Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/1SldOKbELOjKigiDwKOX9yrln5w.roa
File:                     1SldOKbELOjKigiDwKOX9yrln5w.roa (raw, json)
Hash identifier:          fmEO0ohhPTmh26Uu49kFiwQxzt5GJqHO94Hmm4ImaNw=
Subject key identifier:   D5:29:5D:38:A6:C4:2C:E8:CA:8A:08:83:C0:A3:97:F7:2A:E5:9F:9C
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       01942444E3027223A30A454C71205F983699
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/1SldOKbELOjKigiDwKOX9yrln5w.roa
Signing time:             Wed 01 Jan 2025 23:48:01 +0000
ROA not before:           Wed 01 Jan 2025 23:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39668
IP address blocks:        92.87.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e3:02:72:23:a3:0a:45:4c:71:20:5f:98:36:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jan  1 23:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5295d38a6c42ce8ca8a0883c0a397f72ae59f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f8:af:87:95:f5:fe:5c:e6:02:96:34:54:68:
                    c4:82:07:06:03:b3:eb:76:80:6e:0d:5a:99:42:21:
                    b3:98:79:6d:03:34:b9:63:41:2e:bc:db:60:85:b7:
                    44:97:b2:64:ac:2a:3e:56:a0:3d:1c:d9:91:42:b8:
                    45:a0:85:84:63:da:27:22:93:e5:f0:8a:b9:d6:6b:
                    ba:fd:34:f2:90:a1:96:8f:60:65:40:1b:86:22:ec:
                    77:a6:5a:74:0b:80:0b:c2:15:4f:13:1c:2f:e2:49:
                    cb:61:82:a1:fb:e9:4a:5c:bc:db:ab:e8:82:73:37:
                    86:dd:b3:d3:06:87:9a:8a:41:69:9d:b3:39:9f:78:
                    31:69:7b:02:23:0c:1c:6b:f2:82:1a:c0:86:10:eb:
                    0e:07:6e:0f:87:59:2f:90:5d:17:bf:4a:93:6f:f3:
                    43:42:77:9f:01:53:ef:42:be:91:83:28:b1:16:eb:
                    64:dc:a4:63:e1:8f:a7:40:59:f6:a6:39:48:18:b8:
                    7c:a5:be:9e:8f:01:5d:d8:91:8c:3c:4a:65:3c:7b:
                    db:3e:89:7b:53:3a:54:f1:1d:48:62:92:81:fa:34:
                    84:6b:dc:ef:ae:7a:e6:b7:68:6e:62:61:14:c1:28:
                    7e:f6:a0:43:73:b9:30:d5:62:f1:01:49:de:d5:d6:
                    fd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:29:5D:38:A6:C4:2C:E8:CA:8A:08:83:C0:A3:97:F7:2A:E5:9F:9C
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/1SldOKbELOjKigiDwKOX9yrln5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.87.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:54:09:38:45:2a:bd:b4:39:d8:49:ee:e2:05:0f:dc:67:2f:
         66:59:b4:3c:4c:08:08:8d:54:15:28:aa:96:21:a7:24:65:3e:
         a6:be:19:4a:15:f0:72:b3:18:3f:70:5d:60:e4:95:68:88:5f:
         92:3b:22:de:53:1d:04:4d:7f:3b:2a:d4:58:c6:86:6e:f3:a0:
         a1:32:6b:58:14:86:3b:7b:a1:b3:39:d4:1e:d0:d8:81:d4:b7:
         b2:5f:dd:9e:b1:ff:d7:aa:d7:77:d2:69:7a:19:99:e4:e6:f6:
         20:6e:bb:c0:a9:28:2e:0e:7a:40:43:05:24:1d:3a:bc:e0:1c:
         6c:4d:2d:8c:c4:a5:08:6c:01:34:d1:87:4a:1a:45:08:5f:ab:
         78:42:6d:45:dd:e0:73:a7:1b:a5:fd:ec:78:d9:76:50:77:2c:
         33:b1:c8:e5:1f:e6:6c:fe:6f:72:e4:9a:4a:45:34:4e:8b:36:
         9d:ba:f7:0f:95:7c:72:9a:1d:91:11:e7:66:36:82:da:5d:7e:
         f0:74:31:84:38:6b:c0:87:3a:37:e2:a8:d7:50:a6:a7:24:c9:
         98:2c:c5:d9:74:ac:c4:99:32:03:e1:62:87:d0:d3:34:f6:c7:
         0b:05:6b:d0:5a:bb:5d:98:5b:cc:bf:52:94:8f:4d:11:46:df:
         67:d4:54:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkROMCciOjCkVMcSBfmDaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjUwMTAxMjM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI5NWQzOGE2YzQyY2U4Y2E4YTA4ODNjMGEzOTdmNzJhZTU5ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/ivh5X1/lzmApY0VGjEggcGA7Pr
doBuDVqZQiGzmHltAzS5Y0EuvNtghbdEl7JkrCo+VqA9HNmRQrhFoIWEY9onIpPl
8Iq51mu6/TTykKGWj2BlQBuGIux3plp0C4ALwhVPExwv4knLYYKh++lKXLzbq+iC
czeG3bPTBoeaikFpnbM5n3gxaXsCIwwca/KCGsCGEOsOB24Ph1kvkF0Xv0qTb/ND
QnefAVPvQr6RgyixFutk3KRj4Y+nQFn2pjlIGLh8pb6ejwFd2JGMPEplPHvbPol7
UzpU8R1IYpKB+jSEa9zvrnrmt2huYmEUwSh+9qBDc7kw1WLxAUne1db93QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUpXTimxCzoyooIg8Cjl/cq5Z+cMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvMVNsZE9LYkVMT2pLaWdpRHdLT1g5eXJsbjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXFdpMA0G
CSqGSIb3DQEBCwUAA4IBAQCGVAk4RSq9tDnYSe7iBQ/cZy9mWbQ8TAgIjVQVKKqW
IackZT6mvhlKFfBysxg/cF1g5JVoiF+SOyLeUx0ETX87KtRYxoZu86ChMmtYFIY7
e6GzOdQe0NiB1LeyX92esf/Xqtd30ml6GZnk5vYgbrvAqSguDnpAQwUkHTq84Bxs
TS2MxKUIbAE00YdKGkUIX6t4Qm1F3eBzpxul/ex42XZQdywzscjlH+Zs/m9y5JpK
RTROizaduvcPlXxymh2REedmNoLaXX7wdDGEOGvAhzo34qjXUKanJMmYLMXZdKzE
mTID4WKH0NM09scLBWvQWrtdmFvMv1KUj00RRt9n1FSh
-----END CERTIFICATE-----