Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/rhWRMoHJEdDlcXTxLcZPpwEAhyQ.roa
File:                     rhWRMoHJEdDlcXTxLcZPpwEAhyQ.roa (raw, json)
Hash identifier:          9kMvuLNp39mmHFxOJXuGk+01t15k8QeCoHch0nB3CZE=
Subject key identifier:   AE:15:91:32:81:C9:11:D0:E5:71:74:F1:2D:C6:4F:A7:01:00:87:24
Certificate issuer:       /CN=28992ebb83eb8b73a2a21e5b033dbdeb1df4f23d
Certificate serial:       018CC6B81B343AF19F39E9C947248D8A2D84
Authority key identifier: 28:99:2E:BB:83:EB:8B:73:A2:A2:1E:5B:03:3D:BD:EB:1D:F4:F2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJkuu4Pri3Oioh5bAz296x308j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/rhWRMoHJEdDlcXTxLcZPpwEAhyQ.roa
Signing time:             Mon 01 Jan 2024 20:30:03 +0000
ROA not before:           Mon 01 Jan 2024 20:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197645
IP address blocks:        185.146.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/KJkuu4Pri3Oioh5bAz296x308j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/KJkuu4Pri3Oioh5bAz296x308j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJkuu4Pri3Oioh5bAz296x308j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:1b:34:3a:f1:9f:39:e9:c9:47:24:8d:8a:2d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28992ebb83eb8b73a2a21e5b033dbdeb1df4f23d
        Validity
            Not Before: Jan  1 20:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae15913281c911d0e57174f12dc64fa701008724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:71:a1:86:c5:10:35:85:45:96:00:4c:ef:88:
                    f6:2d:80:7c:59:e0:54:99:ea:bb:b0:c9:21:6b:93:
                    4f:46:e7:99:f9:86:7a:77:9b:9c:95:5a:cb:85:64:
                    c1:db:ef:d4:0f:b5:81:15:d4:ce:9f:e8:a6:a3:10:
                    ec:99:ce:7b:df:11:89:0a:a5:a8:5e:4b:97:f7:db:
                    27:0b:f2:f4:10:21:0f:42:90:a8:47:a8:8f:45:58:
                    71:41:43:7f:6f:2a:66:18:c6:15:15:95:14:2e:0e:
                    d2:c9:c3:3c:25:fb:fa:57:33:c9:73:ec:df:91:8d:
                    ae:13:96:5b:b1:06:5a:0c:15:bc:bd:7a:eb:a2:ce:
                    1b:a0:be:d9:91:20:ea:f0:36:c2:49:3f:a5:0e:a3:
                    70:f7:df:be:8e:48:aa:36:31:79:63:91:fc:e4:67:
                    61:8c:ed:55:f6:66:c4:06:4c:18:1c:2e:b1:ed:34:
                    a0:02:db:f9:bd:41:4f:d9:80:b9:4e:8b:a6:af:c2:
                    ff:74:a3:f9:62:49:50:9c:b4:c4:97:ba:6b:2a:f7:
                    5e:22:54:4d:60:8d:46:69:68:f7:83:31:b8:03:be:
                    32:ea:16:0e:d8:6d:ce:03:64:5c:bd:8d:cd:a5:ef:
                    8f:29:f9:f7:10:0e:b2:0d:08:b2:17:fa:ac:b0:29:
                    4f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:15:91:32:81:C9:11:D0:E5:71:74:F1:2D:C6:4F:A7:01:00:87:24
            X509v3 Authority Key Identifier:
                keyid:28:99:2E:BB:83:EB:8B:73:A2:A2:1E:5B:03:3D:BD:EB:1D:F4:F2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJkuu4Pri3Oioh5bAz296x308j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/rhWRMoHJEdDlcXTxLcZPpwEAhyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/KJkuu4Pri3Oioh5bAz296x308j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:a3:86:f8:79:8a:52:72:32:01:bc:b3:d3:20:99:d4:83:d2:
         20:0b:4e:0a:5e:f5:06:35:fc:5d:1a:13:26:7a:d7:f3:e2:f0:
         52:9c:68:4d:46:7a:c7:43:e6:05:90:e9:32:0c:01:80:3f:62:
         c6:3b:fe:94:1c:cd:ca:ae:b5:57:cf:92:79:ea:f6:9d:36:d0:
         e8:28:68:6a:a1:c3:63:d2:9a:ac:f2:3a:36:30:c3:27:1e:67:
         9d:31:be:9a:7c:9c:a3:85:c9:06:16:f2:1b:79:e4:b0:1a:bd:
         55:f4:e1:fc:97:3e:c5:e0:a3:65:98:5e:17:9d:1c:91:b6:67:
         87:a6:1c:63:cc:03:64:16:1d:81:fa:30:77:66:a6:2d:97:1f:
         09:17:f8:a4:1e:f1:d0:30:52:aa:64:f9:73:81:64:91:81:a4:
         25:dd:8b:ce:8e:78:bd:3a:bf:5f:44:4c:90:d1:ed:55:b3:57:
         5a:7c:f2:ca:8e:b1:c0:0d:83:57:88:4d:a1:60:19:91:eb:e8:
         d8:df:de:89:29:1d:f5:0b:ee:e0:d8:5f:43:b0:6c:68:72:03:
         a8:ba:57:1b:f0:93:9b:bb:95:4f:94:2d:73:a7:f0:b4:1d:04:
         6a:f3:d8:94:bd:86:80:0b:c6:d3:8c:88:25:bb:1a:76:3e:17:
         09:c1:4b:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuBs0OvGfOenJRySNii2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTkyZWJiODNlYjhiNzNhMmEyMWU1YjAzM2RiZGViMWRm
NGYyM2QwHhcNMjQwMTAxMjAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE1OTEzMjgxYzkxMWQwZTU3MTc0ZjEyZGM2NGZhNzAxMDA4NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3GhhsUQNYVFlgBM74j2LYB8WeBU
meq7sMkha5NPRueZ+YZ6d5uclVrLhWTB2+/UD7WBFdTOn+imoxDsmc573xGJCqWo
XkuX99snC/L0ECEPQpCoR6iPRVhxQUN/bypmGMYVFZUULg7SycM8Jfv6VzPJc+zf
kY2uE5ZbsQZaDBW8vXrros4boL7ZkSDq8DbCST+lDqNw99++jkiqNjF5Y5H85Gdh
jO1V9mbEBkwYHC6x7TSgAtv5vUFP2YC5Toumr8L/dKP5YklQnLTEl7prKvdeIlRN
YI1GaWj3gzG4A74y6hYO2G3OA2RcvY3Npe+PKfn3EA6yDQiyF/qssClP3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4VkTKByRHQ5XF08S3GT6cBAIckMB8GA1UdIwQY
MBaAFCiZLruD64tzoqIeWwM9vesd9PI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0prdXU0UHJpM09pb2g1YkF6Mjk2eDMwOGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9mOThkY2UtOTkyZC00ZjY0LWJjMzgt
YjM2YjhlODkyYzZjLzEvcmhXUk1vSEpFZERsY1hUeExjWlBwd0VBaHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9mOThkY2UtOTkyZC00ZjY0LWJjMzgtYjM2YjhlODkyYzZj
LzEvS0prdXU0UHJpM09pb2g1YkF6Mjk2eDMwOGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZJgMA0G
CSqGSIb3DQEBCwUAA4IBAQARo4b4eYpScjIBvLPTIJnUg9IgC04KXvUGNfxdGhMm
etfz4vBSnGhNRnrHQ+YFkOkyDAGAP2LGO/6UHM3KrrVXz5J56vadNtDoKGhqocNj
0pqs8jo2MMMnHmedMb6afJyjhckGFvIbeeSwGr1V9OH8lz7F4KNlmF4XnRyRtmeH
phxjzANkFh2B+jB3ZqYtlx8JF/ikHvHQMFKqZPlzgWSRgaQl3YvOjni9Or9fREyQ
0e1Vs1dafPLKjrHADYNXiE2hYBmR6+jY396JKR31C+7g2F9DsGxocgOoulcb8JOb
u5VPlC1zp/C0HQRq89iUvYaAC8bTjIgluxp2PhcJwUsK
-----END CERTIFICATE-----