Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/pZH2ySPh29jiSoNIP_FwWE5KxTg.roa
File:                     pZH2ySPh29jiSoNIP_FwWE5KxTg.roa (raw, json)
Hash identifier:          Dy/Sw/qHcL4YlJjDsvIPWcx9nxJ27bDAKX7VEJF3xiQ=
Subject key identifier:   A5:91:F6:C9:23:E1:DB:D8:E2:4A:83:48:3F:F1:70:58:4E:4A:C5:38
Certificate issuer:       /CN=8a3ec0537242f44ce7d5933e9b32204b3f85e99f
Certificate serial:       018CC3495F26C2B92BE07F0550D69AFC4B96
Authority key identifier: 8A:3E:C0:53:72:42:F4:4C:E7:D5:93:3E:9B:32:20:4B:3F:85:E9:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/pZH2ySPh29jiSoNIP_FwWE5KxTg.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.110.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5f:26:c2:b9:2b:e0:7f:05:50:d6:9a:fc:4b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a3ec0537242f44ce7d5933e9b32204b3f85e99f
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a591f6c923e1dbd8e24a83483ff170584e4ac538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:41:a0:cb:4a:7c:1a:db:00:25:e8:0a:1a:e7:
                    79:16:68:54:ff:6b:de:02:84:23:58:4b:79:98:f2:
                    0c:7c:19:41:9d:43:64:9c:ef:1a:c9:b1:c3:7d:2b:
                    9d:27:19:24:7f:f4:c4:df:41:b9:5b:e4:5f:8e:09:
                    4a:41:ec:d6:af:ff:d3:d9:8c:2c:ae:ad:da:25:67:
                    e4:76:64:dc:b7:b7:6a:b3:14:a2:bf:71:5e:71:3f:
                    4d:d7:a9:44:ec:6a:78:39:3d:55:4a:cc:3f:fc:fc:
                    48:26:c1:6a:53:07:f6:22:d7:84:72:0c:ef:3d:eb:
                    c0:70:26:0c:90:68:4f:fd:a9:4c:a7:71:c5:26:53:
                    d7:5c:18:58:0b:1a:7a:61:14:f3:29:2a:35:61:ab:
                    f7:7b:09:bc:1d:f4:07:00:55:74:b7:9b:72:9a:73:
                    85:72:09:f4:37:9f:1f:ea:5c:38:0d:e9:e8:3a:a3:
                    47:c4:ff:78:e3:f6:28:69:d5:c1:f9:8d:56:0b:43:
                    46:6b:16:fc:7a:af:0d:bf:aa:46:8a:85:22:15:c0:
                    b0:0d:d1:fe:5a:80:a5:4f:30:c6:89:0e:5a:71:48:
                    5a:82:ac:6d:73:e4:85:7e:44:d6:7e:89:b4:83:b1:
                    5a:21:96:80:4d:3f:de:ce:58:49:0f:8c:4a:7a:56:
                    57:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:91:F6:C9:23:E1:DB:D8:E2:4A:83:48:3F:F1:70:58:4E:4A:C5:38
            X509v3 Authority Key Identifier:
                keyid:8A:3E:C0:53:72:42:F4:4C:E7:D5:93:3E:9B:32:20:4B:3F:85:E9:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/pZH2ySPh29jiSoNIP_FwWE5KxTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:a6:53:d6:73:95:7c:cd:45:64:ae:b5:0b:b4:80:7d:f7:ba:
         e2:88:70:0a:25:fe:01:c9:a3:2e:72:83:8c:ce:52:f4:c8:97:
         c2:b4:cf:ed:6a:90:24:a6:58:b5:75:8b:33:43:ad:b3:fa:46:
         a7:bb:a7:05:e6:6a:25:30:7e:63:62:0a:db:e5:f5:69:13:9c:
         18:f8:6f:11:c9:5e:1b:49:bf:91:47:66:fb:c7:68:93:f4:cc:
         20:0a:52:67:e2:4e:b8:23:6e:8f:33:c5:01:e0:23:6f:b7:97:
         c2:58:ca:ce:24:a7:12:31:e4:ce:90:e0:97:7e:a7:82:15:65:
         e1:07:be:02:55:bb:61:29:2e:d5:18:ec:81:3d:3d:6d:c5:ea:
         00:be:17:b0:08:54:a0:f0:ed:ed:a4:8b:6b:e6:4f:db:03:fe:
         0c:2d:ce:ca:2a:fe:96:59:91:d0:dd:88:19:63:6c:61:03:c4:
         25:39:5d:67:db:38:27:6c:a7:cb:09:ca:49:f3:e9:e3:1a:9b:
         e0:bd:3f:27:ed:32:7c:84:d8:59:89:7b:96:1d:7f:bb:40:e3:
         c9:86:d2:c2:38:53:6d:0c:b6:a1:bc:b7:25:03:e5:36:3f:78:
         65:96:75:e1:79:11:9e:74:6e:ae:20:89:d2:40:87:ab:bb:d8:
         57:bc:a0:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSV8mwrkr4H8FUNaa/EuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhM2VjMDUzNzI0MmY0NGNlN2Q1OTMzZTliMzIyMDRiM2Y4
NWU5OWYwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTkxZjZjOTIzZTFkYmQ4ZTI0YTgzNDgzZmYxNzA1ODRlNGFjNTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEGgy0p8GtsAJegKGud5FmhU/2ve
AoQjWEt5mPIMfBlBnUNknO8aybHDfSudJxkkf/TE30G5W+RfjglKQezWr//T2Yws
rq3aJWfkdmTct7dqsxSiv3FecT9N16lE7Gp4OT1VSsw//PxIJsFqUwf2IteEcgzv
PevAcCYMkGhP/alMp3HFJlPXXBhYCxp6YRTzKSo1Yav3ewm8HfQHAFV0t5tymnOF
cgn0N58f6lw4DenoOqNHxP944/YoadXB+Y1WC0NGaxb8eq8Nv6pGioUiFcCwDdH+
WoClTzDGiQ5acUhagqxtc+SFfkTWfom0g7FaIZaATT/ezlhJD4xKelZXpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWR9skj4dvY4kqDSD/xcFhOSsU4MB8GA1UdIwQY
MBaAFIo+wFNyQvRM59WTPpsyIEs/hemfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWo3QVUzSkM5RXpuMVpNLW16SWdTei1GNlo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS85ZWIwMDItZDI2YS00NmQ2LTlkODct
ODQwOTMwNjFlOWZmLzEvcFpIMnlTUGgyOWppU29OSVBfRndXRTVLeFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS85ZWIwMDItZDI2YS00NmQ2LTlkODctODQwOTMwNjFlOWZm
LzEvaWo3QVUzSkM5RXpuMVpNLW16SWdTei1GNlo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW5iMA0G
CSqGSIb3DQEBCwUAA4IBAQAcplPWc5V8zUVkrrULtIB997riiHAKJf4ByaMucoOM
zlL0yJfCtM/tapAkpli1dYszQ62z+kanu6cF5molMH5jYgrb5fVpE5wY+G8RyV4b
Sb+RR2b7x2iT9MwgClJn4k64I26PM8UB4CNvt5fCWMrOJKcSMeTOkOCXfqeCFWXh
B74CVbthKS7VGOyBPT1txeoAvhewCFSg8O3tpItr5k/bA/4MLc7KKv6WWZHQ3YgZ
Y2xhA8QlOV1n2zgnbKfLCcpJ8+njGpvgvT8n7TJ8hNhZiXuWHX+7QOPJhtLCOFNt
DLahvLclA+U2P3hllnXheRGedG6uIInSQIeru9hXvKAb
-----END CERTIFICATE-----