Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/PiesOXOJWPwXLYJ2cHTuySunyKs.roa
File:                     PiesOXOJWPwXLYJ2cHTuySunyKs.roa (raw, json)
Hash identifier:          4Awv2N2IL2lFOspDb44o4wESpUNC6/dxhK+k94xsPOI=
Subject key identifier:   3E:27:AC:39:73:89:58:FC:17:2D:82:76:70:74:EE:C9:2B:A7:C8:AB
Certificate issuer:       /CN=8a3ec0537242f44ce7d5933e9b32204b3f85e99f
Certificate serial:       0194266B2985490739D5F52FE601DB28F9D0
Authority key identifier: 8A:3E:C0:53:72:42:F4:4C:E7:D5:93:3E:9B:32:20:4B:3F:85:E9:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/PiesOXOJWPwXLYJ2cHTuySunyKs.roa
Signing time:             Thu 02 Jan 2025 09:49:04 +0000
ROA not before:           Thu 02 Jan 2025 09:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.110.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:29:85:49:07:39:d5:f5:2f:e6:01:db:28:f9:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a3ec0537242f44ce7d5933e9b32204b3f85e99f
        Validity
            Not Before: Jan  2 09:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e27ac39738958fc172d82767074eec92ba7c8ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:38:00:2d:9e:59:2d:5b:33:e4:cd:da:61:fe:
                    3c:70:37:73:9c:08:3c:94:46:83:5e:d6:ae:23:18:
                    0c:0a:b3:23:17:22:c3:12:18:bd:9f:b8:0b:7d:8c:
                    03:d5:b5:d7:83:72:7a:a6:28:ed:cd:f6:4f:d7:fc:
                    bd:d4:e9:49:0a:7b:27:b1:6f:7a:d8:59:13:2c:43:
                    c6:1b:8f:73:8e:6c:72:f4:30:33:5e:b2:09:a8:06:
                    64:5f:6e:af:75:b5:72:cb:cf:71:2c:ba:92:df:b2:
                    18:76:78:0b:82:2f:da:64:3f:52:a3:1f:f4:d3:c7:
                    24:06:a3:52:58:58:59:87:61:c9:57:49:49:74:e7:
                    60:b4:2c:58:4d:a0:48:3c:37:b6:5e:7a:22:05:5e:
                    ad:11:c3:0e:39:c6:2c:79:f5:52:a9:30:58:f0:23:
                    eb:f5:cf:6b:28:24:9a:53:4a:95:35:58:f0:18:60:
                    fe:3c:16:a3:e8:54:8d:f0:7b:ed:84:9d:51:40:ea:
                    67:0a:2a:ac:9e:ef:c1:13:af:cb:f0:2d:a9:c3:7d:
                    5f:b1:45:46:fd:bc:12:db:c2:c7:fa:1b:8c:75:5d:
                    37:f6:67:e1:ed:1d:bd:0a:be:c4:95:66:e2:8b:bc:
                    1c:02:48:a9:25:78:28:16:f4:ec:d7:e9:e6:7d:fc:
                    16:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:27:AC:39:73:89:58:FC:17:2D:82:76:70:74:EE:C9:2B:A7:C8:AB
            X509v3 Authority Key Identifier:
                keyid:8A:3E:C0:53:72:42:F4:4C:E7:D5:93:3E:9B:32:20:4B:3F:85:E9:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/PiesOXOJWPwXLYJ2cHTuySunyKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:19:5b:0d:b4:21:c2:39:95:89:85:85:7f:52:c0:06:b4:7f:
         be:2d:31:e1:4f:cc:4d:fd:35:d0:dc:4e:7b:76:b3:3f:a7:8c:
         8e:f5:7d:98:f6:2d:a4:7b:39:57:89:2d:cb:3e:43:0f:34:2a:
         7b:84:f5:68:76:68:98:b6:6d:01:f6:84:33:41:e1:cd:47:a7:
         66:d4:e0:5a:46:e9:b9:5f:46:d9:8f:0f:ce:47:ab:1b:b0:4f:
         b7:e1:46:00:ab:39:46:ee:7f:9a:48:b4:e1:7e:bf:d6:74:a9:
         cc:62:24:a6:01:50:1d:e2:0d:50:8d:d2:43:03:82:bc:a9:a0:
         ee:f6:d2:76:99:bc:6e:60:0b:a1:41:b5:aa:e4:6e:4d:a6:82:
         77:6b:94:55:d6:24:70:6f:8b:ad:00:73:4a:fa:c9:77:51:84:
         09:d4:35:7e:24:b5:94:a1:2c:2f:d7:95:b9:92:9f:a1:38:76:
         dc:3c:ed:87:7e:58:98:28:aa:ec:76:b9:99:c2:4f:bd:fc:e7:
         9f:7c:ed:f5:28:86:e7:41:e5:11:e2:ce:cf:89:3f:d1:ea:d7:
         32:af:ea:5a:0e:f6:1e:0f:e9:80:7c:a6:c1:d2:93:2e:d0:88:
         6b:77:69:c9:ae:0f:5d:82:86:86:47:f8:11:7d:57:01:3e:c2:
         e3:35:31:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaymFSQc51fUv5gHbKPnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhM2VjMDUzNzI0MmY0NGNlN2Q1OTMzZTliMzIyMDRiM2Y4
NWU5OWYwHhcNMjUwMTAyMDk0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTI3YWMzOTczODk1OGZjMTcyZDgyNzY3MDc0ZWVjOTJiYTdjOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9TgALZ5ZLVsz5M3aYf48cDdznAg8
lEaDXtauIxgMCrMjFyLDEhi9n7gLfYwD1bXXg3J6pijtzfZP1/y91OlJCnsnsW96
2FkTLEPGG49zjmxy9DAzXrIJqAZkX26vdbVyy89xLLqS37IYdngLgi/aZD9Sox/0
08ckBqNSWFhZh2HJV0lJdOdgtCxYTaBIPDe2XnoiBV6tEcMOOcYsefVSqTBY8CPr
9c9rKCSaU0qVNVjwGGD+PBaj6FSN8HvthJ1RQOpnCiqsnu/BE6/L8C2pw31fsUVG
/bwS28LH+huMdV039mfh7R29Cr7ElWbii7wcAkipJXgoFvTs1+nmffwWnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4nrDlziVj8Fy2CdnB07skrp8irMB8GA1UdIwQY
MBaAFIo+wFNyQvRM59WTPpsyIEs/hemfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWo3QVUzSkM5RXpuMVpNLW16SWdTei1GNlo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS85ZWIwMDItZDI2YS00NmQ2LTlkODct
ODQwOTMwNjFlOWZmLzEvUGllc09YT0pXUHdYTFlKMmNIVHV5U3VueUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS85ZWIwMDItZDI2YS00NmQ2LTlkODctODQwOTMwNjFlOWZm
LzEvaWo3QVUzSkM5RXpuMVpNLW16SWdTei1GNlo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW5iMA0G
CSqGSIb3DQEBCwUAA4IBAQAVGVsNtCHCOZWJhYV/UsAGtH++LTHhT8xN/TXQ3E57
drM/p4yO9X2Y9i2kezlXiS3LPkMPNCp7hPVodmiYtm0B9oQzQeHNR6dm1OBaRum5
X0bZjw/OR6sbsE+34UYAqzlG7n+aSLThfr/WdKnMYiSmAVAd4g1QjdJDA4K8qaDu
9tJ2mbxuYAuhQbWq5G5NpoJ3a5RV1iRwb4utAHNK+sl3UYQJ1DV+JLWUoSwv15W5
kp+hOHbcPO2HfliYKKrsdrmZwk+9/OeffO31KIbnQeUR4s7PiT/R6tcyr+paDvYe
D+mAfKbB0pMu0Ihrd2nJrg9dgoaGR/gRfVcBPsLjNTE0
-----END CERTIFICATE-----