Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/8qg-MUL0xe2WoMrYzLG3nJ_7eno.roa
File:                     8qg-MUL0xe2WoMrYzLG3nJ_7eno.roa (raw, json)
Hash identifier:          hx+N+7qB5B7kzJaU0gRWxGXDKJLqZ4MRyu+OLNXMtU4=
Subject key identifier:   F2:A8:3E:31:42:F4:C5:ED:96:A0:CA:D8:CC:B1:B7:9C:9F:FB:7A:7A
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       019007926AC1448A6A9A3FDACBC92541B18C
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/8qg-MUL0xe2WoMrYzLG3nJ_7eno.roa
Signing time:             Tue 11 Jun 2024 13:52:34 +0000
ROA not before:           Tue 11 Jun 2024 13:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62300
IP address blocks:        192.109.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:92:6a:c1:44:8a:6a:9a:3f:da:cb:c9:25:41:b1:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jun 11 13:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a83e3142f4c5ed96a0cad8ccb1b79c9ffb7a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e6:45:27:2b:eb:9e:b4:34:16:bb:69:c1:5c:
                    76:65:cb:1a:a0:a0:0d:24:8a:42:3f:ae:67:86:f2:
                    64:57:db:2e:29:fd:dc:05:e9:d3:4b:7e:8d:6d:d1:
                    51:a3:37:1b:cf:c9:cc:f9:27:11:f0:fb:db:a5:7a:
                    79:ae:2d:eb:63:50:e8:4d:14:49:36:bb:30:bc:73:
                    20:9f:39:89:59:0b:14:05:44:97:b2:0a:46:eb:1e:
                    1b:f0:a6:3f:76:a4:65:da:a4:b8:bd:3d:aa:9f:07:
                    d7:23:6a:c6:5e:47:b8:4b:8d:b5:ad:4d:cf:38:81:
                    04:7c:bd:93:2c:8f:05:05:65:06:66:da:32:4c:e5:
                    81:d3:ec:24:2b:1a:ed:71:69:7d:36:e8:92:6a:c5:
                    0e:cc:3b:87:5c:4c:5e:e9:8e:92:e6:5d:f2:fb:db:
                    b1:43:52:74:5f:17:d9:da:b5:a1:88:94:fd:04:8e:
                    7b:27:02:45:ff:6d:49:1c:99:ec:7d:68:fc:ff:a4:
                    dc:fa:ab:5a:ed:f2:a8:9d:2b:20:a9:87:b8:b0:ec:
                    0a:ec:21:19:76:93:f5:e7:b3:e4:d6:86:52:a5:c3:
                    f8:8b:6e:38:14:43:eb:38:fa:8f:9c:a8:08:8b:f1:
                    bf:77:02:e7:69:fd:68:2c:3e:a2:58:aa:46:57:c5:
                    23:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A8:3E:31:42:F4:C5:ED:96:A0:CA:D8:CC:B1:B7:9C:9F:FB:7A:7A
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/8qg-MUL0xe2WoMrYzLG3nJ_7eno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:8d:36:fd:4b:d2:f8:22:57:0a:aa:f0:b8:2f:c3:87:70:8f:
         6a:32:4b:83:d0:23:50:83:79:22:12:58:62:04:0f:dc:fd:98:
         df:3c:f0:fb:80:dc:dd:89:22:35:eb:5f:66:c8:b5:28:80:14:
         dc:ba:56:1d:3d:51:1c:d7:eb:49:79:6a:ad:09:32:5a:c7:1e:
         eb:53:83:36:50:2d:e5:e8:91:37:e3:1c:fd:44:7c:44:ac:06:
         b1:39:82:99:9d:b3:1d:54:22:f3:fb:63:42:ae:aa:21:15:f3:
         f3:d9:e8:d3:87:ca:e5:16:de:0b:12:8f:89:ca:dd:c6:3a:5f:
         e0:66:75:34:07:1b:1d:02:64:bc:3c:a9:9e:c6:c6:52:95:ca:
         ee:6e:1f:c0:03:74:a7:b0:82:7a:dd:f6:4e:b0:cf:8b:a9:e4:
         1f:3e:31:5a:e3:56:e2:1d:b8:35:1d:c7:f9:33:67:91:76:7f:
         ba:53:07:44:45:1a:c0:d8:21:a8:e1:a5:df:ff:93:31:a7:84:
         d7:ae:d1:97:aa:32:6c:85:3d:04:88:55:80:6c:81:c1:ca:dc:
         96:05:56:4a:c3:d8:c5:91:39:5b:21:1a:dd:ad:c9:3e:0b:7e:
         71:95:7c:37:0f:ec:2f:ac:a6:67:39:6f:92:8d:cd:fa:84:2f:
         60:78:4c:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAHkmrBRIpqmj/ay8klQbGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwNjExMTM1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE4M2UzMTQyZjRjNWVkOTZhMGNhZDhjY2IxYjc5YzlmZmI3YTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uZFJyvrnrQ0FrtpwVx2ZcsaoKAN
JIpCP65nhvJkV9suKf3cBenTS36NbdFRozcbz8nM+ScR8PvbpXp5ri3rY1DoTRRJ
NrswvHMgnzmJWQsUBUSXsgpG6x4b8KY/dqRl2qS4vT2qnwfXI2rGXke4S421rU3P
OIEEfL2TLI8FBWUGZtoyTOWB0+wkKxrtcWl9NuiSasUOzDuHXExe6Y6S5l3y+9ux
Q1J0XxfZ2rWhiJT9BI57JwJF/21JHJnsfWj8/6Tc+qta7fKonSsgqYe4sOwK7CEZ
dpP157Pk1oZSpcP4i244FEPrOPqPnKgIi/G/dwLnaf1oLD6iWKpGV8Uj/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKoPjFC9MXtlqDK2Myxt5yf+3p6MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvOHFnLU1VTDB4ZTJXb01yWXpMRzNuSl83ZW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG1iMA0G
CSqGSIb3DQEBCwUAA4IBAQAajTb9S9L4IlcKqvC4L8OHcI9qMkuD0CNQg3kiElhi
BA/c/ZjfPPD7gNzdiSI1619myLUogBTculYdPVEc1+tJeWqtCTJaxx7rU4M2UC3l
6JE34xz9RHxErAaxOYKZnbMdVCLz+2NCrqohFfPz2ejTh8rlFt4LEo+Jyt3GOl/g
ZnU0BxsdAmS8PKmexsZSlcrubh/AA3SnsIJ63fZOsM+LqeQfPjFa41biHbg1Hcf5
M2eRdn+6UwdERRrA2CGo4aXf/5Mxp4TXrtGXqjJshT0EiFWAbIHBytyWBVZKw9jF
kTlbIRrdrck+C35xlXw3D+wvrKZnOW+Sjc36hC9geEwn
-----END CERTIFICATE-----