Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/0cee19-af0f-4e93-8010-d953f4854757/1/KSbfT1ONWW_HMUDTAX-obz0PFXI.roa
File:                     KSbfT1ONWW_HMUDTAX-obz0PFXI.roa (raw, json)
Hash identifier:          VzleBWGAw+yd4HzAbG7MAE5SuTRuSnGo7F8GgskNvPI=
Subject key identifier:   29:26:DF:4F:53:8D:59:6F:C7:31:40:D3:01:7F:A8:6F:3D:0F:15:72
Certificate issuer:       /CN=d188a88d595dc2ed8c2f9239645c4e8c5e737d31
Certificate serial:       018CC56E9ADE1EAFB3298A8A8439C1CE1EF5
Authority key identifier: D1:88:A8:8D:59:5D:C2:ED:8C:2F:92:39:64:5C:4E:8C:5E:73:7D:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0YiojVldwu2ML5I5ZFxOjF5zfTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/0cee19-af0f-4e93-8010-d953f4854757/1/KSbfT1ONWW_HMUDTAX-obz0PFXI.roa
Signing time:             Mon 01 Jan 2024 14:30:09 +0000
ROA not before:           Mon 01 Jan 2024 14:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206238
IP address blocks:        185.232.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/0cee19-af0f-4e93-8010-d953f4854757/1/0YiojVldwu2ML5I5ZFxOjF5zfTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/0cee19-af0f-4e93-8010-d953f4854757/1/0YiojVldwu2ML5I5ZFxOjF5zfTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0YiojVldwu2ML5I5ZFxOjF5zfTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9a:de:1e:af:b3:29:8a:8a:84:39:c1:ce:1e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d188a88d595dc2ed8c2f9239645c4e8c5e737d31
        Validity
            Not Before: Jan  1 14:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2926df4f538d596fc73140d3017fa86f3d0f1572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b4:1c:8f:94:38:70:eb:d4:bb:bf:98:18:94:
                    7d:a0:33:21:7d:90:23:57:d5:58:1c:df:ad:ae:96:
                    c9:15:f2:c4:98:30:71:53:4a:d9:da:90:f9:ca:c1:
                    80:24:f6:e5:dc:08:cc:8f:af:54:eb:43:71:84:8b:
                    84:9d:6a:52:47:44:26:20:ff:e0:05:1e:fb:5a:6b:
                    4a:d2:8c:c0:a1:64:25:39:ac:23:11:bb:b9:7a:d0:
                    2d:5c:e8:d8:cb:2f:dd:4f:07:b4:2e:bb:89:53:69:
                    62:79:f1:fd:4d:0a:da:f2:3f:32:73:e1:42:dc:0c:
                    53:aa:09:3f:1e:ca:d6:37:72:64:b3:96:09:a9:d3:
                    f5:29:07:83:44:69:24:06:f9:84:9d:55:4c:57:cd:
                    15:f4:c7:b8:c5:8d:42:45:17:37:61:8e:30:e6:e5:
                    69:5f:d5:43:83:d2:12:d0:bf:66:c0:94:26:64:d6:
                    a2:06:e4:ce:38:0a:3c:6c:f5:51:ea:52:93:e4:5f:
                    5f:3c:71:e9:a8:18:56:ef:83:ff:ce:16:b4:d3:68:
                    de:86:c0:09:91:41:80:0f:50:c3:35:0c:c1:22:56:
                    e4:6a:32:80:7c:a0:81:ca:36:a7:fb:31:99:9f:26:
                    10:d6:78:6a:09:5d:14:77:92:41:dd:6d:a8:39:4e:
                    f6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:26:DF:4F:53:8D:59:6F:C7:31:40:D3:01:7F:A8:6F:3D:0F:15:72
            X509v3 Authority Key Identifier:
                keyid:D1:88:A8:8D:59:5D:C2:ED:8C:2F:92:39:64:5C:4E:8C:5E:73:7D:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0YiojVldwu2ML5I5ZFxOjF5zfTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/0cee19-af0f-4e93-8010-d953f4854757/1/KSbfT1ONWW_HMUDTAX-obz0PFXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/0cee19-af0f-4e93-8010-d953f4854757/1/0YiojVldwu2ML5I5ZFxOjF5zfTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:31:4b:cf:b5:b1:ba:1f:97:19:15:79:b5:35:7e:9e:94:98:
         4e:51:09:f5:ff:ec:84:24:9e:f7:0a:36:fe:3c:06:c4:65:d6:
         c0:b4:4a:4e:b9:1c:49:75:a3:dd:d4:c3:2a:bc:13:ad:d1:63:
         b7:f3:8a:39:94:a9:89:a4:45:85:0f:11:b5:09:63:a2:c6:13:
         50:a6:5e:80:18:f4:8a:e7:65:ec:16:80:1c:2c:ef:5a:c3:8e:
         41:08:95:30:f8:18:5e:8d:5b:59:a9:c0:7f:74:23:66:57:dd:
         24:4f:18:af:de:a8:c0:5d:2e:7f:79:05:83:84:20:24:a6:d5:
         64:31:a5:dd:2d:4b:1f:35:66:63:e7:ac:9e:21:a0:19:d1:a5:
         b4:5b:8f:52:ec:2d:c7:36:b1:1d:7f:72:a6:b7:41:fc:72:ca:
         d4:cb:94:1e:0e:ad:84:d7:08:8f:23:e1:36:57:e5:6b:1b:b1:
         b2:62:fa:f1:a1:4a:47:d0:77:b8:8f:40:26:26:0d:1a:97:95:
         27:77:32:b2:c9:4f:c5:89:e3:06:40:31:02:f6:86:40:e6:f8:
         7d:6b:0a:dc:7b:5d:a6:b4:11:fe:55:54:c7:12:44:18:89:36:
         9e:ac:bc:9d:7e:43:7d:58:35:91:c7:b1:33:bf:dc:3f:c3:fa:
         39:30:a8:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpreHq+zKYqKhDnBzh71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxODhhODhkNTk1ZGMyZWQ4YzJmOTIzOTY0NWM0ZThjNWU3
MzdkMzEwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTI2ZGY0ZjUzOGQ1OTZmYzczMTQwZDMwMTdmYTg2ZjNkMGYxNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rQcj5Q4cOvUu7+YGJR9oDMhfZAj
V9VYHN+trpbJFfLEmDBxU0rZ2pD5ysGAJPbl3AjMj69U60NxhIuEnWpSR0QmIP/g
BR77WmtK0ozAoWQlOawjEbu5etAtXOjYyy/dTwe0LruJU2liefH9TQra8j8yc+FC
3AxTqgk/HsrWN3Jks5YJqdP1KQeDRGkkBvmEnVVMV80V9Me4xY1CRRc3YY4w5uVp
X9VDg9IS0L9mwJQmZNaiBuTOOAo8bPVR6lKT5F9fPHHpqBhW74P/zha002jehsAJ
kUGAD1DDNQzBIlbkajKAfKCByjan+zGZnyYQ1nhqCV0Ud5JB3W2oOU720QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkm309TjVlvxzFA0wF/qG89DxVyMB8GA1UdIwQY
MBaAFNGIqI1ZXcLtjC+SOWRcToxec30xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFlpb2pWbGR3dTJNTDVJNVpGeE9qRjV6ZlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wY2VlMTktYWYwZi00ZTkzLTgwMTAt
ZDk1M2Y0ODU0NzU3LzEvS1NiZlQxT05XV19ITVVEVEFYLW9iejBQRlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wY2VlMTktYWYwZi00ZTkzLTgwMTAtZDk1M2Y0ODU0NzU3
LzEvMFlpb2pWbGR3dTJNTDVJNVpGeE9qRjV6ZlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuehiMA0G
CSqGSIb3DQEBCwUAA4IBAQBjMUvPtbG6H5cZFXm1NX6elJhOUQn1/+yEJJ73Cjb+
PAbEZdbAtEpOuRxJdaPd1MMqvBOt0WO384o5lKmJpEWFDxG1CWOixhNQpl6AGPSK
52XsFoAcLO9aw45BCJUw+BhejVtZqcB/dCNmV90kTxiv3qjAXS5/eQWDhCAkptVk
MaXdLUsfNWZj56yeIaAZ0aW0W49S7C3HNrEdf3Kmt0H8csrUy5QeDq2E1wiPI+E2
V+VrG7GyYvrxoUpH0He4j0AmJg0al5UndzKyyU/FieMGQDEC9oZA5vh9awrce12m
tBH+VVTHEkQYiTaerLydfkN9WDWRx7Ezv9w/w/o5MKhr
-----END CERTIFICATE-----