Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/1-33FGIXffxFw1fm_nzqbjQkgU-8.roa
File:                     1-33FGIXffxFw1fm_nzqbjQkgU-8.roa (raw, json)
Hash identifier:          jy2UTrHMk2ALLRF7WklEtaHYe9J31jM3B2a7AkefrRE=
Subject key identifier:   FB:7D:C5:18:85:DF:7F:11:70:D5:F9:BF:9F:3A:9B:8D:09:20:53:EF
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       01965E5B67BD62062CB1C5C8D7BEDAC4DC09
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/1-33FGIXffxFw1fm_nzqbjQkgU-8.roa
Signing time:             Tue 22 Apr 2025 16:36:10 +0000
ROA not before:           Tue 22 Apr 2025 16:36:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        92.60.72.0/23 maxlen: 23
                          92.60.74.0/24 maxlen: 24
                          92.60.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5e:5b:67:bd:62:06:2c:b1:c5:c8:d7:be:da:c4:dc:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Apr 22 16:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb7dc51885df7f1170d5f9bf9f3a9b8d092053ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fa:b8:1f:ff:73:49:c9:83:44:d6:51:47:3e:
                    88:65:d2:12:bb:77:e0:4e:99:6b:55:d5:12:f9:38:
                    bd:ad:88:d3:8f:a3:ae:b4:a5:e8:1d:a3:1a:29:64:
                    42:ec:15:57:02:3c:78:16:2b:85:15:47:72:e0:f0:
                    a2:fa:17:67:2f:86:ad:c0:e6:e9:95:b3:b3:49:a8:
                    0f:1f:a2:d2:bd:ce:41:65:e3:15:3c:2f:46:39:29:
                    20:37:4f:fe:fe:97:dd:07:db:3f:80:a3:80:ee:4e:
                    9f:72:ad:18:fb:c6:8e:57:23:33:3f:22:be:03:b8:
                    a9:f6:f1:36:6e:fe:60:03:46:cd:83:fa:f4:43:94:
                    ab:55:c7:25:49:4f:b9:6d:14:ba:a6:3d:43:0e:3c:
                    3e:f0:33:49:26:34:9f:28:14:e8:0a:cd:ea:de:31:
                    0f:59:fb:d9:81:5a:c9:0e:1b:c4:90:d8:a6:49:1f:
                    c2:5a:16:62:33:db:b7:6d:cf:f3:23:40:30:b6:d8:
                    62:5f:36:1c:65:d5:e6:a3:96:fa:f1:3c:d6:84:c8:
                    de:77:ac:15:f4:b1:6d:15:43:14:c4:58:c6:d2:54:
                    df:05:b3:35:25:c6:88:0b:ca:46:9b:40:c3:be:e1:
                    ff:e7:15:06:3e:c1:c6:e8:86:9a:a3:03:b3:70:f8:
                    c0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7D:C5:18:85:DF:7F:11:70:D5:F9:BF:9F:3A:9B:8D:09:20:53:EF
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/1-33FGIXffxFw1fm_nzqbjQkgU-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:76:0e:12:2c:6d:57:25:52:f4:56:10:16:0d:dc:84:15:af:
         cd:4e:13:64:88:4b:86:26:ae:51:ed:02:c8:95:9e:7e:e2:e4:
         b4:d7:14:2a:11:79:a4:3a:2a:3b:9e:97:f9:8f:30:c7:a5:00:
         4f:c3:1b:09:0c:be:07:7a:23:4d:b8:18:07:39:ea:72:5b:d9:
         77:c8:eb:8c:a5:67:f2:cc:16:0c:66:6e:c8:ab:a5:f9:23:ce:
         6f:fc:f1:e5:49:7d:bf:88:bc:f5:ba:31:37:65:f4:29:fb:c4:
         6f:27:95:21:a1:a2:bc:b3:96:61:9f:98:c3:e0:be:74:f2:8d:
         83:e4:14:85:74:97:2c:fb:cf:97:f2:79:27:3d:a7:03:fa:37:
         3e:29:61:bd:20:7a:72:c5:52:83:cf:02:b9:cb:fd:9a:75:01:
         75:1f:67:7a:06:e6:54:b1:9e:30:f3:70:cf:31:31:99:38:e8:
         e4:3d:68:60:07:8a:4f:b3:28:c8:ee:bc:26:0b:1a:d8:e4:52:
         89:54:98:c6:88:d3:84:66:9e:04:ce:a0:cb:5b:02:43:5d:6d:
         5a:b7:75:12:c4:d2:dc:b5:a6:dd:1d:b6:77:fe:db:f9:bb:72:
         bc:42:e1:64:71:6c:93:69:f2:cc:38:47:b9:39:e8:49:d2:21:
         d9:b5:b9:0a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZeW2e9YgYsscXI177axNwJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjUwNDIyMTYzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjdkYzUxODg1ZGY3ZjExNzBkNWY5YmY5ZjNhOWI4ZDA5MjA1M2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvq4H/9zScmDRNZRRz6IZdISu3fg
TplrVdUS+Ti9rYjTj6OutKXoHaMaKWRC7BVXAjx4FiuFFUdy4PCi+hdnL4atwObp
lbOzSagPH6LSvc5BZeMVPC9GOSkgN0/+/pfdB9s/gKOA7k6fcq0Y+8aOVyMzPyK+
A7ip9vE2bv5gA0bNg/r0Q5SrVcclSU+5bRS6pj1DDjw+8DNJJjSfKBToCs3q3jEP
WfvZgVrJDhvEkNimSR/CWhZiM9u3bc/zI0AwtthiXzYcZdXmo5b68TzWhMjed6wV
9LFtFUMUxFjG0lTfBbM1JcaIC8pGm0DDvuH/5xUGPsHG6IaaowOzcPjABQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPt9xRiF338RcNX5v586m40JIFPvMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvMS0zM0ZHSVhmZnhGdzFmbV9uenFialFrZ1UtOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvOTU2MmJmLTkyYmMtNDZlYi05ZDE2LTJiYWRjZTQ2Njg1
My8xL1FOM25HMEdfLXh0UmJnZXd4aE9SdmZUVHZ4RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlw8SDAN
BgkqhkiG9w0BAQsFAAOCAQEAIHYOEixtVyVS9FYQFg3chBWvzU4TZIhLhiauUe0C
yJWefuLktNcUKhF5pDoqO56X+Y8wx6UAT8MbCQy+B3ojTbgYBznqclvZd8jrjKVn
8swWDGZuyKul+SPOb/zx5Ul9v4i89boxN2X0KfvEbyeVIaGivLOWYZ+Yw+C+dPKN
g+QUhXSXLPvPl/J5Jz2nA/o3PilhvSB6csVSg88Cucv9mnUBdR9negbmVLGeMPNw
zzExmTjo5D1oYAeKT7MoyO68Jgsa2ORSiVSYxojThGaeBM6gy1sCQ11tWrd1EsTS
3LWm3R22d/7b+btyvELhZHFsk2nyzDhHuTnoSdIh2bW5Cg==
-----END CERTIFICATE-----