Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/qUZiMdNyOk76_ip9B7WN-KNms3g.roa
File:                     qUZiMdNyOk76_ip9B7WN-KNms3g.roa (raw, json)
Hash identifier:          Ke040Y08DoVAtO3WShasGL4c7hmYiVrL20wNA3KlWUo=
Subject key identifier:   A9:46:62:31:D3:72:3A:4E:FA:FE:2A:7D:07:B5:8D:F8:A3:66:B3:78
Certificate issuer:       /CN=e2da23d3b930d4c1f3ac73065d71a607c35d2900
Certificate serial:       018CC6B93EFDC6A833FD108A41DAAE77B308
Authority key identifier: E2:DA:23:D3:B9:30:D4:C1:F3:AC:73:06:5D:71:A6:07:C3:5D:29:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/qUZiMdNyOk76_ip9B7WN-KNms3g.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.98.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:fd:c6:a8:33:fd:10:8a:41:da:ae:77:b3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2da23d3b930d4c1f3ac73065d71a607c35d2900
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9466231d3723a4efafe2a7d07b58df8a366b378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1c:08:1b:d3:55:d6:b4:55:14:5b:4f:5e:66:
                    b3:80:42:6c:44:72:17:6e:33:74:26:f3:d1:89:0d:
                    26:51:7e:4c:7f:03:20:af:a6:12:d5:80:52:ce:d6:
                    0e:51:4d:85:b2:18:f8:84:d4:32:a7:82:54:91:20:
                    c9:b3:87:8b:51:45:72:c3:3e:68:ad:ba:25:b6:d6:
                    b8:13:fb:fa:3d:64:7d:b6:d5:0c:5e:13:e4:6f:73:
                    c3:9c:a8:c7:ce:b2:21:3e:33:2f:a7:75:7a:d3:d5:
                    bd:51:23:3a:7d:9a:00:70:63:9c:48:8f:9f:35:8c:
                    ea:ac:f7:a7:c8:31:44:b6:e9:8d:86:61:7d:8c:6b:
                    34:f3:b6:5e:45:cf:0a:7f:d7:85:70:44:75:80:20:
                    5e:d5:f0:45:aa:cd:96:d3:bf:7b:fb:5d:6d:23:f3:
                    d1:f0:2c:9c:5d:6b:2b:13:9c:46:5d:80:44:bc:96:
                    3b:83:71:f5:82:c7:6b:df:51:3a:44:da:85:80:66:
                    0e:8e:e7:37:55:c4:8f:6a:f9:bb:a6:6c:de:38:b4:
                    f6:37:e7:e1:c9:3d:32:57:d8:68:09:45:37:68:a4:
                    1d:6c:a1:50:68:cb:66:5c:a3:e0:86:7a:9c:ea:f1:
                    4b:28:66:d4:a2:07:49:96:de:30:fd:b1:ab:6d:db:
                    2d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:46:62:31:D3:72:3A:4E:FA:FE:2A:7D:07:B5:8D:F8:A3:66:B3:78
            X509v3 Authority Key Identifier:
                keyid:E2:DA:23:D3:B9:30:D4:C1:F3:AC:73:06:5D:71:A6:07:C3:5D:29:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4toj07kw1MHzrHMGXXGmB8NdKQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/qUZiMdNyOk76_ip9B7WN-KNms3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/deebb8-ae86-4694-a972-827a0ac04a9d/1/4toj07kw1MHzrHMGXXGmB8NdKQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:be:1a:9e:b7:2c:3e:4e:d0:7d:47:c1:e8:be:a0:ce:c2:15:
         71:8f:96:77:e0:91:10:20:f1:13:25:67:c0:d2:57:d7:65:71:
         08:91:59:cc:8a:f1:4c:84:4b:5a:75:ed:d4:33:aa:74:07:73:
         19:d7:48:4a:5b:cd:14:c9:be:41:c2:65:a9:1c:d1:b7:c4:c2:
         88:be:53:3f:73:ad:14:53:2a:8c:e8:35:a4:68:77:e0:55:40:
         07:f1:59:94:80:dc:95:09:b6:ba:29:e3:6c:d9:4c:43:5b:d6:
         9d:dc:43:09:4e:7a:31:df:e8:a1:a3:3b:55:cc:d1:77:35:e8:
         fb:24:f0:91:35:a5:f5:f5:d5:15:6c:4f:c4:cd:42:07:4b:16:
         38:0f:b0:f7:62:3b:75:6c:2f:bc:c2:60:50:9d:4e:04:73:2f:
         19:06:f0:80:92:03:9f:28:66:53:78:23:27:1e:6e:a1:0c:7c:
         bf:d8:e3:45:62:9d:7f:65:37:25:ab:e1:6c:c1:3c:04:ca:c5:
         5b:95:bc:5e:38:da:28:6c:d0:86:1a:38:0e:58:92:1b:42:a7:
         36:b0:a3:39:61:2f:c0:23:ba:a4:1d:e6:2c:9c:ce:ff:c7:7b:
         59:a2:81:62:16:8b:88:df:08:94:8f:a6:58:0a:62:7c:95:13:
         8b:a1:2c:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT79xqgz/RCKQdqud7MIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZGEyM2QzYjkzMGQ0YzFmM2FjNzMwNjVkNzFhNjA3YzM1
ZDI5MDAwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTQ2NjIzMWQzNzIzYTRlZmFmZTJhN2QwN2I1OGRmOGEzNjZiMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRwIG9NV1rRVFFtPXmazgEJsRHIX
bjN0JvPRiQ0mUX5MfwMgr6YS1YBSztYOUU2Fshj4hNQyp4JUkSDJs4eLUUVywz5o
rboltta4E/v6PWR9ttUMXhPkb3PDnKjHzrIhPjMvp3V609W9USM6fZoAcGOcSI+f
NYzqrPenyDFEtumNhmF9jGs087ZeRc8Kf9eFcER1gCBe1fBFqs2W0797+11tI/PR
8CycXWsrE5xGXYBEvJY7g3H1gsdr31E6RNqFgGYOjuc3VcSPavm7pmzeOLT2N+fh
yT0yV9hoCUU3aKQdbKFQaMtmXKPghnqc6vFLKGbUogdJlt4w/bGrbdstmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlGYjHTcjpO+v4qfQe1jfijZrN4MB8GA1UdIwQY
MBaAFOLaI9O5MNTB86xzBl1xpgfDXSkAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRvajA3a3cxTUh6ckhNR1hYR21COE5kS1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZWViYjgtYWU4Ni00Njk0LWE5NzIt
ODI3YTBhYzA0YTlkLzEvcVVaaU1kTnlPazc2X2lwOUI3V04tS05tczNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9kZWViYjgtYWU4Ni00Njk0LWE5NzItODI3YTBhYzA0YTlk
LzEvNHRvajA3a3cxTUh6ckhNR1hYR21COE5kS1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWK3MA0G
CSqGSIb3DQEBCwUAA4IBAQABvhqetyw+TtB9R8HovqDOwhVxj5Z34JEQIPETJWfA
0lfXZXEIkVnMivFMhEtade3UM6p0B3MZ10hKW80Uyb5BwmWpHNG3xMKIvlM/c60U
UyqM6DWkaHfgVUAH8VmUgNyVCba6KeNs2UxDW9ad3EMJTnox3+ihoztVzNF3Nej7
JPCRNaX19dUVbE/EzUIHSxY4D7D3Yjt1bC+8wmBQnU4Ecy8ZBvCAkgOfKGZTeCMn
Hm6hDHy/2ONFYp1/ZTclq+FswTwEysVblbxeONoobNCGGjgOWJIbQqc2sKM5YS/A
I7qkHeYsnM7/x3tZooFiFouI3wiUj6ZYCmJ8lROLoSyP
-----END CERTIFICATE-----