Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/esYsZZ7qxWa7K1NHhwuyeJTe0Vk.roa
File:                     esYsZZ7qxWa7K1NHhwuyeJTe0Vk.roa (raw, json)
Hash identifier:          ikEsxlf2SZ15fsWY09cKW+KJ+2zlHNRxl0wc+pisoF8=
Subject key identifier:   7A:C6:2C:65:9E:EA:C5:66:BB:2B:53:47:87:0B:B2:78:94:DE:D1:59
Certificate issuer:       /CN=5f41c664c0c013dffb6e0dd1d73b369cba5fbd1c
Certificate serial:       018CC64B0ED09BF6842A64B41C8E27AA7632
Authority key identifier: 5F:41:C6:64:C0:C0:13:DF:FB:6E:0D:D1:D7:3B:36:9C:BA:5F:BD:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/esYsZZ7qxWa7K1NHhwuyeJTe0Vk.roa
Signing time:             Mon 01 Jan 2024 18:30:56 +0000
ROA not before:           Mon 01 Jan 2024 18:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.98.156.0/24 maxlen: 24
                          2a12:a900:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0e:d0:9b:f6:84:2a:64:b4:1c:8e:27:aa:76:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f41c664c0c013dffb6e0dd1d73b369cba5fbd1c
        Validity
            Not Before: Jan  1 18:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ac62c659eeac566bb2b5347870bb27894ded159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:06:67:9e:1b:03:ff:dc:1a:66:a2:13:a3:3b:
                    2c:db:24:fd:e0:d8:33:c5:c0:c6:c6:05:72:04:e4:
                    a6:2d:0e:41:6f:28:44:bf:e6:8d:59:f3:ff:3f:12:
                    26:34:7d:c5:13:99:da:a0:a7:d5:66:bd:50:a3:ca:
                    c2:f9:39:df:2b:64:d5:96:cc:09:8d:de:ac:26:13:
                    51:a5:ed:1f:5b:e7:4e:f5:2d:f9:95:ac:e8:49:b1:
                    25:f8:c5:5d:82:9d:6a:c3:87:8a:f2:93:be:fe:72:
                    e7:f4:d8:f2:61:ef:f8:66:4e:c3:b4:bf:f9:37:5d:
                    79:0f:81:41:30:2d:1c:ca:55:d2:1f:6a:30:52:49:
                    1d:8a:d1:12:01:0c:69:e9:d5:0c:89:e3:2b:4e:5a:
                    3b:a9:78:42:05:bb:b1:7c:b5:95:58:ce:f9:2a:2c:
                    6b:dd:23:fe:08:0b:b0:05:9d:13:69:d0:e1:7f:a6:
                    25:74:c9:54:dd:ec:c9:47:5f:41:91:16:37:6c:74:
                    1b:80:a4:c3:de:2f:93:86:9a:c8:25:b8:26:e4:0c:
                    7e:be:08:7f:fa:a1:99:af:b0:4c:5e:ed:90:0c:96:
                    23:29:20:72:a7:b0:38:0b:2d:93:02:f5:5b:23:22:
                    eb:ef:8a:36:2f:62:77:ab:5a:76:01:2d:7d:70:ac:
                    68:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C6:2C:65:9E:EA:C5:66:BB:2B:53:47:87:0B:B2:78:94:DE:D1:59
            X509v3 Authority Key Identifier:
                keyid:5F:41:C6:64:C0:C0:13:DF:FB:6E:0D:D1:D7:3B:36:9C:BA:5F:BD:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/esYsZZ7qxWa7K1NHhwuyeJTe0Vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.156.0/24
                IPv6:
                  2a12:a900:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:93:d5:c7:66:7b:8e:f8:ee:84:1d:c1:5f:a3:92:28:b2:c0:
         f3:ea:0c:59:ac:ff:ab:76:92:99:6a:e0:cd:55:66:70:8f:80:
         9c:c8:63:c6:a6:79:d1:c7:90:d5:40:d0:e3:19:72:24:8d:2b:
         c8:91:25:a6:54:97:51:9f:8c:80:0d:e3:82:94:b0:d6:cd:e2:
         65:2e:26:c8:e7:b0:da:08:39:a1:a6:a9:f1:ec:17:2b:32:c8:
         b1:4d:67:4c:fc:b3:d4:5c:83:8c:1f:37:49:71:9e:64:93:8d:
         57:ca:70:d9:d7:e3:56:eb:bd:e3:37:cb:bf:05:15:fd:39:cd:
         c1:0b:c6:d8:05:5c:55:9a:e0:61:7a:60:f1:0e:e7:c8:e1:10:
         8f:8d:88:c8:20:39:01:72:0a:32:e4:0b:e9:13:60:07:eb:b1:
         3b:40:69:d1:18:c6:59:62:5b:07:f8:ec:3b:9e:b5:86:1e:35:
         54:a9:06:98:e0:75:d4:75:db:70:44:1e:80:01:b5:a7:ca:98:
         8e:2a:f1:07:b7:91:0e:ce:35:a9:a9:b2:fe:09:f9:7a:5b:c6:
         4f:03:d2:d2:ad:07:94:90:fe:f1:40:2e:c8:ad:07:6c:a8:0c:
         c3:d4:42:e7:3e:a7:d7:ce:b1:d7:50:04:4a:29:95:02:68:f3:
         49:27:14:86
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSw7Qm/aEKmS0HI4nqnYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNDFjNjY0YzBjMDEzZGZmYjZlMGRkMWQ3M2IzNjljYmE1
ZmJkMWMwHhcNMjQwMTAxMTgzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM2MmM2NTllZWFjNTY2YmIyYjUzNDc4NzBiYjI3ODk0ZGVkMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAZnnhsD/9waZqITozss2yT94Ngz
xcDGxgVyBOSmLQ5BbyhEv+aNWfP/PxImNH3FE5naoKfVZr1Qo8rC+TnfK2TVlswJ
jd6sJhNRpe0fW+dO9S35lazoSbEl+MVdgp1qw4eK8pO+/nLn9NjyYe/4Zk7DtL/5
N115D4FBMC0cylXSH2owUkkditESAQxp6dUMieMrTlo7qXhCBbuxfLWVWM75Kixr
3SP+CAuwBZ0TadDhf6YldMlU3ezJR19BkRY3bHQbgKTD3i+ThprIJbgm5Ax+vgh/
+qGZr7BMXu2QDJYjKSByp7A4Cy2TAvVbIyLr74o2L2J3q1p2AS19cKxo2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHrGLGWe6sVmuytTR4cLsniU3tFZMB8GA1UdIwQY
MBaAFF9BxmTAwBPf+24N0dc7Npy6X70cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDBIR1pNREFFOV83YmczUjF6czJuTHBmdlJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNzlhMWQtNTJiOS00NjY5LTk2MjUt
NjIzMDZhYmRmYTAzLzEvZXNZc1paN3F4V2E3SzFOSGh3dXllSlRlMFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNzlhMWQtNTJiOS00NjY5LTk2MjUtNjIzMDZhYmRmYTAz
LzEvWDBIR1pNREFFOV83YmczUjF6czJuTHBmdlJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWKcMA8E
AgACMAkDBwAqEqkAAAEwDQYJKoZIhvcNAQELBQADggEBAJST1cdme4747oQdwV+j
kiiywPPqDFms/6t2kplq4M1VZnCPgJzIY8amedHHkNVA0OMZciSNK8iRJaZUl1Gf
jIAN44KUsNbN4mUuJsjnsNoIOaGmqfHsFysyyLFNZ0z8s9Rcg4wfN0lxnmSTjVfK
cNnX41brveM3y78FFf05zcELxtgFXFWa4GF6YPEO58jhEI+NiMggOQFyCjLkC+kT
YAfrsTtAadEYxlliWwf47DuetYYeNVSpBpjgddR123BEHoABtafKmI4q8Qe3kQ7O
Nampsv4J+Xpbxk8D0tKtB5SQ/vFALsitB2yoDMPUQuc+p9fOsddQBEoplQJo80kn
FIY=
-----END CERTIFICATE-----