Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/S0yCsBOiDxeEp5SRfYgN32gStC4.roa
File:                     S0yCsBOiDxeEp5SRfYgN32gStC4.roa (raw, json)
Hash identifier:          Ze66nYrE9mVSCVAQvkoPxnfCIzw7BWCjSYV2QBt4CZU=
Subject key identifier:   4B:4C:82:B0:13:A2:0F:17:84:A7:94:91:7D:88:0D:DF:68:12:B4:2E
Certificate issuer:       /CN=5f41c664c0c013dffb6e0dd1d73b369cba5fbd1c
Certificate serial:       018CC64B0EFE4AFF60B83E123C000767311E
Authority key identifier: 5F:41:C6:64:C0:C0:13:DF:FB:6E:0D:D1:D7:3B:36:9C:BA:5F:BD:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/S0yCsBOiDxeEp5SRfYgN32gStC4.roa
Signing time:             Mon 01 Jan 2024 18:30:56 +0000
ROA not before:           Mon 01 Jan 2024 18:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.98.156.0/24 maxlen: 24
                          2a12:a900:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0e:fe:4a:ff:60:b8:3e:12:3c:00:07:67:31:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f41c664c0c013dffb6e0dd1d73b369cba5fbd1c
        Validity
            Not Before: Jan  1 18:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b4c82b013a20f1784a794917d880ddf6812b42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:41:b6:bb:89:ca:4e:89:86:0b:05:13:b9:b6:
                    84:3c:9c:66:a9:8d:37:1e:12:2d:f8:c3:1d:00:9e:
                    56:78:2b:d0:fa:c3:87:40:b1:c6:b2:30:bf:f2:5d:
                    b3:af:7d:70:00:75:9a:97:88:d3:21:cf:d6:25:35:
                    2d:96:49:2f:4d:76:cb:83:05:57:fc:65:7b:42:6f:
                    70:21:d5:03:03:bd:d0:e6:3e:dd:f8:91:5c:26:0f:
                    a1:35:81:0c:99:de:18:05:dd:52:f6:c2:db:41:3a:
                    2e:84:74:47:6e:ce:70:cb:63:4d:34:f2:cc:15:f7:
                    82:03:9e:51:1c:1c:f7:69:c5:97:97:d4:9a:bd:71:
                    3c:62:f2:2d:b7:b9:94:dc:cf:dc:5c:00:68:97:d1:
                    d0:73:30:39:8b:dd:51:5c:0b:dc:fb:b1:02:19:f0:
                    db:56:7a:08:a5:34:67:3a:27:79:4c:fa:83:72:ca:
                    b5:64:9d:6f:60:b1:93:89:c7:2d:6a:3d:da:c0:9b:
                    8b:1b:db:bc:2b:ce:46:80:84:a1:4c:52:74:6d:b0:
                    d1:3b:40:76:1c:78:d3:6a:2b:8c:53:3b:25:e5:25:
                    0e:55:32:96:5f:8a:91:90:9d:e8:f7:f1:9d:f7:43:
                    d2:65:fe:1e:b0:a5:c9:8b:9a:a3:15:16:cf:7f:5c:
                    3c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4C:82:B0:13:A2:0F:17:84:A7:94:91:7D:88:0D:DF:68:12:B4:2E
            X509v3 Authority Key Identifier:
                keyid:5F:41:C6:64:C0:C0:13:DF:FB:6E:0D:D1:D7:3B:36:9C:BA:5F:BD:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/S0yCsBOiDxeEp5SRfYgN32gStC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.156.0/24
                IPv6:
                  2a12:a900:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:f6:36:95:13:3b:84:d5:d2:a7:22:70:e4:e3:9b:4c:0b:fe:
         2b:53:04:31:bc:13:8b:30:05:4f:20:5c:89:14:31:60:f3:67:
         e8:36:a5:bc:34:8a:b0:7b:dd:0e:72:bc:92:65:40:83:0b:4f:
         ee:1d:0e:52:5a:7f:21:29:0f:44:bd:4b:e6:88:7c:a7:e2:63:
         3b:2d:38:59:b9:a1:21:d6:91:1a:0f:9f:bb:51:1a:c3:b6:d3:
         24:5f:1c:29:db:1b:83:41:38:d2:bf:92:22:7d:5c:24:4b:63:
         e0:f5:84:61:13:2f:eb:c6:7e:5f:ee:80:c6:12:8e:39:3b:93:
         f7:42:a0:60:ba:de:8d:ca:2d:f7:46:76:07:fb:b4:4a:2f:38:
         d0:c6:5a:8d:86:16:de:c0:37:fc:f4:5f:86:93:6c:1f:d8:4d:
         a2:1d:c6:a0:8a:fa:a4:84:fe:43:85:3c:61:19:5f:b1:7b:03:
         05:fb:06:41:7c:05:1e:fb:62:2a:19:1c:48:d6:af:ec:79:ed:
         c7:20:69:5b:ac:4d:ac:54:32:03:50:f2:bc:5d:a7:a7:cf:ae:
         12:66:46:80:90:ef:1f:77:82:0e:f9:bf:79:86:1f:85:9d:fc:
         76:32:ee:22:83:ec:00:5a:db:7b:9c:80:63:a4:12:3f:80:14:
         47:15:19:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSw7+Sv9guD4SPAAHZzEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNDFjNjY0YzBjMDEzZGZmYjZlMGRkMWQ3M2IzNjljYmE1
ZmJkMWMwHhcNMjQwMTAxMTgzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjRjODJiMDEzYTIwZjE3ODRhNzk0OTE3ZDg4MGRkZjY4MTJiNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UG2u4nKTomGCwUTubaEPJxmqY03
HhIt+MMdAJ5WeCvQ+sOHQLHGsjC/8l2zr31wAHWal4jTIc/WJTUtlkkvTXbLgwVX
/GV7Qm9wIdUDA73Q5j7d+JFcJg+hNYEMmd4YBd1S9sLbQTouhHRHbs5wy2NNNPLM
FfeCA55RHBz3acWXl9SavXE8YvItt7mU3M/cXABol9HQczA5i91RXAvc+7ECGfDb
VnoIpTRnOid5TPqDcsq1ZJ1vYLGTicctaj3awJuLG9u8K85GgIShTFJ0bbDRO0B2
HHjTaiuMUzsl5SUOVTKWX4qRkJ3o9/Gd90PSZf4esKXJi5qjFRbPf1w8EQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEtMgrATog8XhKeUkX2IDd9oErQuMB8GA1UdIwQY
MBaAFF9BxmTAwBPf+24N0dc7Npy6X70cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDBIR1pNREFFOV83YmczUjF6czJuTHBmdlJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNzlhMWQtNTJiOS00NjY5LTk2MjUt
NjIzMDZhYmRmYTAzLzEvUzB5Q3NCT2lEeGVFcDVTUmZZZ04zMmdTdEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNzlhMWQtNTJiOS00NjY5LTk2MjUtNjIzMDZhYmRmYTAz
LzEvWDBIR1pNREFFOV83YmczUjF6czJuTHBmdlJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWKcMA8E
AgACMAkDBwAqEqkAAAEwDQYJKoZIhvcNAQELBQADggEBAEL2NpUTO4TV0qcicOTj
m0wL/itTBDG8E4swBU8gXIkUMWDzZ+g2pbw0irB73Q5yvJJlQIMLT+4dDlJafyEp
D0S9S+aIfKfiYzstOFm5oSHWkRoPn7tRGsO20yRfHCnbG4NBONK/kiJ9XCRLY+D1
hGETL+vGfl/ugMYSjjk7k/dCoGC63o3KLfdGdgf7tEovONDGWo2GFt7AN/z0X4aT
bB/YTaIdxqCK+qSE/kOFPGEZX7F7AwX7BkF8BR77YioZHEjWr+x57ccgaVusTaxU
MgNQ8rxdp6fPrhJmRoCQ7x93gg75v3mGH4Wd/HYy7iKD7ABa23ucgGOkEj+AFEcV
GTg=
-----END CERTIFICATE-----