqGSIb3DQEBCwUAA4IBAQBcLEbWA0OXw5Ov5OtwAqIObLdQqSx5glq7in6XK50t
5Q1cneSZk11ilHn56MWqNAQ2Vo5m8wv/TbovCshE2/N6fI5HmxjOepvqW7X9boAA
nJWyWLo/lx+i2hzlGcp636+jUGw4R/wa8j4RueCn5SgVVwE6Oy2PSHb94aLjP14c
jK1nLxw19tIje4Oxfx4tcqhRxVdO/5CvcdjLDjZPCaL7cFtH11TE+PyJe4qhsQQC
sicppli1j7fj/Q2apE0SB2pQ/XgZpnhMUDXbLyi8luvEt4Ni5G8TOFxheh9jT7Hn
3UT4UdAi4s8NUObNW0GDApZRMrUlvdEBnXw66p8Uz3+0
-----END CERTIFICATE-----