Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/Z6YqcZ9KHtKvPm0I0GbEBnjnGyA.roa
File:                     Z6YqcZ9KHtKvPm0I0GbEBnjnGyA.roa (raw, json)
Hash identifier:          8VSz/Az4d8eNEBGei5Ym6f73MhFJGTh9thxC6yc3Ehg=
Subject key identifier:   67:A6:2A:71:9F:4A:1E:D2:AF:3E:6D:08:D0:66:C4:06:78:E7:1B:20
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01905E4CA11176082688BF2C55A8F4A47FC7
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/Z6YqcZ9KHtKvPm0I0GbEBnjnGyA.roa
Signing time:             Fri 28 Jun 2024 10:03:18 +0000
ROA not before:           Fri 28 Jun 2024 10:03:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212163
IP address blocks:        92.55.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:4c:a1:11:76:08:26:88:bf:2c:55:a8:f4:a4:7f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jun 28 10:03:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67a62a719f4a1ed2af3e6d08d066c40678e71b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8b:2e:ae:2c:60:31:6f:7c:8e:d5:5a:b6:36:
                    18:58:d5:e7:84:bd:34:e8:93:04:5d:1f:48:d1:55:
                    67:de:4b:ca:86:5c:d2:ba:ea:7d:51:84:8d:6c:44:
                    e4:a4:b9:3b:7e:30:1a:51:71:e7:8e:46:e6:96:75:
                    80:4d:f0:2e:9a:7f:00:81:b0:74:e3:2a:f3:20:c0:
                    b9:bb:f6:10:46:3a:72:37:d0:8b:69:f1:98:6e:03:
                    f4:02:ba:56:88:14:d7:13:2b:95:e1:c0:1c:fd:60:
                    6e:bf:0b:4c:9d:32:a0:18:d8:0c:de:a0:3d:ea:6c:
                    5e:c8:95:f7:02:94:7a:69:f1:43:24:28:c9:87:69:
                    db:a3:e5:be:1c:fa:8d:89:84:da:4c:cc:11:9a:ed:
                    9b:d3:bb:84:53:f9:ec:61:80:c2:ce:d2:30:6d:15:
                    f7:db:09:51:6f:26:0f:25:48:70:ee:87:53:b0:fe:
                    84:6e:12:8b:66:33:1e:ec:d8:fe:22:fa:7e:23:50:
                    a7:18:be:56:d5:d6:ea:c7:98:1b:ca:da:8e:f6:d5:
                    85:17:76:8f:98:23:2f:f7:28:8a:66:c5:3d:ac:61:
                    1b:87:25:01:be:36:c9:5f:37:0b:fd:8f:c1:08:0b:
                    ee:00:50:1e:39:83:3d:64:7b:5c:09:36:79:01:06:
                    b2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A6:2A:71:9F:4A:1E:D2:AF:3E:6D:08:D0:66:C4:06:78:E7:1B:20
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/Z6YqcZ9KHtKvPm0I0GbEBnjnGyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:79:6c:5c:ba:77:84:0c:ec:11:4e:cf:fd:b6:4f:5c:4c:57:
         99:49:ca:b0:e7:22:a0:df:34:71:62:37:65:c4:a5:c5:ec:17:
         b3:f5:91:d8:b9:b4:60:27:5a:ca:90:87:1b:40:7a:85:4f:ce:
         a0:86:72:e4:7d:34:12:be:e5:94:c6:c8:12:e4:7e:30:49:75:
         5e:60:9b:e5:1d:6d:af:a8:0f:3a:5b:d6:ec:11:6a:5e:5f:3e:
         39:7f:70:8e:b9:6d:db:e1:a0:eb:4c:25:af:b9:9b:70:82:8c:
         17:47:96:62:ed:66:3a:53:22:47:8f:88:8e:6b:03:08:09:cf:
         a2:f3:c0:e7:07:a6:00:d3:2e:fd:47:b9:46:d0:ad:37:7c:a4:
         ed:5b:e5:d3:6b:d4:25:0b:5e:06:30:49:cb:ef:fb:af:c9:2e:
         36:00:46:98:4a:7c:b1:37:ef:49:b7:c9:1e:6b:34:d0:de:57:
         a6:56:9f:08:80:ae:b3:b4:3c:e1:c8:d9:5f:a6:58:1d:59:13:
         42:4d:65:49:06:7e:25:90:3e:e8:03:00:3a:ff:4f:e7:35:66:
         8d:27:2f:6b:31:6a:0f:c7:a3:7c:03:de:11:d1:0f:25:f2:01:
         c4:3f:0c:ae:5d:33:ea:31:94:77:8b:43:31:99:e1:60:c3:90:
         7c:a8:be:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBeTKERdggmiL8sVaj0pH/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwNjI4MTAwMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E2MmE3MTlmNGExZWQyYWYzZTZkMDhkMDY2YzQwNjc4ZTcxYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIsurixgMW98jtVatjYYWNXnhL00
6JMEXR9I0VVn3kvKhlzSuup9UYSNbETkpLk7fjAaUXHnjkbmlnWATfAumn8AgbB0
4yrzIMC5u/YQRjpyN9CLafGYbgP0ArpWiBTXEyuV4cAc/WBuvwtMnTKgGNgM3qA9
6mxeyJX3ApR6afFDJCjJh2nbo+W+HPqNiYTaTMwRmu2b07uEU/nsYYDCztIwbRX3
2wlRbyYPJUhw7odTsP6EbhKLZjMe7Nj+Ivp+I1CnGL5W1dbqx5gbytqO9tWFF3aP
mCMv9yiKZsU9rGEbhyUBvjbJXzcL/Y/BCAvuAFAeOYM9ZHtcCTZ5AQayFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGemKnGfSh7Srz5tCNBmxAZ45xsgMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvWjZZcWNaOUtIdEt2UG0wSTBHYkVCbmpuR3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDfGMA0G
CSqGSIb3DQEBCwUAA4IBAQDBeWxcuneEDOwRTs/9tk9cTFeZScqw5yKg3zRxYjdl
xKXF7Bez9ZHYubRgJ1rKkIcbQHqFT86ghnLkfTQSvuWUxsgS5H4wSXVeYJvlHW2v
qA86W9bsEWpeXz45f3COuW3b4aDrTCWvuZtwgowXR5Zi7WY6UyJHj4iOawMICc+i
88DnB6YA0y79R7lG0K03fKTtW+XTa9QlC14GMEnL7/uvyS42AEaYSnyxN+9Jt8ke
azTQ3lemVp8IgK6ztDzhyNlfplgdWRNCTWVJBn4lkD7oAwA6/0/nNWaNJy9rMWoP
x6N8A94R0Q8l8gHEPwyuXTPqMZR3i0MxmeFgw5B8qL4G
-----END CERTIFICATE-----