Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/IwYHO_9j9oaqOlFIBtkJk4yPMCY.roa
File:                     IwYHO_9j9oaqOlFIBtkJk4yPMCY.roa (raw, json)
Hash identifier:          JK4JgYTgETgMcO366VVFBLuponyKK6hLfugLdf9llJw=
Subject key identifier:   23:06:07:3B:FF:63:F6:86:AA:3A:51:48:06:D9:09:93:8C:8F:30:26
Certificate issuer:       /CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
Certificate serial:       018CC5DC527F880037238CB58F7403BD76FD
Authority key identifier: 47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/IwYHO_9j9oaqOlFIBtkJk4yPMCY.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201935
IP address blocks:        185.23.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:52:7f:88:00:37:23:8c:b5:8f:74:03:bd:76:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2306073bff63f686aa3a514806d909938c8f3026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:71:6c:43:8d:3e:5d:5a:42:de:b9:11:f3:b1:
                    d3:3f:05:b3:ae:7b:49:68:d4:58:93:6a:99:89:67:
                    ba:98:a6:73:58:6b:da:09:3a:c6:3c:d7:6f:78:00:
                    c3:7f:21:f8:2b:6b:ff:88:ab:70:69:d4:68:7d:d9:
                    53:ad:96:30:2a:f5:66:cf:be:22:ab:13:f4:3b:4f:
                    30:c0:af:11:a3:cb:6c:92:f2:15:24:e5:96:a5:1c:
                    ed:f3:4d:8a:96:ab:26:d0:1c:46:86:69:39:d2:14:
                    8b:c4:36:af:21:4c:10:61:26:ec:a9:b4:0e:ee:bc:
                    dd:34:67:d0:a2:ab:f7:89:89:0c:9a:88:72:f1:71:
                    30:39:78:c4:7d:ab:5e:33:0b:10:34:45:d4:90:da:
                    ba:ca:78:0b:e2:51:90:eb:60:b1:54:07:64:5d:5e:
                    0d:1d:99:13:fb:75:6f:74:d9:c9:07:55:6f:48:d0:
                    ec:20:89:75:21:1a:81:62:e9:8e:54:0b:dc:2d:d8:
                    28:96:64:ea:43:73:16:b1:f7:33:59:76:7f:bc:e6:
                    28:03:3c:2f:85:fe:1e:c2:13:ad:28:4e:85:bb:80:
                    1e:23:96:2e:ba:54:66:1b:bc:a7:29:15:b9:8a:7b:
                    41:e4:19:8c:86:4f:88:9f:29:18:9b:eb:26:5a:07:
                    75:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:06:07:3B:FF:63:F6:86:AA:3A:51:48:06:D9:09:93:8C:8F:30:26
            X509v3 Authority Key Identifier:
                keyid:47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/IwYHO_9j9oaqOlFIBtkJk4yPMCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:89:fb:3d:43:ae:87:99:fa:0d:b1:99:ce:7a:fc:8b:a3:46:
         28:03:a0:57:27:cb:51:2b:80:99:b1:70:1e:85:4f:4e:e3:02:
         e1:89:62:dd:7b:f1:bb:88:c5:7c:ed:36:07:bf:3c:fb:4e:60:
         e0:9b:9c:15:38:c3:c7:a0:37:d4:2c:af:f5:89:ee:ff:95:cc:
         77:6b:c6:c9:00:86:90:07:e7:87:8c:d3:27:81:8e:c6:84:c4:
         44:0a:fb:f1:ac:3b:3b:95:70:21:76:07:91:7a:f7:73:72:a8:
         66:99:ae:31:b6:4c:39:45:50:f5:b0:22:a0:a6:e2:4a:c4:14:
         d7:98:1a:11:8d:3a:d1:72:95:3f:f4:a9:0b:04:41:50:3e:0c:
         82:86:79:96:34:03:0c:91:14:af:02:3b:5c:f1:8e:79:6b:cd:
         71:11:f3:58:9e:73:9f:4e:77:0e:23:79:06:00:6d:b7:26:66:
         49:0d:a9:47:1e:b6:05:12:a5:57:d0:6c:e1:8f:31:37:4d:e1:
         cb:dd:9e:21:3a:67:f1:48:98:cd:a0:ad:23:16:8a:fc:38:1a:
         eb:3e:3f:c1:a9:08:da:f1:ce:3f:03:60:c4:4a:27:00:e9:40:
         34:2a:fa:2c:7f:8c:6e:fd:68:c7:5b:8f:0f:8e:0a:f1:32:ea:
         4a:6c:0a:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FJ/iAA3I4y1j3QDvXb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTk0Y2NiN2I2MDFkYTBjYTA5NDY5ZjYwZjY1MzY0MGZl
ZDhjMWMwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzA2MDczYmZmNjNmNjg2YWEzYTUxNDgwNmQ5MDk5MzhjOGYzMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXFsQ40+XVpC3rkR87HTPwWzrntJ
aNRYk2qZiWe6mKZzWGvaCTrGPNdveADDfyH4K2v/iKtwadRofdlTrZYwKvVmz74i
qxP0O08wwK8Ro8tskvIVJOWWpRzt802Klqsm0BxGhmk50hSLxDavIUwQYSbsqbQO
7rzdNGfQoqv3iYkMmohy8XEwOXjEfateMwsQNEXUkNq6yngL4lGQ62CxVAdkXV4N
HZkT+3VvdNnJB1VvSNDsIIl1IRqBYumOVAvcLdgolmTqQ3MWsfczWXZ/vOYoAzwv
hf4ewhOtKE6Fu4AeI5YuulRmG7ynKRW5intB5BmMhk+InykYm+smWgd15QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMGBzv/Y/aGqjpRSAbZCZOMjzAmMB8GA1UdIwQY
MBaAFEfpTMt7YB2gyglGn2D2U2QP7YwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQt
YmQ5MGEzZjA2ZTE2LzEvSXdZSE9fOWo5b2FxT2xGSUJ0a0prNHlQTUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQtYmQ5MGEzZjA2ZTE2
LzEvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRdiMA0G
CSqGSIb3DQEBCwUAA4IBAQC5ifs9Q66HmfoNsZnOevyLo0YoA6BXJ8tRK4CZsXAe
hU9O4wLhiWLde/G7iMV87TYHvzz7TmDgm5wVOMPHoDfULK/1ie7/lcx3a8bJAIaQ
B+eHjNMngY7GhMRECvvxrDs7lXAhdgeRevdzcqhmma4xtkw5RVD1sCKgpuJKxBTX
mBoRjTrRcpU/9KkLBEFQPgyChnmWNAMMkRSvAjtc8Y55a81xEfNYnnOfTncOI3kG
AG23JmZJDalHHrYFEqVX0GzhjzE3TeHL3Z4hOmfxSJjNoK0jFor8OBrrPj/BqQja
8c4/A2DESicA6UA0Kvosf4xu/WjHW48PjgrxMupKbAoa
-----END CERTIFICATE-----