Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/84887c-6809-4425-bce9-3b5b71cbb322/1/uEbwsZxEUYxhL13en9o7jpR3FP4.roa
File:                     uEbwsZxEUYxhL13en9o7jpR3FP4.roa (raw, json)
Hash identifier:          N54vubB6joSEVmiqahy50QNX/PdogkkO4/u5LWMqaV4=
Subject key identifier:   B8:46:F0:B1:9C:44:51:8C:61:2F:5D:DE:9F:DA:3B:8E:94:77:14:FE
Certificate issuer:       /CN=dd4e3892f46b107852c3eae1b27dccf60fab99bd
Certificate serial:       018CC4936AD64BCBB82EDC9D8F3C1F950D03
Authority key identifier: DD:4E:38:92:F4:6B:10:78:52:C3:EA:E1:B2:7D:CC:F6:0F:AB:99:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3U44kvRrEHhSw-rhsn3M9g-rmb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/84887c-6809-4425-bce9-3b5b71cbb322/1/uEbwsZxEUYxhL13en9o7jpR3FP4.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206988
IP address blocks:        141.98.200.0/22 maxlen: 22
                          141.98.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/84887c-6809-4425-bce9-3b5b71cbb322/1/3U44kvRrEHhSw-rhsn3M9g-rmb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/84887c-6809-4425-bce9-3b5b71cbb322/1/3U44kvRrEHhSw-rhsn3M9g-rmb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3U44kvRrEHhSw-rhsn3M9g-rmb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6a:d6:4b:cb:b8:2e:dc:9d:8f:3c:1f:95:0d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4e3892f46b107852c3eae1b27dccf60fab99bd
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b846f0b19c44518c612f5dde9fda3b8e947714fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0f:c3:76:b4:c0:b0:af:9b:5d:71:21:8e:2a:
                    c3:ec:4d:3b:49:93:f2:eb:a4:38:79:b2:be:92:ab:
                    54:41:18:22:24:81:6f:63:ed:0b:9c:d7:f3:7f:c1:
                    23:b4:7f:0c:1d:db:87:80:a7:b9:a1:f6:e6:48:a6:
                    2d:50:53:58:d5:d5:86:9b:23:b4:19:8c:63:41:00:
                    7d:7d:c9:98:39:22:a3:0e:8a:70:a7:7c:8b:ff:3f:
                    2c:30:a2:56:cf:d2:6e:ba:c2:fd:18:21:23:63:11:
                    56:16:59:0f:5b:e6:93:2b:ab:48:c2:53:37:03:9f:
                    c5:5d:ca:66:64:92:b4:78:67:8a:8b:e4:95:88:96:
                    c1:c7:9f:52:a8:30:9d:b3:47:23:1c:16:a9:64:7e:
                    e8:ec:b5:1f:df:c5:d8:d4:55:69:91:37:11:a1:1e:
                    74:a2:47:d2:ef:71:82:01:49:ea:5c:2c:c6:97:29:
                    88:0b:8f:71:d8:c2:46:7b:cf:31:0e:a3:a7:28:d2:
                    61:eb:87:99:c3:f5:71:90:7e:db:0a:6f:b5:b2:d6:
                    fd:c7:ec:27:a2:2c:57:ec:a8:3f:51:03:9f:f2:e5:
                    4c:9f:0e:03:68:6c:4f:46:2b:4c:6b:aa:6e:2a:65:
                    26:5e:82:e7:d6:24:2e:52:19:d6:54:c0:14:c1:e8:
                    de:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:46:F0:B1:9C:44:51:8C:61:2F:5D:DE:9F:DA:3B:8E:94:77:14:FE
            X509v3 Authority Key Identifier:
                keyid:DD:4E:38:92:F4:6B:10:78:52:C3:EA:E1:B2:7D:CC:F6:0F:AB:99:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3U44kvRrEHhSw-rhsn3M9g-rmb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/84887c-6809-4425-bce9-3b5b71cbb322/1/uEbwsZxEUYxhL13en9o7jpR3FP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/84887c-6809-4425-bce9-3b5b71cbb322/1/3U44kvRrEHhSw-rhsn3M9g-rmb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:a6:de:90:76:c2:6f:76:0c:8d:6f:9e:7b:7f:87:6c:57:b3:
         38:03:62:06:d4:99:4c:a9:b8:d3:f1:7c:ff:a4:0d:8e:ab:17:
         2d:bf:41:cf:c2:98:c8:2a:8e:bf:d6:b7:88:46:cd:9f:97:ac:
         58:b9:0c:ee:7f:00:9c:64:fc:7e:7e:3f:88:86:6c:ef:57:5a:
         2b:f8:fc:57:ba:3a:23:34:5c:f5:bc:0b:ca:8c:bd:4e:e8:b2:
         25:4c:43:1b:b4:48:07:f8:a2:39:93:4b:22:9e:2c:2d:9c:ba:
         ba:1b:a0:b0:ef:32:66:c2:61:9f:5a:7a:08:a5:78:98:1f:be:
         dc:bf:18:32:cf:07:53:f5:1f:a4:7d:54:1f:df:4d:ae:be:73:
         20:c7:b2:1e:cb:d7:af:3d:ce:fd:d8:1c:10:f3:a4:05:11:4e:
         0c:d4:47:f0:93:51:5f:64:c1:7d:ce:38:3d:6c:30:56:52:b3:
         61:46:64:34:65:6c:a4:21:8d:1e:24:a8:f9:ae:b4:e6:39:78:
         a2:d3:95:29:a9:bf:16:02:80:fa:d4:a6:a5:22:32:e9:bb:25:
         82:5a:46:40:a5:61:e8:5d:49:79:cc:1b:21:46:b4:ba:41:b5:
         9e:97:af:ba:df:c2:61:08:31:f3:5b:0c:ab:38:54:64:4d:9b:
         7e:7e:c2:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2rWS8u4LtydjzwflQ0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNGUzODkyZjQ2YjEwNzg1MmMzZWFlMWIyN2RjY2Y2MGZh
Yjk5YmQwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODQ2ZjBiMTljNDQ1MThjNjEyZjVkZGU5ZmRhM2I4ZTk0NzcxNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA/DdrTAsK+bXXEhjirD7E07SZPy
66Q4ebK+kqtUQRgiJIFvY+0LnNfzf8EjtH8MHduHgKe5ofbmSKYtUFNY1dWGmyO0
GYxjQQB9fcmYOSKjDopwp3yL/z8sMKJWz9JuusL9GCEjYxFWFlkPW+aTK6tIwlM3
A5/FXcpmZJK0eGeKi+SViJbBx59SqDCds0cjHBapZH7o7LUf38XY1FVpkTcRoR50
okfS73GCAUnqXCzGlymIC49x2MJGe88xDqOnKNJh64eZw/VxkH7bCm+1stb9x+wn
oixX7Kg/UQOf8uVMnw4DaGxPRitMa6puKmUmXoLn1iQuUhnWVMAUwejeIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhG8LGcRFGMYS9d3p/aO46UdxT+MB8GA1UdIwQY
MBaAFN1OOJL0axB4UsPq4bJ9zPYPq5m9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1U0NGt2UnJFSGhTdy1yaHNuM005Zy1ybWIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NDg4N2MtNjgwOS00NDI1LWJjZTkt
M2I1YjcxY2JiMzIyLzEvdUVid3NaeEVVWXhoTDEzZW45bzdqcFIzRlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NDg4N2MtNjgwOS00NDI1LWJjZTktM2I1YjcxY2JiMzIy
LzEvM1U0NGt2UnJFSGhTdy1yaHNuM005Zy1ybWIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWLIMA0G
CSqGSIb3DQEBCwUAA4IBAQAupt6QdsJvdgyNb557f4dsV7M4A2IG1JlMqbjT8Xz/
pA2Oqxctv0HPwpjIKo6/1reIRs2fl6xYuQzufwCcZPx+fj+IhmzvV1or+PxXujoj
NFz1vAvKjL1O6LIlTEMbtEgH+KI5k0siniwtnLq6G6Cw7zJmwmGfWnoIpXiYH77c
vxgyzwdT9R+kfVQf302uvnMgx7Iey9evPc792BwQ86QFEU4M1Efwk1FfZMF9zjg9
bDBWUrNhRmQ0ZWykIY0eJKj5rrTmOXii05Upqb8WAoD61KalIjLpuyWCWkZApWHo
XUl5zBshRrS6QbWel6+638JhCDHzWwyrOFRkTZt+fsL4
-----END CERTIFICATE-----