Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/scvBPB497uK0gJFTYQ0bucQo-bs.roa
File:                     scvBPB497uK0gJFTYQ0bucQo-bs.roa (raw, json)
Hash identifier:          ILYzBnCT5WUMyt3EgBFZc5u6CzRbKvfvVx+V80pf/xk=
Subject key identifier:   B1:CB:C1:3C:1E:3D:EE:E2:B4:80:91:53:61:0D:1B:B9:C4:28:F9:BB
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8F0CFDE404EEF49E18C45858BBBA
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/scvBPB497uK0gJFTYQ0bucQo-bs.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39216
IP address blocks:        213.198.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8f:0c:fd:e4:04:ee:f4:9e:18:c4:58:58:bb:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1cbc13c1e3deee2b4809153610d1bb9c428f9bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b4:e9:83:d8:c0:33:2d:27:34:8e:b1:70:b8:
                    71:d9:cb:be:9c:c1:87:5c:32:a7:62:14:3b:e8:56:
                    a4:ab:1e:55:e7:d8:f3:9f:b7:9e:3e:c7:8f:21:a0:
                    99:93:97:df:c2:76:3a:23:71:e5:51:2e:93:12:78:
                    80:21:d1:21:e5:7e:2a:9e:9b:64:bc:0a:f9:d8:be:
                    88:0e:00:12:f1:54:29:97:5a:c1:b2:e1:c6:ab:3e:
                    39:f2:1b:7d:54:25:ee:0d:3a:86:11:22:32:38:73:
                    5c:93:23:15:90:63:e7:4f:40:8c:e9:d2:90:b4:ce:
                    36:9b:82:93:93:46:59:38:8b:70:fb:26:20:c0:5f:
                    a6:2a:73:18:cc:06:56:3c:ae:b1:a3:9e:ae:f1:38:
                    8c:cb:0f:9c:59:5c:b7:e4:31:e3:fa:1e:09:ea:81:
                    dd:b5:80:cb:16:2e:ee:f8:d6:75:b6:8b:5d:bf:20:
                    d2:1a:ea:fb:7d:64:ea:ae:54:fc:76:ae:51:f0:5f:
                    fa:36:b9:e9:e8:78:0c:d7:bc:bf:d9:24:ec:03:6b:
                    5a:f3:54:77:ec:20:d5:f5:5e:9a:74:40:05:ff:56:
                    c9:0a:49:36:c8:fd:b9:9d:b6:b9:a8:de:e0:b3:e7:
                    cd:65:d9:d7:04:2c:c3:2a:d2:57:f5:15:bc:13:2e:
                    2a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:CB:C1:3C:1E:3D:EE:E2:B4:80:91:53:61:0D:1B:B9:C4:28:F9:BB
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/scvBPB497uK0gJFTYQ0bucQo-bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:2d:80:fb:00:69:e0:2f:95:4b:27:81:db:63:f6:fd:0c:91:
         15:43:18:d3:c9:85:4b:fd:a3:d6:f1:8a:d7:dd:cd:44:e3:e9:
         d8:89:06:cb:00:eb:1b:f7:55:59:2e:77:84:81:b7:c4:f5:79:
         b0:59:46:d1:ba:6a:76:43:d6:ef:ab:93:83:8e:c2:36:12:86:
         45:6e:ac:52:59:2b:1c:b2:e4:ec:71:42:fa:c7:b9:bb:17:2b:
         39:c9:af:df:d8:fe:54:9d:1c:d5:43:3b:d5:28:aa:43:ed:c5:
         b0:c7:c1:92:74:63:e2:d8:ba:81:2f:ef:13:5b:b8:13:eb:99:
         15:e2:ba:4a:18:c8:6b:43:64:84:f9:6f:c8:ae:a1:53:1e:14:
         16:85:70:da:4a:a0:f8:39:d4:3b:1b:39:b2:a1:bc:55:31:6a:
         aa:cd:19:58:e3:b1:f2:ca:c0:c2:15:a2:b7:37:ff:77:de:6a:
         55:39:4d:ca:a2:e3:f6:76:2e:36:dc:ae:c0:3b:ca:42:10:00:
         3f:b4:1b:b7:d9:1f:ce:0d:e5:82:e5:cc:2e:ec:fa:dc:19:57:
         a6:b7:6e:cd:28:24:c3:60:07:13:07:7f:e9:e1:38:b7:e6:64:
         63:fc:90:b4:3f:38:fe:ba:73:df:c2:62:c4:56:68:dd:66:bc:
         33:81:4d:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvI8M/eQE7vSeGMRYWLu6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWNiYzEzYzFlM2RlZWUyYjQ4MDkxNTM2MTBkMWJiOWM0MjhmOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTpg9jAMy0nNI6xcLhx2cu+nMGH
XDKnYhQ76Fakqx5V59jzn7eePsePIaCZk5ffwnY6I3HlUS6TEniAIdEh5X4qnptk
vAr52L6IDgAS8VQpl1rBsuHGqz458ht9VCXuDTqGESIyOHNckyMVkGPnT0CM6dKQ
tM42m4KTk0ZZOItw+yYgwF+mKnMYzAZWPK6xo56u8TiMyw+cWVy35DHj+h4J6oHd
tYDLFi7u+NZ1totdvyDSGur7fWTqrlT8dq5R8F/6Nrnp6HgM17y/2STsA2ta81R3
7CDV9V6adEAF/1bJCkk2yP25nba5qN7gs+fNZdnXBCzDKtJX9RW8Ey4q0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHLwTwePe7itICRU2ENG7nEKPm7MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvc2N2QlBCNDk3dUswZ0pGVFlRMGJ1Y1FvLWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cZZMA0G
CSqGSIb3DQEBCwUAA4IBAQCjLYD7AGngL5VLJ4HbY/b9DJEVQxjTyYVL/aPW8YrX
3c1E4+nYiQbLAOsb91VZLneEgbfE9XmwWUbRump2Q9bvq5ODjsI2EoZFbqxSWSsc
suTscUL6x7m7Fys5ya/f2P5UnRzVQzvVKKpD7cWwx8GSdGPi2LqBL+8TW7gT65kV
4rpKGMhrQ2SE+W/IrqFTHhQWhXDaSqD4OdQ7GzmyobxVMWqqzRlY47HyysDCFaK3
N/933mpVOU3KouP2di423K7AO8pCEAA/tBu32R/ODeWC5cwu7PrcGVemt27NKCTD
YAcTB3/p4Ti35mRj/JC0Pzj+unPfwmLEVmjdZrwzgU1L
-----END CERTIFICATE-----