Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/CAHrILDi7JAU1KoY9fZvDY0WcL0.roa
File:                     CAHrILDi7JAU1KoY9fZvDY0WcL0.roa (raw, json)
Hash identifier:          9cc+BBCLpHyZHWEQj7UOHoLsuPe4SEBq52chOIU74ig=
Subject key identifier:   08:01:EB:20:B0:E2:EC:90:14:D4:AA:18:F5:F6:6F:0D:8D:16:70:BD
Certificate issuer:       /CN=39a3cebb811046a0966e9554d07e5d16b36dbf04
Certificate serial:       018CC870EEC651E0E03798E45EE86BF99C3C
Authority key identifier: 39:A3:CE:BB:81:10:46:A0:96:6E:95:54:D0:7E:5D:16:B3:6D:BF:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/CAHrILDi7JAU1KoY9fZvDY0WcL0.roa
Signing time:             Tue 02 Jan 2024 04:31:33 +0000
ROA not before:           Tue 02 Jan 2024 04:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21472
IP address blocks:        185.98.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ee:c6:51:e0:e0:37:98:e4:5e:e8:6b:f9:9c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39a3cebb811046a0966e9554d07e5d16b36dbf04
        Validity
            Not Before: Jan  2 04:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0801eb20b0e2ec9014d4aa18f5f66f0d8d1670bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:60:74:59:ab:2f:c1:39:8d:ba:b9:c1:60:4d:
                    c1:bb:d4:33:a4:53:cf:4d:92:7e:26:28:67:1a:97:
                    f1:be:37:6c:b3:32:d6:71:27:31:8f:58:66:85:39:
                    ee:48:cd:d5:1b:9e:1b:4e:5e:1a:07:fd:5a:a0:19:
                    72:c8:89:eb:0d:3b:57:4b:16:05:1a:65:02:96:b9:
                    a7:03:13:ea:f5:60:4e:6d:fc:cc:24:af:32:b6:46:
                    19:44:ac:c6:67:d5:41:87:dd:c9:14:b2:d7:40:90:
                    90:8c:29:b1:f1:4b:a3:24:49:c0:f3:0e:bf:d1:7e:
                    db:6e:d6:1c:5a:cd:a1:de:79:ea:75:bc:91:d3:f5:
                    00:d2:e5:e8:a3:83:b0:de:e7:19:1c:4f:bc:3c:c9:
                    80:3d:79:a1:14:dd:51:b5:59:53:91:07:59:94:85:
                    e1:24:e0:34:5b:ad:f5:76:a1:7b:3e:45:98:64:57:
                    39:96:c1:78:32:04:ab:18:29:1a:08:0f:f1:a4:27:
                    3e:f6:96:d7:13:a0:68:83:42:37:31:00:19:2f:ea:
                    f5:67:ae:ec:e5:06:03:f8:d3:0c:a8:2f:41:8c:a8:
                    06:83:94:c9:33:00:86:53:7c:0c:9e:46:45:de:fc:
                    f0:aa:b7:78:95:9e:c3:b6:c7:9a:66:90:49:a8:07:
                    9e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:01:EB:20:B0:E2:EC:90:14:D4:AA:18:F5:F6:6F:0D:8D:16:70:BD
            X509v3 Authority Key Identifier:
                keyid:39:A3:CE:BB:81:10:46:A0:96:6E:95:54:D0:7E:5D:16:B3:6D:BF:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/CAHrILDi7JAU1KoY9fZvDY0WcL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:15:ef:75:07:70:8a:e7:ee:03:c4:32:fd:44:e0:d2:91:b5:
         2d:67:57:33:95:2c:7b:94:f4:e5:c4:c3:f7:2c:91:1e:d9:13:
         24:c6:55:8a:5a:6a:37:c4:bc:61:b1:11:2c:57:56:f4:6c:b5:
         48:13:9e:5c:60:28:91:c1:13:c6:5e:ec:71:5b:1b:82:e0:5b:
         08:41:fb:7e:ce:ff:b1:03:3b:1c:bc:49:26:ca:f2:f6:a0:cf:
         50:56:8a:d2:2d:ce:ab:fe:80:3b:44:3c:d0:32:15:b2:49:01:
         68:44:4d:68:78:08:63:62:49:29:1d:78:20:e1:3c:74:3c:fc:
         a6:d7:a2:d0:d8:7a:09:23:4f:37:fc:2e:c9:ec:57:d3:ef:3c:
         16:f2:64:06:76:91:62:76:63:82:38:cb:1e:c7:03:ba:41:5d:
         02:0d:d5:61:36:a3:9f:cf:d3:0f:ea:57:cd:cb:0a:92:a4:8a:
         40:6e:35:4d:6d:85:14:67:66:36:9e:3d:9d:4d:98:be:68:12:
         36:d5:69:32:02:49:1c:e3:81:6b:0f:08:69:6c:f0:6e:ac:04:
         f5:d7:bc:c6:39:19:0f:37:f8:3c:d6:44:8c:07:e4:53:8f:52:
         b9:28:0f:5c:6b:bb:64:74:4f:9b:b8:de:39:2d:bc:d9:21:c3:
         8b:99:72:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcO7GUeDgN5jkXuhr+Zw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YTNjZWJiODExMDQ2YTA5NjZlOTU1NGQwN2U1ZDE2YjM2
ZGJmMDQwHhcNMjQwMTAyMDQzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAxZWIyMGIwZTJlYzkwMTRkNGFhMThmNWY2NmYwZDhkMTY3MGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWB0WasvwTmNurnBYE3Bu9QzpFPP
TZJ+JihnGpfxvjdsszLWcScxj1hmhTnuSM3VG54bTl4aB/1aoBlyyInrDTtXSxYF
GmUClrmnAxPq9WBObfzMJK8ytkYZRKzGZ9VBh93JFLLXQJCQjCmx8UujJEnA8w6/
0X7bbtYcWs2h3nnqdbyR0/UA0uXoo4Ow3ucZHE+8PMmAPXmhFN1RtVlTkQdZlIXh
JOA0W631dqF7PkWYZFc5lsF4MgSrGCkaCA/xpCc+9pbXE6Bog0I3MQAZL+r1Z67s
5QYD+NMMqC9BjKgGg5TJMwCGU3wMnkZF3vzwqrd4lZ7DtseaZpBJqAeeYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgB6yCw4uyQFNSqGPX2bw2NFnC9MB8GA1UdIwQY
MBaAFDmjzruBEEaglm6VVNB+XRazbb8EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2FQT3U0RVFScUNXYnBWVTBINWRGck50dndRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kODRhNTQtMTg4Zi00ZmFmLTlkNDUt
NmYyMWY0Yzc1MWYzLzEvQ0FIcklMRGk3SkFVMUtvWTlmWnZEWTBXY0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kODRhNTQtMTg4Zi00ZmFmLTlkNDUtNmYyMWY0Yzc1MWYz
LzEvT2FQT3U0RVFScUNXYnBWVTBINWRGck50dndRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWLWMA0G
CSqGSIb3DQEBCwUAA4IBAQCEFe91B3CK5+4DxDL9RODSkbUtZ1czlSx7lPTlxMP3
LJEe2RMkxlWKWmo3xLxhsREsV1b0bLVIE55cYCiRwRPGXuxxWxuC4FsIQft+zv+x
AzscvEkmyvL2oM9QVorSLc6r/oA7RDzQMhWySQFoRE1oeAhjYkkpHXgg4Tx0PPym
16LQ2HoJI083/C7J7FfT7zwW8mQGdpFidmOCOMsexwO6QV0CDdVhNqOfz9MP6lfN
ywqSpIpAbjVNbYUUZ2Y2nj2dTZi+aBI21WkyAkkc44FrDwhpbPBurAT117zGORkP
N/g81kSMB+RTj1K5KA9ca7tkdE+buN45LbzZIcOLmXIq
-----END CERTIFICATE-----