Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/ab112d-40e1-41d4-a724-a76299e8559f/1/i-ylnsuERb95IUqcwv4ot-Uo_40.roa
File:                     i-ylnsuERb95IUqcwv4ot-Uo_40.roa (raw, json)
Hash identifier:          krp5z1FqJ2Cp/GL74MeHjfqXfccSoBstJCfXPTNNi9E=
Subject key identifier:   8B:EC:A5:9E:CB:84:45:BF:79:21:4A:9C:C2:FE:28:B7:E5:28:FF:8D
Certificate issuer:       /CN=1ff1ce9ae2563102bf8ea72a89e06152ef7058b2
Certificate serial:       018CC7955CF748C7171245241FF68EC81EAF
Authority key identifier: 1F:F1:CE:9A:E2:56:31:02:BF:8E:A7:2A:89:E0:61:52:EF:70:58:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H_HOmuJWMQK_jqcqieBhUu9wWLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/ab112d-40e1-41d4-a724-a76299e8559f/1/i-ylnsuERb95IUqcwv4ot-Uo_40.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199540
IP address blocks:        185.144.98.0/24 maxlen: 24
                          2a13:ae80::/32 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/ab112d-40e1-41d4-a724-a76299e8559f/1/H_HOmuJWMQK_jqcqieBhUu9wWLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/ab112d-40e1-41d4-a724-a76299e8559f/1/H_HOmuJWMQK_jqcqieBhUu9wWLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H_HOmuJWMQK_jqcqieBhUu9wWLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5c:f7:48:c7:17:12:45:24:1f:f6:8e:c8:1e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ff1ce9ae2563102bf8ea72a89e06152ef7058b2
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8beca59ecb8445bf79214a9cc2fe28b7e528ff8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7d:6f:bf:58:11:2f:26:a2:3e:60:24:3e:74:
                    f3:36:1f:83:23:e7:58:79:35:53:9d:85:e8:f4:f8:
                    e5:ac:05:4b:28:6e:fd:bc:ee:64:9d:3f:e6:eb:ec:
                    5e:f6:e5:3c:a4:84:40:00:40:41:d2:85:7d:54:e5:
                    80:a7:b4:67:69:8b:df:d4:cc:eb:c3:bd:8e:c9:49:
                    df:80:04:09:27:ba:b3:3f:94:b6:b1:7c:ba:4a:9b:
                    4f:b1:de:60:19:f7:98:b3:e6:ae:2d:44:78:cb:f0:
                    eb:c7:c7:a2:e5:72:72:6d:29:76:61:2c:23:84:72:
                    0f:e3:3a:66:07:ba:0b:f6:1a:80:f1:f0:1d:d2:14:
                    9a:1b:a8:84:05:12:8a:7d:df:6b:6e:62:bd:2b:aa:
                    8e:29:9c:8b:65:f2:54:5f:23:5e:d1:ca:cc:93:cc:
                    2e:b7:a3:0e:49:94:cb:12:1e:9f:87:63:b3:bd:37:
                    1c:cb:b5:19:07:85:92:eb:18:7d:98:70:fb:ac:cc:
                    7e:9e:58:d0:af:71:3a:30:b6:2d:99:66:f2:9d:0f:
                    95:c4:15:82:28:2e:92:9d:69:2a:b0:f5:e8:3c:e7:
                    13:97:76:ae:cf:30:8c:f8:14:bc:15:aa:f7:5b:3a:
                    b9:14:6c:5d:dd:7e:42:2d:ad:30:db:82:1b:33:fe:
                    9a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:EC:A5:9E:CB:84:45:BF:79:21:4A:9C:C2:FE:28:B7:E5:28:FF:8D
            X509v3 Authority Key Identifier:
                keyid:1F:F1:CE:9A:E2:56:31:02:BF:8E:A7:2A:89:E0:61:52:EF:70:58:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H_HOmuJWMQK_jqcqieBhUu9wWLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/ab112d-40e1-41d4-a724-a76299e8559f/1/i-ylnsuERb95IUqcwv4ot-Uo_40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/ab112d-40e1-41d4-a724-a76299e8559f/1/H_HOmuJWMQK_jqcqieBhUu9wWLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.98.0/24
                IPv6:
                  2a13:ae80::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:59:21:35:b5:0a:d6:85:ce:69:6d:4b:32:dd:9d:c4:70:47:
         5e:22:06:f7:66:9f:a8:28:2b:4b:bd:b3:f8:24:45:64:a9:d1:
         e2:33:7f:df:47:c4:6b:b7:d0:1c:0c:7b:65:07:13:4d:a8:e8:
         e6:52:1a:f0:66:c0:27:6b:bd:34:a4:2e:08:5e:c2:ce:2a:32:
         6c:b9:ac:94:71:c7:b6:78:d9:41:3d:24:98:0b:c2:69:ed:bd:
         bb:db:14:e6:94:39:06:f7:7a:f1:88:6b:91:0c:20:95:e1:59:
         aa:98:fe:00:f5:f8:32:d1:e1:13:37:8d:0b:ae:29:18:f6:26:
         81:e3:82:31:61:50:d3:96:b5:3f:29:a6:cb:35:b5:93:a1:fc:
         96:70:3b:59:e5:1c:e2:b5:77:99:ab:12:35:ea:ab:fe:5e:85:
         06:3f:e6:56:8d:84:7e:5e:8c:fe:59:2d:c8:0b:44:d6:e0:2a:
         53:15:5d:43:8a:61:e7:ba:46:de:62:ed:6c:fc:11:3a:96:71:
         d7:9a:2e:38:9c:f1:a8:e7:27:f9:0b:d9:ae:ec:03:e7:00:71:
         f7:3f:53:53:57:4a:d1:fa:f7:13:6d:e5:8a:73:d3:d9:99:db:
         62:78:43:ff:21:0c:5d:3b:74:dd:05:58:01:ae:61:17:db:11:
         5d:25:06:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlVz3SMcXEkUkH/aOyB6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZjFjZTlhZTI1NjMxMDJiZjhlYTcyYTg5ZTA2MTUyZWY3
MDU4YjIwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmVjYTU5ZWNiODQ0NWJmNzkyMTRhOWNjMmZlMjhiN2U1MjhmZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgH1vv1gRLyaiPmAkPnTzNh+DI+dY
eTVTnYXo9PjlrAVLKG79vO5knT/m6+xe9uU8pIRAAEBB0oV9VOWAp7RnaYvf1Mzr
w72OyUnfgAQJJ7qzP5S2sXy6SptPsd5gGfeYs+auLUR4y/Drx8ei5XJybSl2YSwj
hHIP4zpmB7oL9hqA8fAd0hSaG6iEBRKKfd9rbmK9K6qOKZyLZfJUXyNe0crMk8wu
t6MOSZTLEh6fh2OzvTccy7UZB4WS6xh9mHD7rMx+nljQr3E6MLYtmWbynQ+VxBWC
KC6SnWkqsPXoPOcTl3auzzCM+BS8Far3Wzq5FGxd3X5CLa0w24IbM/6a7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIvspZ7LhEW/eSFKnML+KLflKP+NMB8GA1UdIwQY
MBaAFB/xzpriVjECv46nKongYVLvcFiyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSF9IT211SldNUUtfanFjcWllQmhVdTl3V0xJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hYjExMmQtNDBlMS00MWQ0LWE3MjQt
YTc2Mjk5ZTg1NTlmLzEvaS15bG5zdUVSYjk1SVVxY3d2NG90LVVvXzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hYjExMmQtNDBlMS00MWQ0LWE3MjQtYTc2Mjk5ZTg1NTlm
LzEvSF9IT211SldNUUtfanFjcWllQmhVdTl3V0xJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZBiMA0E
AgACMAcDBQAqE66AMA0GCSqGSIb3DQEBCwUAA4IBAQCmWSE1tQrWhc5pbUsy3Z3E
cEdeIgb3Zp+oKCtLvbP4JEVkqdHiM3/fR8Rrt9AcDHtlBxNNqOjmUhrwZsAna700
pC4IXsLOKjJsuayUcce2eNlBPSSYC8Jp7b272xTmlDkG93rxiGuRDCCV4VmqmP4A
9fgy0eETN40LrikY9iaB44IxYVDTlrU/KabLNbWTofyWcDtZ5RzitXeZqxI16qv+
XoUGP+ZWjYR+Xoz+WS3IC0TW4CpTFV1DimHnukbeYu1s/BE6lnHXmi44nPGo5yf5
C9mu7APnAHH3P1NTV0rR+vcTbeWKc9PZmdtieEP/IQxdO3TdBVgBrmEX2xFdJQa2
-----END CERTIFICATE-----