Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/UMoV3dr8LrEMX3UGQm6FD_XPEIE.roa
File:                     UMoV3dr8LrEMX3UGQm6FD_XPEIE.roa (raw, json)
Hash identifier:          HuX0fnF2dPEunhuwlXdZ6YvZtIGxpNcVjdF1/WUMp+0=
Subject key identifier:   50:CA:15:DD:DA:FC:2E:B1:0C:5F:75:06:42:6E:85:0F:F5:CF:10:81
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       0190922D84ED01AF1DACF8F8234812B02C21
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/UMoV3dr8LrEMX3UGQm6FD_XPEIE.roa
Signing time:             Mon 08 Jul 2024 11:49:34 +0000
ROA not before:           Mon 08 Jul 2024 11:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208042
IP address blocks:        185.243.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:2d:84:ed:01:af:1d:ac:f8:f8:23:48:12:b0:2c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Jul  8 11:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50ca15dddafc2eb10c5f7506426e850ff5cf1081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:97:6d:2d:0e:24:0b:5e:19:fc:47:17:64:b1:
                    d8:64:e0:15:48:5b:34:b0:7a:d7:c4:50:0c:c4:57:
                    2d:3c:98:15:5e:49:0d:2e:c5:d6:2c:af:19:5b:ff:
                    a0:f0:8e:eb:5b:d5:e5:69:cc:ae:0d:90:e3:5b:5e:
                    5d:37:57:3c:87:cd:86:fe:03:32:ee:fb:0f:f0:c3:
                    0d:3f:12:33:7a:b0:39:8b:49:45:1a:29:c1:88:d4:
                    c5:af:d3:68:a1:84:1b:7f:ca:3a:fc:44:a0:60:99:
                    42:29:af:95:d5:2f:e3:fd:c4:6e:52:1f:f6:f8:fe:
                    a1:42:d5:00:cb:1f:0f:37:33:0a:43:b2:09:01:c7:
                    51:58:89:1a:9c:15:93:da:4b:df:c0:13:83:cd:c4:
                    9d:e6:e4:8b:44:21:cf:db:3c:df:22:67:bc:a4:da:
                    58:19:80:71:88:d1:8c:fe:d1:ba:3c:dc:f0:8a:1e:
                    f1:bd:74:e9:2d:e3:0e:7b:26:c5:b5:d2:5b:e8:96:
                    c5:dd:c0:9e:0c:f5:25:48:a3:31:a0:db:aa:4d:9e:
                    7d:f5:ba:55:29:55:4e:1d:6d:59:e2:c0:84:b4:dc:
                    66:ef:7c:cf:25:19:8b:64:77:68:95:79:ff:09:a5:
                    c4:d3:f7:c7:ea:66:29:58:da:c5:76:b4:f4:92:6c:
                    b6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:CA:15:DD:DA:FC:2E:B1:0C:5F:75:06:42:6E:85:0F:F5:CF:10:81
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/UMoV3dr8LrEMX3UGQm6FD_XPEIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:95:fa:41:da:0b:94:9b:08:c8:b4:2a:c5:70:73:8c:2b:cd:
         25:87:20:da:03:08:3b:12:12:ef:30:49:66:20:55:0d:0d:9d:
         24:0f:cf:2f:5b:4d:a6:ac:28:b4:a6:b9:12:36:08:27:e3:35:
         73:b8:23:2d:13:c5:2d:e0:38:5c:57:09:dc:17:a0:5d:1f:df:
         49:95:98:3c:72:45:ee:96:3b:71:09:f2:05:f9:43:c6:10:90:
         f4:2d:05:5a:b5:e5:7a:ae:fa:37:4b:f1:3a:d2:e2:02:04:bd:
         65:08:e6:4e:90:4a:a5:f5:0c:30:d9:57:15:8f:a5:96:b9:a7:
         03:29:cc:e1:9d:1f:a4:76:31:2a:a7:92:8f:65:df:0b:09:77:
         7f:3b:20:f7:21:87:d3:77:3a:7f:1a:49:b0:d9:b4:aa:e9:5e:
         9d:77:05:ce:52:0a:e8:61:de:75:8e:b4:8d:3a:d1:65:7f:f0:
         29:fe:73:6a:58:b5:8d:22:e1:d9:b1:df:9e:ed:cc:8b:6d:1d:
         c4:04:b1:5e:30:bd:01:59:cc:04:83:87:1e:25:c3:a3:1c:69:
         bb:90:f9:90:43:4c:53:c1:59:49:92:96:c0:1c:e2:cc:1e:2f:
         23:9d:77:e5:f5:3f:34:4e:c3:a7:57:bd:68:78:5d:76:9f:12:
         2a:c9:19:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCSLYTtAa8drPj4I0gSsCwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjQwNzA4MTE0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGNhMTVkZGRhZmMyZWIxMGM1Zjc1MDY0MjZlODUwZmY1Y2YxMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JdtLQ4kC14Z/EcXZLHYZOAVSFs0
sHrXxFAMxFctPJgVXkkNLsXWLK8ZW/+g8I7rW9XlacyuDZDjW15dN1c8h82G/gMy
7vsP8MMNPxIzerA5i0lFGinBiNTFr9NooYQbf8o6/ESgYJlCKa+V1S/j/cRuUh/2
+P6hQtUAyx8PNzMKQ7IJAcdRWIkanBWT2kvfwBODzcSd5uSLRCHP2zzfIme8pNpY
GYBxiNGM/tG6PNzwih7xvXTpLeMOeybFtdJb6JbF3cCeDPUlSKMxoNuqTZ599bpV
KVVOHW1Z4sCEtNxm73zPJRmLZHdolXn/CaXE0/fH6mYpWNrFdrT0kmy2awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDKFd3a/C6xDF91BkJuhQ/1zxCBMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvVU1vVjNkcjhMckVNWDNVR1FtNkZEX1hQRUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufPbMA0G
CSqGSIb3DQEBCwUAA4IBAQB0lfpB2guUmwjItCrFcHOMK80lhyDaAwg7EhLvMElm
IFUNDZ0kD88vW02mrCi0prkSNggn4zVzuCMtE8Ut4DhcVwncF6BdH99JlZg8ckXu
ljtxCfIF+UPGEJD0LQVateV6rvo3S/E60uICBL1lCOZOkEql9Qww2VcVj6WWuacD
KczhnR+kdjEqp5KPZd8LCXd/OyD3IYfTdzp/Gkmw2bSq6V6ddwXOUgroYd51jrSN
OtFlf/Ap/nNqWLWNIuHZsd+e7cyLbR3EBLFeML0BWcwEg4ceJcOjHGm7kPmQQ0xT
wVlJkpbAHOLMHi8jnXfl9T80TsOnV71oeF12nxIqyRlo
-----END CERTIFICATE-----