Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/JdQdAl1yUmqgfmEy48jt775NI7E.roa
File:                     JdQdAl1yUmqgfmEy48jt775NI7E.roa (raw, json)
Hash identifier:          w0J1Q6pHzJb6zlTlMKb5CicLKQxKhYbofHtbCWzF5hc=
Subject key identifier:   25:D4:1D:02:5D:72:52:6A:A0:7E:61:32:E3:C8:ED:EF:BE:4D:23:B1
Certificate issuer:       /CN=8b2e0d184ff553375c847c38d4dfcdcde1219fd3
Certificate serial:       018CC26D40404D3A9E252BAF218FB3AFCF8E
Authority key identifier: 8B:2E:0D:18:4F:F5:53:37:5C:84:7C:38:D4:DF:CD:CD:E1:21:9F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iy4NGE_1UzdchHw41N_NzeEhn9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/JdQdAl1yUmqgfmEy48jt775NI7E.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203226
IP address blocks:        185.14.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/iy4NGE_1UzdchHw41N_NzeEhn9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/iy4NGE_1UzdchHw41N_NzeEhn9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iy4NGE_1UzdchHw41N_NzeEhn9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:40:40:4d:3a:9e:25:2b:af:21:8f:b3:af:cf:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b2e0d184ff553375c847c38d4dfcdcde1219fd3
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25d41d025d72526aa07e6132e3c8edefbe4d23b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:23:b5:5e:02:1e:aa:f5:27:71:28:82:78:8c:
                    e3:33:1f:c5:43:57:f7:cd:ef:1c:b6:2e:ba:4b:b7:
                    41:99:ef:1e:60:41:60:e0:02:45:49:3d:10:05:34:
                    0e:f7:36:74:49:f0:14:75:a3:29:fd:cc:83:f7:cc:
                    ae:58:91:03:4a:d9:3a:a5:32:89:d9:ae:8e:0b:ba:
                    94:59:58:87:e9:ad:d0:5f:97:d4:45:5e:cf:ec:3d:
                    9c:f7:9c:7f:ca:47:00:64:b9:9b:71:74:93:a9:ce:
                    1e:ca:7d:56:15:ff:5c:b5:d0:b1:12:b6:7d:ce:7b:
                    c0:54:8a:be:90:9d:13:2f:88:f7:f6:ca:ac:0f:f4:
                    93:f1:bc:75:38:89:6b:e4:69:3f:e1:a7:bd:3c:3a:
                    88:b3:16:60:85:72:85:ed:07:3d:09:21:e6:d4:33:
                    21:20:f8:2e:c8:9b:17:1a:92:d4:3a:c6:26:b9:0a:
                    67:18:14:a1:71:b5:68:d5:1f:13:c8:8e:9d:3a:9e:
                    36:87:3e:19:d0:66:16:fd:b8:c0:ce:bf:0d:f3:ef:
                    4c:f9:ef:0d:4b:32:d8:62:cb:0d:3d:c4:d8:7c:c2:
                    c0:16:be:4b:5d:87:07:f8:91:86:8d:4b:c8:3d:f3:
                    b7:1a:c7:a7:c2:64:97:bc:86:65:c3:9f:87:80:91:
                    bc:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:D4:1D:02:5D:72:52:6A:A0:7E:61:32:E3:C8:ED:EF:BE:4D:23:B1
            X509v3 Authority Key Identifier:
                keyid:8B:2E:0D:18:4F:F5:53:37:5C:84:7C:38:D4:DF:CD:CD:E1:21:9F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iy4NGE_1UzdchHw41N_NzeEhn9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/JdQdAl1yUmqgfmEy48jt775NI7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fcd8e-1034-4a75-a070-699f3cd850fa/1/iy4NGE_1UzdchHw41N_NzeEhn9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:21:33:3d:8c:8a:a4:ab:21:74:94:84:07:2b:fc:d3:36:dd:
         cb:fd:3d:72:45:fa:f7:c6:6e:f6:15:93:2a:cb:d5:9d:18:97:
         85:ea:bd:22:0d:f1:ec:1a:36:bf:52:94:da:34:d0:0a:8c:6a:
         2e:a9:93:bb:b1:ee:d8:06:78:9c:c2:64:94:47:e1:d1:f8:f3:
         70:13:9f:da:5b:0d:b2:4a:51:e1:7c:4c:0e:e3:60:a6:4f:bc:
         f8:24:be:d7:54:7e:01:8d:9f:c5:41:b2:ff:2e:cf:78:c9:3a:
         05:61:45:df:f5:c4:7c:4a:65:bc:ae:38:5f:39:50:cc:e1:52:
         4b:20:52:e0:71:31:ff:26:22:f6:fd:56:19:af:a3:01:59:4d:
         e0:47:da:9a:23:2c:7d:ed:ad:1f:c4:08:fb:af:55:4f:ba:cf:
         9c:cc:20:b3:4d:d0:ab:61:cf:33:68:ce:a5:5a:95:be:1c:9f:
         e9:50:d6:3b:c1:4f:39:ea:ec:03:64:c5:18:a5:15:9a:1a:f4:
         17:d5:1a:e0:ab:49:66:41:da:39:94:75:36:50:18:b1:1c:95:
         d3:35:1e:37:e3:4c:52:5e:0f:75:d0:07:b4:4e:bd:9c:0e:d9:
         c9:10:9c:61:3d:98:db:cf:5d:a0:f7:3d:d9:25:e9:77:2e:fb:
         75:83:dd:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUBATTqeJSuvIY+zr8+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMmUwZDE4NGZmNTUzMzc1Yzg0N2MzOGQ0ZGZjZGNkZTEy
MTlmZDMwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWQ0MWQwMjVkNzI1MjZhYTA3ZTYxMzJlM2M4ZWRlZmJlNGQyM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiO1XgIeqvUncSiCeIzjMx/FQ1f3
ze8cti66S7dBme8eYEFg4AJFST0QBTQO9zZ0SfAUdaMp/cyD98yuWJEDStk6pTKJ
2a6OC7qUWViH6a3QX5fURV7P7D2c95x/ykcAZLmbcXSTqc4eyn1WFf9ctdCxErZ9
znvAVIq+kJ0TL4j39sqsD/ST8bx1OIlr5Gk/4ae9PDqIsxZghXKF7Qc9CSHm1DMh
IPguyJsXGpLUOsYmuQpnGBShcbVo1R8TyI6dOp42hz4Z0GYW/bjAzr8N8+9M+e8N
SzLYYssNPcTYfMLAFr5LXYcH+JGGjUvIPfO3GsenwmSXvIZlw5+HgJG8PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXUHQJdclJqoH5hMuPI7e++TSOxMB8GA1UdIwQY
MBaAFIsuDRhP9VM3XIR8ONTfzc3hIZ/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXk0TkdFXzFVemRjaEh3NDFOX056ZUVobjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmNkOGUtMTAzNC00YTc1LWEwNzAt
Njk5ZjNjZDg1MGZhLzEvSmRRZEFsMXlVbXFnZm1FeTQ4anQ3NzVOSTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmNkOGUtMTAzNC00YTc1LWEwNzAtNjk5ZjNjZDg1MGZh
LzEvaXk0TkdFXzFVemRjaEh3NDFOX056ZUVobjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ5iMA0G
CSqGSIb3DQEBCwUAA4IBAQADITM9jIqkqyF0lIQHK/zTNt3L/T1yRfr3xm72FZMq
y9WdGJeF6r0iDfHsGja/UpTaNNAKjGouqZO7se7YBnicwmSUR+HR+PNwE5/aWw2y
SlHhfEwO42CmT7z4JL7XVH4BjZ/FQbL/Ls94yToFYUXf9cR8SmW8rjhfOVDM4VJL
IFLgcTH/JiL2/VYZr6MBWU3gR9qaIyx97a0fxAj7r1VPus+czCCzTdCrYc8zaM6l
WpW+HJ/pUNY7wU856uwDZMUYpRWaGvQX1Rrgq0lmQdo5lHU2UBixHJXTNR4340xS
Xg910Ae0Tr2cDtnJEJxhPZjbz12g9z3ZJel3Lvt1g90o
-----END CERTIFICATE-----