Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/DaHJf5zJdrEzBmXp8PhirWbB7RE.roa
File:                     DaHJf5zJdrEzBmXp8PhirWbB7RE.roa (raw, json)
Hash identifier:          ovX/TVikZEguwDMzOaVMvouuyRj94KbWv/RhwSOgbuE=
Subject key identifier:   0D:A1:C9:7F:9C:C9:76:B1:33:06:65:E9:F0:F8:62:AD:66:C1:ED:11
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CC6B8CA8553A1CE286DC418EB1C7CFE81
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/DaHJf5zJdrEzBmXp8PhirWbB7RE.roa
Signing time:             Mon 01 Jan 2024 20:30:48 +0000
ROA not before:           Mon 01 Jan 2024 20:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210574
IP address blocks:        141.98.112.0/24 maxlen: 24
                          141.98.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ca:85:53:a1:ce:28:6d:c4:18:eb:1c:7c:fe:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 20:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0da1c97f9cc976b1330665e9f0f862ad66c1ed11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7d:2b:36:fc:a4:e3:d4:af:80:57:69:94:a1:
                    66:c7:54:b8:53:b1:30:16:e0:f6:eb:03:52:5f:1a:
                    ef:c6:c9:23:14:b5:5a:c5:74:1f:73:38:a0:ea:8e:
                    d6:f6:2a:4d:78:d9:78:ea:54:cd:f6:da:ca:e1:09:
                    61:22:1b:93:31:cb:37:f3:b4:54:76:f5:bf:f9:fb:
                    09:57:1d:a5:16:a0:f3:f1:51:1b:3e:3d:87:c1:83:
                    b5:33:8f:d9:9e:16:9d:d9:f1:02:2d:ea:88:92:65:
                    50:a4:af:c0:03:a0:57:3e:fc:f8:09:a9:43:54:43:
                    fa:86:d7:61:53:eb:60:02:8b:d0:f9:71:45:a6:eb:
                    cc:50:ef:03:6e:00:a1:9d:56:8d:be:db:81:72:29:
                    bd:d0:57:99:8e:aa:b2:2b:ed:7c:67:18:f3:32:a5:
                    8e:b6:31:1c:be:19:0f:10:bd:03:1a:f6:b2:90:89:
                    72:df:3a:06:61:4f:61:72:52:56:8d:11:aa:5f:b6:
                    d9:83:31:b9:05:ea:7c:5a:b4:af:92:8d:64:1e:f2:
                    22:1e:00:2e:e6:7e:f5:3e:ca:99:06:63:51:66:0d:
                    75:b0:77:47:a7:9d:e9:48:ec:bc:c1:43:d5:0a:3f:
                    58:73:a2:53:5e:83:e2:fa:4a:00:3f:56:87:6e:18:
                    eb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A1:C9:7F:9C:C9:76:B1:33:06:65:E9:F0:F8:62:AD:66:C1:ED:11
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/DaHJf5zJdrEzBmXp8PhirWbB7RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.112.0/24
                  141.98.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:eb:3d:a1:8b:be:25:23:6c:87:b7:1a:ac:f6:85:d9:e0:fc:
         86:8d:76:14:be:4d:ca:8e:54:fe:de:bb:53:fb:cd:64:24:ba:
         44:70:0f:86:3b:56:6a:ff:d5:18:db:49:c3:d6:45:c1:2f:0d:
         c3:ac:4e:ca:4b:9d:d0:5d:1e:a7:67:a8:48:06:11:f3:c5:42:
         b6:aa:b4:25:b6:c1:77:b3:b2:89:e3:cf:f2:6b:8a:6a:97:59:
         17:12:c7:61:90:b0:a4:e2:3a:05:ca:81:1d:f5:19:d0:8b:89:
         2d:37:7b:b4:bf:36:96:08:f4:b4:5e:c3:ac:a6:0c:b0:29:cd:
         1c:fe:00:ca:fa:ef:f3:e7:06:7c:d7:eb:5e:51:5c:b2:46:c6:
         1e:df:fe:49:ae:e0:93:b0:f9:c2:73:e6:c7:d9:a8:9c:db:ff:
         43:2c:0f:e4:92:29:19:a3:85:24:a8:04:b9:1f:94:e7:0b:ea:
         0a:6f:1f:9b:ad:f5:ce:00:11:43:41:f7:35:5c:5d:97:46:bb:
         9f:1a:38:21:02:48:3c:39:ce:28:49:8e:db:78:aa:e2:c7:8b:
         38:ed:59:f7:f1:28:2d:c1:99:28:1d:6c:c6:58:a2:35:15:f8:
         fe:36:b8:1a:d3:e5:66:19:b5:9d:f9:9b:98:57:37:84:c6:b0:
         b4:5e:a4:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuMqFU6HOKG3EGOscfP6BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTAxMjAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGExYzk3ZjljYzk3NmIxMzMwNjY1ZTlmMGY4NjJhZDY2YzFlZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy30rNvyk49SvgFdplKFmx1S4U7Ew
FuD26wNSXxrvxskjFLVaxXQfczig6o7W9ipNeNl46lTN9trK4QlhIhuTMcs387RU
dvW/+fsJVx2lFqDz8VEbPj2HwYO1M4/Znhad2fECLeqIkmVQpK/AA6BXPvz4CalD
VEP6htdhU+tgAovQ+XFFpuvMUO8DbgChnVaNvtuBcim90FeZjqqyK+18ZxjzMqWO
tjEcvhkPEL0DGvaykIly3zoGYU9hclJWjRGqX7bZgzG5Bep8WrSvko1kHvIiHgAu
5n71PsqZBmNRZg11sHdHp53pSOy8wUPVCj9Yc6JTXoPi+koAP1aHbhjrCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA2hyX+cyXaxMwZl6fD4Yq1mwe0RMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvRGFISmY1ekpkckV6Qm1YcDhQaGlyV2JCN1JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjWJwAwQA
jWJzMA0GCSqGSIb3DQEBCwUAA4IBAQCW6z2hi74lI2yHtxqs9oXZ4PyGjXYUvk3K
jlT+3rtT+81kJLpEcA+GO1Zq/9UY20nD1kXBLw3DrE7KS53QXR6nZ6hIBhHzxUK2
qrQltsF3s7KJ48/ya4pql1kXEsdhkLCk4joFyoEd9RnQi4ktN3u0vzaWCPS0XsOs
pgywKc0c/gDK+u/z5wZ81+teUVyyRsYe3/5JruCTsPnCc+bH2aic2/9DLA/kkikZ
o4UkqAS5H5TnC+oKbx+brfXOABFDQfc1XF2XRrufGjghAkg8Oc4oSY7beKrix4s4
7Vn38SgtwZkoHWzGWKI1Ffj+Nrga0+VmGbWd+ZuYVzeExrC0XqTb
-----END CERTIFICATE-----