Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Sag71X9CjBXttNETcBl8I-L4L-4.roa
File:                     Sag71X9CjBXttNETcBl8I-L4L-4.roa (raw, json)
Hash identifier:          AUDQd+v6tfPx7ssNgBh/8aQtcib7c1nznEr8qL7Xsek=
Subject key identifier:   49:A8:3B:D5:7F:42:8C:15:ED:B4:D1:13:70:19:7C:23:E2:F8:2F:EE
Certificate issuer:       /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial:       018CC8DF63DE749375DF50F47CE5174762B5
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Sag71X9CjBXttNETcBl8I-L4L-4.roa
Signing time:             Tue 02 Jan 2024 06:32:12 +0000
ROA not before:           Tue 02 Jan 2024 06:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211327
IP address blocks:        176.98.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:63:de:74:93:75:df:50:f4:7c:e5:17:47:62:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
        Validity
            Not Before: Jan  2 06:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49a83bd57f428c15edb4d11370197c23e2f82fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d8:4d:8c:d3:d8:99:ec:c1:e9:1c:b9:24:1e:
                    57:9c:ed:9b:e2:7b:ad:c9:fe:d6:22:28:a1:d6:07:
                    04:07:6c:0d:b4:2b:5f:76:cc:f7:4b:ef:80:4e:cf:
                    65:a0:e5:f7:fb:bf:d8:d3:ab:28:7e:81:82:13:d0:
                    10:89:b7:2e:2a:7e:57:6a:31:f7:04:e6:4e:56:67:
                    a2:31:89:6a:af:1a:1b:69:38:24:db:9f:14:5d:26:
                    2c:e6:29:64:c7:5a:26:d8:cb:8b:85:81:60:43:95:
                    06:b7:29:4f:74:2c:96:81:2a:13:31:d3:ff:60:44:
                    28:8d:1a:54:d9:76:e3:ef:cd:7e:d7:4f:ea:ce:1f:
                    0e:7d:e2:fc:30:a6:5f:54:96:96:b8:ff:b6:37:67:
                    51:08:d2:e4:b7:b5:eb:89:89:79:9f:ac:3d:c4:01:
                    7b:ad:c7:71:80:80:a8:c8:9d:8c:d8:e9:b0:1f:bb:
                    8e:ed:3e:e4:c9:0e:00:84:3d:c2:ab:0e:76:da:09:
                    3c:cd:53:a3:ce:2e:fb:10:a7:60:38:ed:a3:d2:38:
                    8c:51:cd:35:7d:91:3b:ce:6a:9e:a6:3c:a7:b0:2a:
                    97:fd:46:a7:48:64:10:7c:9a:da:c2:37:df:52:7a:
                    79:76:ee:07:0b:33:60:17:28:32:04:c4:d6:c0:d4:
                    9e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:A8:3B:D5:7F:42:8C:15:ED:B4:D1:13:70:19:7C:23:E2:F8:2F:EE
            X509v3 Authority Key Identifier:
                keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Sag71X9CjBXttNETcBl8I-L4L-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:6b:ef:f7:5d:26:26:3f:55:29:71:b7:7a:04:a8:b8:d5:75:
         d5:e6:57:ca:0b:7e:5d:db:bf:1f:f8:45:0b:5a:47:32:c2:07:
         2f:e0:e2:e5:bb:85:17:d8:81:19:46:39:c6:b1:a8:4b:6a:b0:
         4a:1c:12:4e:2b:56:9a:9d:7a:33:d7:71:b1:49:11:0e:ea:8e:
         6d:26:3f:4c:74:ce:d7:b3:4e:ab:89:13:19:72:a7:b9:85:03:
         6d:a6:1e:d4:57:5c:af:8b:a6:a2:43:5f:29:79:5c:b9:53:82:
         63:84:ee:c4:e4:89:ff:2d:a5:4f:62:93:b7:e1:4e:cb:e7:24:
         77:1a:57:c4:86:6e:87:dd:45:50:da:3f:61:77:82:fd:f8:4e:
         bf:f9:1a:38:f7:78:18:97:ee:82:cc:87:c1:9d:1a:62:7d:6e:
         c7:c4:10:0a:bd:0c:0e:7a:b6:47:75:f0:8a:5c:c9:8c:7d:61:
         d2:5e:45:86:27:76:f9:dd:8f:75:6f:c4:51:19:88:2a:98:4c:
         a4:b5:ed:d6:40:9b:32:39:29:2b:c0:31:72:0a:c5:61:ba:34:
         9c:8f:e0:eb:41:c2:9e:9a:35:3c:d9:e0:c3:28:c4:ae:11:3d:
         b8:7f:2c:e9:ee:80:45:b3:6e:98:de:f0:01:6b:47:1f:e6:b8:
         a5:f9:d8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI32PedJN131D0fOUXR2K1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwMTAyMDYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWE4M2JkNTdmNDI4YzE1ZWRiNGQxMTM3MDE5N2MyM2UyZjgyZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdhNjNPYmezB6Ry5JB5XnO2b4nut
yf7WIiih1gcEB2wNtCtfdsz3S++ATs9loOX3+7/Y06sofoGCE9AQibcuKn5XajH3
BOZOVmeiMYlqrxobaTgk258UXSYs5ilkx1om2MuLhYFgQ5UGtylPdCyWgSoTMdP/
YEQojRpU2Xbj781+10/qzh8OfeL8MKZfVJaWuP+2N2dRCNLkt7XriYl5n6w9xAF7
rcdxgICoyJ2M2OmwH7uO7T7kyQ4AhD3Cqw522gk8zVOjzi77EKdgOO2j0jiMUc01
fZE7zmqepjynsCqX/UanSGQQfJrawjffUnp5du4HCzNgFygyBMTWwNSe/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmoO9V/QowV7bTRE3AZfCPi+C/uMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvU2FnNzFYOUNqQlh0dE5FVGNCbDhJLUw0TC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGIoMA0G
CSqGSIb3DQEBCwUAA4IBAQCSa+/3XSYmP1Upcbd6BKi41XXV5lfKC35d278f+EUL
Wkcywgcv4OLlu4UX2IEZRjnGsahLarBKHBJOK1aanXoz13GxSREO6o5tJj9MdM7X
s06riRMZcqe5hQNtph7UV1yvi6aiQ18peVy5U4JjhO7E5In/LaVPYpO34U7L5yR3
GlfEhm6H3UVQ2j9hd4L9+E6/+Ro493gYl+6CzIfBnRpifW7HxBAKvQwOerZHdfCK
XMmMfWHSXkWGJ3b53Y91b8RRGYgqmEykte3WQJsyOSkrwDFyCsVhujScj+DrQcKe
mjU82eDDKMSuET24fyzp7oBFs26Y3vABa0cf5ril+dix
-----END CERTIFICATE-----