Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/R4Bakdd_TNadODR4mfKAYcJFwIU.roa
File:                     R4Bakdd_TNadODR4mfKAYcJFwIU.roa (raw, json)
Hash identifier:          aLsVPfkZNXCTnIpv3k6zaaaolSzzcG1RveKBfCwAljs=
Subject key identifier:   47:80:5A:91:D7:7F:4C:D6:9D:38:34:78:99:F2:80:61:C2:45:C0:85
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       019053EFACF06C5C6D391ED626DF1BA34388
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/R4Bakdd_TNadODR4mfKAYcJFwIU.roa
Signing time:             Wed 26 Jun 2024 09:45:34 +0000
ROA not before:           Wed 26 Jun 2024 09:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39668
IP address blocks:        92.87.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 04:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:ef:ac:f0:6c:5c:6d:39:1e:d6:26:df:1b:a3:43:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jun 26 09:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47805a91d77f4cd69d38347899f28061c245c085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8c:06:ff:af:f8:d3:26:7e:f2:6f:aa:71:67:
                    d9:5e:e6:67:f6:19:d1:39:7c:c2:2d:44:bb:8c:0f:
                    69:0f:7a:ae:2b:2b:5b:38:f7:70:9d:37:80:90:5d:
                    80:92:f1:a4:b9:f1:6c:9a:4c:7c:39:ee:ee:6f:99:
                    e9:d3:17:fa:c0:7a:d2:01:be:68:25:a9:45:65:11:
                    1a:8f:f8:1f:f1:da:c6:d1:29:c2:5c:6b:4d:f2:40:
                    47:17:1a:1e:68:67:3a:c1:e1:31:a2:11:e4:68:ea:
                    52:2a:21:eb:e6:78:9c:07:ef:82:58:e9:1a:5c:c4:
                    e1:ef:79:ce:d9:c9:83:b5:d9:73:f6:f9:55:b3:d3:
                    d1:17:b0:21:e2:fd:29:e2:5c:be:d6:bc:d1:5b:9c:
                    77:dc:ec:86:c6:5b:28:c5:2c:80:e3:e0:04:cb:3a:
                    b8:ca:89:cd:f4:97:b7:a1:a9:90:fd:d2:92:cf:f7:
                    eb:2f:3e:ab:a3:97:9c:ae:c1:32:73:67:1f:a8:51:
                    7a:7a:16:dd:bd:62:87:cb:3d:d3:44:c4:b7:87:e5:
                    ae:b9:0b:d4:d4:55:c0:47:27:69:60:e1:23:6e:dd:
                    b6:21:d7:9f:f5:9b:52:37:5d:d9:02:94:ee:cb:eb:
                    54:4f:27:5c:f5:32:1f:b8:53:2d:72:19:ed:cd:33:
                    bb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:80:5A:91:D7:7F:4C:D6:9D:38:34:78:99:F2:80:61:C2:45:C0:85
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/R4Bakdd_TNadODR4mfKAYcJFwIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.87.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:88:c8:a7:c8:05:5b:5b:96:95:5e:54:3f:0c:00:b8:6d:89:
         3c:e4:65:7e:5f:af:65:89:a1:7c:1b:7c:7b:17:3e:66:1f:dc:
         ad:ac:af:94:1b:a9:b4:0a:49:a0:eb:35:72:e9:c0:b6:bf:fe:
         51:80:33:22:dd:a9:b5:48:a8:96:0e:a8:a0:69:c0:af:dd:95:
         b3:91:41:32:61:da:e6:6f:39:77:bc:ee:41:23:0f:0c:72:6f:
         c7:eb:e4:09:38:33:6c:3d:a5:85:30:39:b2:4a:fa:5e:6d:db:
         72:02:36:a0:36:0d:0e:fd:e8:a5:af:c5:00:26:d2:0d:8d:bf:
         1a:a0:54:94:1f:0b:7b:e7:14:85:fe:da:9b:9d:7a:55:cf:9d:
         a3:72:65:f8:6d:04:35:88:79:4c:7a:66:77:f6:ec:2a:ea:38:
         b0:8d:f4:dc:4d:24:7d:c0:2f:ad:27:cb:e5:a6:22:55:71:98:
         1d:db:6c:a7:64:7f:1b:06:0c:c0:2f:66:78:cf:c6:e8:f7:66:
         58:5f:1c:cc:86:35:62:29:28:64:5d:30:95:51:e6:de:64:12:
         6d:ce:a2:6d:eb:3a:67:b4:08:bd:5c:c0:47:b9:30:1d:8b:6d:
         0c:db:0f:1b:5e:2e:fd:f9:98:1f:f0:1f:c0:b6:bb:ca:d9:47:
         19:81:7a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBT76zwbFxtOR7WJt8bo0OIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjQwNjI2MDk0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzgwNWE5MWQ3N2Y0Y2Q2OWQzODM0Nzg5OWYyODA2MWMyNDVjMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYwG/6/40yZ+8m+qcWfZXuZn9hnR
OXzCLUS7jA9pD3quKytbOPdwnTeAkF2AkvGkufFsmkx8Oe7ub5np0xf6wHrSAb5o
JalFZREaj/gf8drG0SnCXGtN8kBHFxoeaGc6weExohHkaOpSKiHr5nicB++CWOka
XMTh73nO2cmDtdlz9vlVs9PRF7Ah4v0p4ly+1rzRW5x33OyGxlsoxSyA4+AEyzq4
yonN9Je3oamQ/dKSz/frLz6ro5ecrsEyc2cfqFF6ehbdvWKHyz3TRMS3h+WuuQvU
1FXARydpYOEjbt22Idef9ZtSN13ZApTuy+tUTydc9TIfuFMtchntzTO7rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeAWpHXf0zWnTg0eJnygGHCRcCFMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvUjRCYWtkZF9UTmFkT0RSNG1mS0FZY0pGd0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXFdpMA0G
CSqGSIb3DQEBCwUAA4IBAQBmiMinyAVbW5aVXlQ/DAC4bYk85GV+X69liaF8G3x7
Fz5mH9ytrK+UG6m0Ckmg6zVy6cC2v/5RgDMi3am1SKiWDqigacCv3ZWzkUEyYdrm
bzl3vO5BIw8Mcm/H6+QJODNsPaWFMDmySvpebdtyAjagNg0O/eilr8UAJtINjb8a
oFSUHwt75xSF/tqbnXpVz52jcmX4bQQ1iHlMemZ39uwq6jiwjfTcTSR9wC+tJ8vl
piJVcZgd22ynZH8bBgzAL2Z4z8bo92ZYXxzMhjViKShkXTCVUebeZBJtzqJt6zpn
tAi9XMBHuTAdi20M2w8bXi79+Zgf8B/AtrvK2UcZgXqF
-----END CERTIFICATE-----