Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/sciWcFMWeZN9PYrPOHrYfr1SZVU.roa
File:                     sciWcFMWeZN9PYrPOHrYfr1SZVU.roa (raw, json)
Hash identifier:          YQ1Diokuawl749Y9DDF42OvOjKwqthXyxVSjkJAKuig=
Subject key identifier:   B1:C8:96:70:53:16:79:93:7D:3D:8A:CF:38:7A:D8:7E:BD:52:65:55
Certificate issuer:       /CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Certificate serial:       018CC56E00B282696090488EB7CC96D10190
Authority key identifier: A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/sciWcFMWeZN9PYrPOHrYfr1SZVU.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        153.98.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:00:b2:82:69:60:90:48:8e:b7:cc:96:d1:01:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c89670531679937d3d8acf387ad87ebd526555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:70:b9:a3:5f:b2:5a:28:f9:e6:bb:08:e4:cc:
                    f8:45:19:86:b5:c2:47:69:90:c4:d9:80:d0:70:7a:
                    80:f9:04:db:65:00:1c:25:5c:e9:07:78:69:a0:54:
                    1a:89:bd:d4:e2:0a:57:e5:1c:5e:4c:2c:93:d5:fd:
                    6d:94:c9:28:ac:c3:82:6c:9f:2c:8b:8b:eb:9d:f2:
                    32:03:7a:16:43:62:33:f8:22:c4:07:08:66:3c:61:
                    0c:6e:9e:f4:10:97:af:e4:dd:ea:52:08:ec:10:cf:
                    92:9d:da:ab:24:6b:4c:4b:a4:8b:da:4e:5d:cb:94:
                    da:be:a9:9e:ba:0e:5c:96:89:83:7b:0d:26:2a:b4:
                    82:23:0d:03:92:db:23:cc:c4:ad:a9:70:f0:51:d0:
                    7b:4f:78:15:4b:d4:0c:3c:61:44:16:8d:c2:e7:a5:
                    77:d0:40:42:ec:37:0b:f4:88:92:be:4d:a8:a2:82:
                    fa:5b:cd:c4:06:40:37:b5:d2:49:8d:33:ba:3e:99:
                    cd:ae:66:13:12:c2:1a:69:fe:a1:5c:34:eb:5a:ea:
                    f1:65:f5:60:66:e9:ad:10:71:be:26:ce:57:17:f7:
                    fd:f9:ff:da:eb:68:39:ed:df:91:86:25:47:f4:75:
                    46:65:00:9d:cc:2f:18:ee:7a:1f:6d:c8:27:67:3b:
                    bb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C8:96:70:53:16:79:93:7D:3D:8A:CF:38:7A:D8:7E:BD:52:65:55
            X509v3 Authority Key Identifier:
                keyid:A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/sciWcFMWeZN9PYrPOHrYfr1SZVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.98.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:17:c0:c4:9e:e5:bb:f3:36:66:19:5b:f6:f5:94:9b:47:2e:
         b4:ff:54:c2:d6:e4:3d:fa:89:28:10:4e:ee:4d:7d:2e:0a:f3:
         b1:20:21:43:c3:d4:2a:e9:56:78:14:04:c1:8b:fa:f3:47:4e:
         7d:4d:51:46:31:2d:c7:19:37:15:6a:7f:ce:97:0c:7a:08:ce:
         4b:42:bf:b4:89:f6:29:c8:8c:74:19:ee:b6:2a:02:36:f5:ef:
         d9:89:f1:46:4f:96:91:a6:49:10:0b:7a:fe:b5:8c:0b:57:36:
         0c:ab:a1:2f:49:e8:67:d6:02:f9:81:0e:cc:68:1f:30:9b:12:
         62:00:ff:60:80:ec:e7:ba:07:8c:13:1e:ad:16:26:05:c8:7b:
         1d:a6:91:7e:6d:9b:22:fd:b5:88:71:e9:d5:18:1e:c2:dc:f1:
         17:58:4e:25:89:d8:d6:cd:cb:5a:9d:01:4f:9c:c0:1a:25:57:
         0b:b3:7f:bb:3a:96:c4:4f:e6:38:e6:8f:87:4c:87:7a:91:0e:
         cf:76:d3:f8:f7:e8:0c:cf:d5:6d:66:ab:54:d8:47:74:c3:14:
         92:ea:4f:6d:bb:37:7c:99:9b:b4:18:2f:2e:ba:3a:52:d6:a9:
         23:5a:35:66:1e:3f:01:29:9b:f2:df:02:b1:0f:a3:92:a1:fe:
         1b:ec:07:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgCygmlgkEiOt8yW0QGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmZjZmFkOTY2YWU3ZTgxNzFjZmNlMjZkYjNmNjU3NzZk
MjZmZTgwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM4OTY3MDUzMTY3OTkzN2QzZDhhY2YzODdhZDg3ZWJkNTI2NTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3C5o1+yWij55rsI5Mz4RRmGtcJH
aZDE2YDQcHqA+QTbZQAcJVzpB3hpoFQaib3U4gpX5RxeTCyT1f1tlMkorMOCbJ8s
i4vrnfIyA3oWQ2Iz+CLEBwhmPGEMbp70EJev5N3qUgjsEM+SndqrJGtMS6SL2k5d
y5Tavqmeug5clomDew0mKrSCIw0DktsjzMStqXDwUdB7T3gVS9QMPGFEFo3C56V3
0EBC7DcL9IiSvk2oooL6W83EBkA3tdJJjTO6PpnNrmYTEsIaaf6hXDTrWurxZfVg
ZumtEHG+Js5XF/f9+f/a62g57d+RhiVH9HVGZQCdzC8Y7nofbcgnZzu7qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHIlnBTFnmTfT2Kzzh62H69UmVVMB8GA1UdIwQY
MBaAFKdvz62WaufoFxz84m2z9ld20m/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEt
YzU0MDFmNmQ5MWQxLzEvc2NpV2NGTVdlWk45UFlyUE9IcllmcjFTWlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEtYzU0MDFmNmQ5MWQx
LzEvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmWIYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGF8DEnuW78zZmGVv29ZSbRy60/1TC1uQ9+okoEE7u
TX0uCvOxICFDw9Qq6VZ4FATBi/rzR059TVFGMS3HGTcVan/Olwx6CM5LQr+0ifYp
yIx0Ge62KgI29e/ZifFGT5aRpkkQC3r+tYwLVzYMq6EvSehn1gL5gQ7MaB8wmxJi
AP9ggOznugeMEx6tFiYFyHsdppF+bZsi/bWIcenVGB7C3PEXWE4lidjWzctanQFP
nMAaJVcLs3+7OpbET+Y45o+HTId6kQ7PdtP49+gMz9VtZqtU2Ed0wxSS6k9tuzd8
mZu0GC8uujpS1qkjWjVmHj8BKZvy3wKxD6OSof4b7AeM
-----END CERTIFICATE-----