Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/bC-ywlxHtGMBxWQEvbj8ukidEpI.roa
File:                     bC-ywlxHtGMBxWQEvbj8ukidEpI.roa (raw, json)
Hash identifier:          7vLVp2O+LUXn3uEPDIGc+QA8EZYOPq45z5S++7NjXSQ=
Subject key identifier:   6C:2F:B2:C2:5C:47:B4:63:01:C5:64:04:BD:B8:FC:BA:48:9D:12:92
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018CC4936B63BDDA9C5C7661BACB158CADBF
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/bC-ywlxHtGMBxWQEvbj8ukidEpI.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        141.98.45.0/24 maxlen: 24
                          2a07:6f46:4500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6b:63:bd:da:9c:5c:76:61:ba:cb:15:8c:ad:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c2fb2c25c47b46301c56404bdb8fcba489d1292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6f:e9:e4:0d:04:a4:1a:d9:48:3c:9b:aa:1f:
                    da:82:26:45:1f:01:a7:42:7f:30:5b:81:03:7a:d5:
                    07:a0:da:6a:c5:28:9a:7f:b3:a9:c2:cd:a1:fa:bb:
                    46:4f:1d:77:c4:66:7f:f2:4c:b4:95:f2:55:7e:a0:
                    19:ec:e6:d9:1e:a4:7f:00:d3:3d:7e:ce:27:dd:04:
                    0d:d6:6e:70:02:96:fd:1e:a6:7d:62:a6:6a:0a:e4:
                    82:5f:0d:36:31:c3:93:5a:86:1c:bc:67:d1:cc:b6:
                    f0:a4:4e:85:52:dc:be:d9:ee:d2:e7:85:f2:a5:93:
                    2d:c6:ba:e5:d9:ba:87:70:bf:3d:2c:35:01:16:5a:
                    2f:ed:94:36:e8:59:2c:7c:16:4b:84:61:8f:a1:8f:
                    d7:15:69:71:7b:87:05:65:dd:ef:03:52:69:33:6b:
                    48:ad:df:10:f6:87:ef:b8:86:ef:40:10:0b:da:38:
                    8b:02:6e:7d:5b:00:ea:c3:f5:46:a2:6d:92:1b:ec:
                    ed:19:8e:51:10:93:1f:f0:84:a0:32:73:77:8e:ca:
                    cd:cb:06:33:96:c1:56:0a:88:f8:76:bb:ce:30:0c:
                    83:9d:4c:a9:92:9c:63:bf:63:b1:fd:df:41:dd:bf:
                    f3:8e:d5:26:de:38:52:58:2e:d3:18:f8:e7:f1:65:
                    24:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2F:B2:C2:5C:47:B4:63:01:C5:64:04:BD:B8:FC:BA:48:9D:12:92
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/bC-ywlxHtGMBxWQEvbj8ukidEpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.45.0/24
                IPv6:
                  2a07:6f46:4500::/40

    Signature Algorithm: sha256WithRSAEncryption
         22:e7:56:fd:77:cc:0a:ad:f7:4a:f1:9c:b2:16:ba:d8:dc:50:
         7f:1d:a1:8d:6b:76:9a:a3:a8:12:b1:91:ff:7f:dd:e1:e4:c3:
         18:ef:b9:86:14:60:d7:d3:42:58:0c:03:db:fc:8f:65:19:db:
         1c:19:22:26:c9:85:9d:0f:a4:38:3a:41:23:16:86:5f:4f:8c:
         48:20:3f:cb:ca:55:be:ce:a2:88:90:29:a1:34:23:93:96:b1:
         be:e0:3c:86:94:7a:58:3d:cb:27:50:5b:4c:f9:0a:36:bb:48:
         76:68:2d:b2:92:b8:cb:c5:be:4b:97:ee:f5:60:5e:5a:59:fe:
         a2:4c:ae:f9:6d:6b:c1:0d:63:f8:f7:01:bc:3b:54:86:53:cd:
         43:42:fa:e6:64:b4:db:fc:10:02:64:fd:2b:e3:03:6f:d4:0f:
         5b:04:01:a8:5e:5d:11:a8:91:ee:f8:2a:dc:d5:92:7f:69:63:
         5e:fa:8e:30:19:4c:d7:74:8f:5e:97:92:f8:ad:76:b6:97:b8:
         7d:c8:cc:1e:ce:d8:63:bb:6c:b1:aa:d9:bc:2c:89:4e:d7:ed:
         4c:b4:ad:a1:e5:4a:a8:b9:72:f8:9f:bd:2c:06:e3:66:76:b3:
         bd:10:08:c0:09:16:a4:77:56:30:3d:b1:a1:f5:1b:ee:76:90:
         c0:73:7f:8f
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEk2tjvdqcXHZhussVjK2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzJmYjJjMjVjNDdiNDYzMDFjNTY0MDRiZGI4ZmNiYTQ4OWQxMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2/p5A0EpBrZSDybqh/agiZFHwGn
Qn8wW4EDetUHoNpqxSiaf7Opws2h+rtGTx13xGZ/8ky0lfJVfqAZ7ObZHqR/ANM9
fs4n3QQN1m5wApb9HqZ9YqZqCuSCXw02McOTWoYcvGfRzLbwpE6FUty+2e7S54Xy
pZMtxrrl2bqHcL89LDUBFlov7ZQ26FksfBZLhGGPoY/XFWlxe4cFZd3vA1JpM2tI
rd8Q9ofvuIbvQBAL2jiLAm59WwDqw/VGom2SG+ztGY5REJMf8ISgMnN3jsrNywYz
lsFWCoj4drvOMAyDnUypkpxjv2Ox/d9B3b/zjtUm3jhSWC7TGPjn8WUkZwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFGwvssJcR7RjAcVkBL24/LpInRKSMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvYkMteXdseEh0R01CeFdRRXZiajh1a2lkRXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAjWItMA4E
AgACMAgDBgAqB29GRTANBgkqhkiG9w0BAQsFAAOCAQEAIudW/XfMCq33SvGcsha6
2NxQfx2hjWt2mqOoErGR/3/d4eTDGO+5hhRg19NCWAwD2/yPZRnbHBkiJsmFnQ+k
ODpBIxaGX0+MSCA/y8pVvs6iiJApoTQjk5axvuA8hpR6WD3LJ1BbTPkKNrtIdmgt
spK4y8W+S5fu9WBeWln+okyu+W1rwQ1j+PcBvDtUhlPNQ0L65mS02/wQAmT9K+MD
b9QPWwQBqF5dEaiR7vgq3NWSf2ljXvqOMBlM13SPXpeS+K12tpe4fcjMHs7YY7ts
sarZvCyJTtftTLStoeVKqLly+J+9LAbjZnazvRAIwAkWpHdWMD2xofUb7naQwHN/
jw==
-----END CERTIFICATE-----