Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/Xy89zHyYs0QJblZdOd3eCJxdu30.roa
File:                     Xy89zHyYs0QJblZdOd3eCJxdu30.roa (raw, json)
Hash identifier:          6ARQ5SvxklFJwwDb8XqOalpnXYG3fuNdlqgd6SLOfvg=
Subject key identifier:   5F:2F:3D:CC:7C:98:B3:44:09:6E:56:5D:39:DD:DE:08:9C:5D:BB:7D
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       018CCA29B9C5AF4EFFD0CD4AA5A0B63E87C4
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/Xy89zHyYs0QJblZdOd3eCJxdu30.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34000
IP address blocks:        92.103.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:b9:c5:af:4e:ff:d0:cd:4a:a5:a0:b6:3e:87:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f2f3dcc7c98b344096e565d39ddde089c5dbb7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f3:95:4f:e6:3b:fb:f6:0b:c1:c3:6d:00:ea:
                    b3:36:88:b3:81:76:ab:47:6e:58:a9:09:5f:d5:5f:
                    c8:2f:e4:1d:d6:32:e2:74:27:de:a9:7c:3e:83:53:
                    06:91:77:66:d4:09:79:cc:ac:c6:ea:ce:0d:67:ff:
                    cc:15:45:e0:20:11:f6:a6:3b:25:fd:98:b8:6b:ba:
                    7b:f6:c3:ad:a2:f7:cd:c7:29:3f:a9:aa:5c:40:a9:
                    3b:c6:78:3e:f0:36:3e:76:90:6b:84:b1:24:cd:6f:
                    3d:d8:fd:72:86:3f:a3:1a:13:e5:8b:07:8a:19:c5:
                    fd:f7:f8:59:c8:c9:4a:50:c6:ef:1c:38:ff:3b:2c:
                    29:6a:f9:65:28:a2:48:6f:47:b2:93:61:c6:b6:e9:
                    02:ec:b8:1c:9c:45:4f:28:80:03:57:20:48:03:5f:
                    96:1e:08:1b:fc:6c:80:6a:8f:25:dc:9c:f8:5b:a6:
                    10:74:8c:00:ef:f2:84:aa:f5:11:dd:a5:3e:20:93:
                    9e:04:18:58:a9:92:1e:41:b2:20:69:01:a9:2f:11:
                    ef:e5:c7:cf:ec:d7:71:16:67:19:b3:7e:ff:d5:5a:
                    ed:bf:86:4c:35:cc:64:a8:eb:69:b2:88:d6:fa:dc:
                    3b:61:c3:e3:dc:e7:35:96:06:01:32:55:80:a0:c2:
                    d0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:2F:3D:CC:7C:98:B3:44:09:6E:56:5D:39:DD:DE:08:9C:5D:BB:7D
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/Xy89zHyYs0QJblZdOd3eCJxdu30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.103.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b8:9e:04:34:01:19:a1:7e:9a:65:65:ff:63:ff:24:51:10:
         12:d8:82:d5:d1:15:c1:6d:1d:d8:16:d1:da:24:d8:9e:3d:bd:
         68:76:51:97:ef:73:66:ee:9a:2b:0c:5e:ee:34:b6:bc:04:6b:
         f3:d2:36:cc:35:9c:6c:52:2a:32:2b:ba:2e:c7:4a:40:cc:19:
         58:26:e9:1d:c3:76:24:12:62:3c:c0:05:9a:89:08:56:4a:67:
         6f:cb:a5:60:49:4e:08:b7:ca:c6:57:44:49:52:8e:c1:aa:0e:
         89:dc:d6:cf:15:5b:56:e9:54:14:2d:4e:31:f6:55:a2:99:d4:
         92:3f:6c:c7:48:77:9c:eb:95:61:f1:b8:3c:2b:59:74:a2:62:
         da:0c:12:bb:ae:37:39:dc:8e:0b:11:34:96:03:e1:35:4c:6e:
         a1:9e:be:b5:11:da:7d:05:25:c7:0b:7b:64:a4:16:dd:e0:98:
         78:fc:66:30:89:3a:bd:c9:84:cb:24:8e:37:4b:41:b5:8b:93:
         ea:8f:be:af:22:72:71:5e:a1:11:82:07:95:f0:31:7d:82:70:
         b1:44:b9:8b:16:b8:23:64:8f:11:e7:33:cc:ba:b9:fa:d4:66:
         9b:82:0b:44:a6:46:46:49:ac:4f:b1:e4:96:b6:0a:22:39:0c:
         75:52:2f:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbnFr07/0M1KpaC2PofEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTI4MTBmNDliMzZmZGQ2NDFjMzI2YmQxZGU0ZTQyZDEy
OGIwNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjJmM2RjYzdjOThiMzQ0MDk2ZTU2NWQzOWRkZGUwODljNWRiYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/OVT+Y7+/YLwcNtAOqzNoizgXar
R25YqQlf1V/IL+Qd1jLidCfeqXw+g1MGkXdm1Al5zKzG6s4NZ//MFUXgIBH2pjsl
/Zi4a7p79sOtovfNxyk/qapcQKk7xng+8DY+dpBrhLEkzW892P1yhj+jGhPliweK
GcX99/hZyMlKUMbvHDj/OywpavllKKJIb0eyk2HGtukC7LgcnEVPKIADVyBIA1+W
Hggb/GyAao8l3Jz4W6YQdIwA7/KEqvUR3aU+IJOeBBhYqZIeQbIgaQGpLxHv5cfP
7NdxFmcZs37/1Vrtv4ZMNcxkqOtpsojW+tw7YcPj3Oc1lgYBMlWAoMLQJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8vPcx8mLNECW5WXTnd3gicXbt9MB8GA1UdIwQY
MBaAFPLigQ9Js2/dZBwya9HeTkLRKLBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAt
NTBkMmI3MGJjZjMxLzEvWHk4OXpIeVlzMFFKYmxaZE9kM2VDSnhkdTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAtNTBkMmI3MGJjZjMx
LzEvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXGfgMA0G
CSqGSIb3DQEBCwUAA4IBAQB1uJ4ENAEZoX6aZWX/Y/8kURAS2ILV0RXBbR3YFtHa
JNiePb1odlGX73Nm7porDF7uNLa8BGvz0jbMNZxsUioyK7oux0pAzBlYJukdw3Yk
EmI8wAWaiQhWSmdvy6VgSU4It8rGV0RJUo7Bqg6J3NbPFVtW6VQULU4x9lWimdSS
P2zHSHec65Vh8bg8K1l0omLaDBK7rjc53I4LETSWA+E1TG6hnr61Edp9BSXHC3tk
pBbd4Jh4/GYwiTq9yYTLJI43S0G1i5Pqj76vInJxXqERggeV8DF9gnCxRLmLFrgj
ZI8R5zPMurn61GabggtEpkZGSaxPseSWtgoiOQx1Ui/O
-----END CERTIFICATE-----