Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/JtqoxzlQHFdy-Xn-N6CSrg2v2i4.roa
File:                     JtqoxzlQHFdy-Xn-N6CSrg2v2i4.roa (raw, json)
Hash identifier:          eJ8muh57pc+sUoWENtLfYgL9rTyZaHXtwR5GD5TZYrg=
Subject key identifier:   26:DA:A8:C7:39:50:1C:57:72:F9:79:FE:37:A0:92:AE:0D:AF:DA:2E
Certificate issuer:       /CN=ced2d800dc6c33b69fa47291e2f15b335ea3600f
Certificate serial:       018CC348F8330976C2A3D44CBDF82E254DC1
Authority key identifier: CE:D2:D8:00:DC:6C:33:B6:9F:A4:72:91:E2:F1:5B:33:5E:A3:60:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ztLYANxsM7afpHKR4vFbM16jYA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/JtqoxzlQHFdy-Xn-N6CSrg2v2i4.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212413
IP address blocks:        185.235.98.0/24 maxlen: 24
                          185.235.98.0/23 maxlen: 23
                          185.235.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/ztLYANxsM7afpHKR4vFbM16jYA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/ztLYANxsM7afpHKR4vFbM16jYA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ztLYANxsM7afpHKR4vFbM16jYA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 09:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f8:33:09:76:c2:a3:d4:4c:bd:f8:2e:25:4d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ced2d800dc6c33b69fa47291e2f15b335ea3600f
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26daa8c739501c5772f979fe37a092ae0dafda2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:65:e0:07:31:0c:3f:e7:c2:51:da:e9:20:53:
                    5c:60:4f:04:eb:54:75:d3:c1:b8:b5:d8:df:d9:a2:
                    b7:1b:4a:9e:3f:0c:11:3d:a4:15:15:f7:e8:1b:31:
                    6a:63:f2:7a:7a:40:77:10:a4:e5:b8:dc:ae:3f:29:
                    f9:97:51:2e:69:6c:95:fa:06:e2:ac:5e:c8:02:5d:
                    38:cf:f6:e4:1f:e0:38:ee:21:ab:cc:dc:84:d7:57:
                    7f:f8:65:7e:a5:62:53:04:e9:d5:9d:a9:52:de:c8:
                    cd:c8:b3:2d:a0:1f:3d:6b:1c:05:71:00:48:21:e3:
                    47:3a:a7:a7:19:f0:1c:15:ea:50:17:1d:a2:3e:ac:
                    29:b3:b2:41:7d:56:ec:aa:22:9c:92:13:61:e9:a1:
                    06:70:25:f0:bf:58:e7:aa:f7:a9:12:7b:41:47:2f:
                    81:9b:a2:c3:af:45:f9:8b:05:d0:88:27:ad:1f:fc:
                    9f:30:7e:d2:0d:00:e9:97:d4:24:b3:e2:dd:10:8c:
                    69:fd:9d:a1:5e:6d:89:1c:07:c7:e2:63:87:e7:aa:
                    d5:4a:aa:1a:a3:ff:ac:11:0e:57:ae:80:5d:2e:f8:
                    84:a7:5e:8e:5b:c6:63:c2:ad:d4:7c:e5:97:70:fe:
                    f1:15:52:b7:45:65:36:80:20:35:8a:12:73:9a:f1:
                    fe:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DA:A8:C7:39:50:1C:57:72:F9:79:FE:37:A0:92:AE:0D:AF:DA:2E
            X509v3 Authority Key Identifier:
                keyid:CE:D2:D8:00:DC:6C:33:B6:9F:A4:72:91:E2:F1:5B:33:5E:A3:60:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ztLYANxsM7afpHKR4vFbM16jYA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/JtqoxzlQHFdy-Xn-N6CSrg2v2i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/ztLYANxsM7afpHKR4vFbM16jYA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:43:c4:44:42:ad:7b:3b:c7:3b:67:e1:1b:99:1c:43:29:93:
         00:12:85:5f:f1:92:0b:ec:75:1b:af:a1:1a:c1:9c:a2:7e:ae:
         cd:71:b7:7c:3c:09:0a:ed:5e:30:49:44:c3:4e:69:1b:3e:c6:
         1f:d8:a6:cd:db:c5:88:9c:dc:a8:12:4a:a0:c2:53:d6:2d:e7:
         c2:6e:97:a9:62:99:d9:66:7f:58:ef:2a:28:e5:de:9a:56:4c:
         41:dd:d6:d3:fd:da:43:ae:81:a0:98:e2:b4:dd:d7:5c:52:74:
         05:58:f8:18:23:47:e7:2f:52:4f:f5:15:20:b3:ea:23:87:49:
         c8:9c:3c:03:32:83:0b:9e:55:a1:70:8b:61:30:40:c2:a6:7a:
         99:11:b1:bf:92:b0:c3:1b:21:18:99:7b:8b:6d:cb:80:45:8d:
         2a:fc:92:68:2e:f2:42:4b:67:44:43:98:8a:9e:04:2c:2c:38:
         b4:b5:19:4c:06:8c:f5:f6:70:cc:f2:d9:b1:3a:fe:69:98:29:
         52:18:63:ba:80:49:da:66:36:7c:10:0b:8f:c2:22:0f:fd:80:
         60:e3:3d:54:52:19:25:04:11:6c:47:12:c4:b7:3d:cc:c7:a5:
         7b:2c:67:bc:89:2c:25:af:dc:4f:d4:62:f2:50:0c:36:1d:da:
         e9:52:65:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPgzCXbCo9RMvfguJU3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZDJkODAwZGM2YzMzYjY5ZmE0NzI5MWUyZjE1YjMzNWVh
MzYwMGYwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRhYThjNzM5NTAxYzU3NzJmOTc5ZmUzN2EwOTJhZTBkYWZkYTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmXgBzEMP+fCUdrpIFNcYE8E61R1
08G4tdjf2aK3G0qePwwRPaQVFffoGzFqY/J6ekB3EKTluNyuPyn5l1EuaWyV+gbi
rF7IAl04z/bkH+A47iGrzNyE11d/+GV+pWJTBOnVnalS3sjNyLMtoB89axwFcQBI
IeNHOqenGfAcFepQFx2iPqwps7JBfVbsqiKckhNh6aEGcCXwv1jnqvepEntBRy+B
m6LDr0X5iwXQiCetH/yfMH7SDQDpl9Qks+LdEIxp/Z2hXm2JHAfH4mOH56rVSqoa
o/+sEQ5XroBdLviEp16OW8Zjwq3UfOWXcP7xFVK3RWU2gCA1ihJzmvH+ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbaqMc5UBxXcvl5/jegkq4Nr9ouMB8GA1UdIwQY
MBaAFM7S2ADcbDO2n6RykeLxWzNeo2APMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenRMWUFOeHNNN2FmcEhLUjR2RmJNMTZqWUE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mODg4NTctY2MwNS00YmRiLTkxZTYt
ZWQ0ZjA2NDNiZjI1LzEvSnRxb3h6bFFIRmR5LVhuLU42Q1NyZzJ2Mmk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mODg4NTctY2MwNS00YmRiLTkxZTYtZWQ0ZjA2NDNiZjI1
LzEvenRMWUFOeHNNN2FmcEhLUjR2RmJNMTZqWUE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuetiMA0G
CSqGSIb3DQEBCwUAA4IBAQAwQ8REQq17O8c7Z+EbmRxDKZMAEoVf8ZIL7HUbr6Ea
wZyifq7Ncbd8PAkK7V4wSUTDTmkbPsYf2KbN28WInNyoEkqgwlPWLefCbpepYpnZ
Zn9Y7yoo5d6aVkxB3dbT/dpDroGgmOK03ddcUnQFWPgYI0fnL1JP9RUgs+ojh0nI
nDwDMoMLnlWhcIthMEDCpnqZEbG/krDDGyEYmXuLbcuARY0q/JJoLvJCS2dEQ5iK
ngQsLDi0tRlMBoz19nDM8tmxOv5pmClSGGO6gEnaZjZ8EAuPwiIP/YBg4z1UUhkl
BBFsRxLEtz3Mx6V7LGe8iSwlr9xP1GLyUAw2HdrpUmUP
-----END CERTIFICATE-----