Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/C7dOxW-wtL054x9B685fbBYMnkI.roa
File:                     C7dOxW-wtL054x9B685fbBYMnkI.roa (raw, json)
Hash identifier:          06hcl4cdDbCtC3KU5DEwtaQ2b20An3D8gt6jX1czpcw=
Subject key identifier:   0B:B7:4E:C5:6F:B0:B4:BD:39:E3:1F:41:EB:CE:5F:6C:16:0C:9E:42
Certificate issuer:       /CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
Certificate serial:       018CC794CAE84A04AB8D5522CF28E72FB234
Authority key identifier: 84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/C7dOxW-wtL054x9B685fbBYMnkI.roa
Signing time:             Tue 02 Jan 2024 00:31:06 +0000
ROA not before:           Tue 02 Jan 2024 00:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.98.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ca:e8:4a:04:ab:8d:55:22:cf:28:e7:2f:b2:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bb74ec56fb0b4bd39e31f41ebce5f6c160c9e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e7:b2:b6:33:e5:fc:6b:c6:45:be:67:4f:3a:
                    dd:0c:be:00:ad:ab:36:cc:fa:b4:c2:08:b4:f3:26:
                    32:1d:8e:29:69:32:e5:6e:ad:d2:df:3f:c8:65:1d:
                    1f:b6:ba:bc:79:61:49:53:e7:45:d3:86:32:77:e0:
                    ab:bf:98:58:9a:eb:79:5a:7e:d5:33:ca:f0:76:10:
                    6c:51:6f:7a:43:b6:10:9a:5d:39:44:56:53:f2:24:
                    d1:ef:de:39:62:e4:5a:01:d7:6e:f2:1d:85:7d:d9:
                    61:f6:f3:7f:35:ba:67:2c:34:bc:96:9a:54:db:e3:
                    0c:c8:83:2a:80:8a:32:62:e5:1a:c7:6e:13:ce:b6:
                    7f:8a:2d:aa:2e:5d:12:c1:90:1a:fc:e2:6b:13:e0:
                    0b:02:c0:ab:e2:83:2c:66:fc:28:d1:95:25:a6:8d:
                    0d:dd:c0:44:fa:53:b4:75:2f:1c:85:60:35:c0:5a:
                    dd:3a:19:69:7a:cd:5f:08:33:c8:53:10:0d:0b:18:
                    68:8c:95:90:db:ae:44:96:9f:92:63:e1:9d:06:bc:
                    cf:76:3e:7f:1f:60:e3:76:26:e9:52:f9:76:d2:f6:
                    50:62:61:7d:db:2e:58:37:32:69:d0:d5:b9:69:69:
                    5a:32:05:67:ab:76:74:0f:c0:39:d4:21:a2:82:39:
                    15:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B7:4E:C5:6F:B0:B4:BD:39:E3:1F:41:EB:CE:5F:6C:16:0C:9E:42
            X509v3 Authority Key Identifier:
                keyid:84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/C7dOxW-wtL054x9B685fbBYMnkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:62:39:51:2b:ff:fa:4f:a7:71:ef:20:cd:31:29:5f:0b:fa:
         14:1f:0f:b3:b3:68:2f:8f:cd:86:55:1c:6b:1e:4b:61:84:b2:
         33:95:64:44:6a:4e:7b:e0:36:e0:64:f8:0d:cc:ec:1e:e9:2a:
         b1:af:68:ac:dd:65:d0:ed:08:ec:e4:f4:9e:18:59:ae:20:bc:
         29:99:6b:1c:98:e5:3a:63:3b:24:fe:43:22:9f:ab:71:71:19:
         6d:92:c1:84:f2:f8:f1:cf:87:36:92:d2:6d:30:9a:ea:9e:08:
         17:87:0a:e9:7a:30:f2:54:1d:4d:35:ce:44:51:66:f2:65:2c:
         12:62:4c:54:db:8b:35:5d:5f:af:b4:21:9a:9d:a4:23:f1:82:
         14:0e:33:af:d3:c7:9b:24:98:b2:6c:e7:8b:8b:91:1f:7e:51:
         25:92:70:63:dd:c1:1b:6c:c2:f1:e3:25:93:a7:9c:7f:41:64:
         f4:fd:4f:23:60:05:47:bf:0e:16:8e:60:22:79:1a:65:2e:0e:
         a2:b7:76:33:34:9f:03:55:03:41:12:31:79:f4:71:72:8a:01:
         71:2e:15:76:73:05:83:3d:4d:35:34:21:e7:a0:43:f9:05:16:
         4e:b9:5c:12:3c:e6:d6:1b:05:15:78:61:ad:26:59:9f:8c:e0:
         16:c6:4a:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlMroSgSrjVUizyjnL7I0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZDYwZDJkYzZhZDgyYTI1NzBlMDAwMGZkZDk5Mzk0OGJj
NDU0ZDgwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmI3NGVjNTZmYjBiNGJkMzllMzFmNDFlYmNlNWY2YzE2MGM5ZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeeytjPl/GvGRb5nTzrdDL4Aras2
zPq0wgi08yYyHY4paTLlbq3S3z/IZR0ftrq8eWFJU+dF04Yyd+Crv5hYmut5Wn7V
M8rwdhBsUW96Q7YQml05RFZT8iTR7945YuRaAddu8h2Ffdlh9vN/NbpnLDS8lppU
2+MMyIMqgIoyYuUax24TzrZ/ii2qLl0SwZAa/OJrE+ALAsCr4oMsZvwo0ZUlpo0N
3cBE+lO0dS8chWA1wFrdOhlpes1fCDPIUxANCxhojJWQ265Elp+SY+GdBrzPdj5/
H2DjdibpUvl20vZQYmF92y5YNzJp0NW5aWlaMgVnq3Z0D8A51CGigjkV0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAu3TsVvsLS9OeMfQevOX2wWDJ5CMB8GA1UdIwQY
MBaAFITWDS3GrYKiVw4AAP3Zk5SLxFTYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAt
NTRmNmJjODVhYWMwLzEvQzdkT3hXLXd0TDA1NHg5QjY4NWZiQllNbmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAtNTRmNmJjODVhYWMw
LzEvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWKfMA0G
CSqGSIb3DQEBCwUAA4IBAQCeYjlRK//6T6dx7yDNMSlfC/oUHw+zs2gvj82GVRxr
HkthhLIzlWREak574DbgZPgNzOwe6Sqxr2is3WXQ7Qjs5PSeGFmuILwpmWscmOU6
Yzsk/kMin6txcRltksGE8vjxz4c2ktJtMJrqnggXhwrpejDyVB1NNc5EUWbyZSwS
YkxU24s1XV+vtCGanaQj8YIUDjOv08ebJJiybOeLi5EfflElknBj3cEbbMLx4yWT
p5x/QWT0/U8jYAVHvw4WjmAieRplLg6it3YzNJ8DVQNBEjF59HFyigFxLhV2cwWD
PU01NCHnoEP5BRZOuVwSPObWGwUVeGGtJlmfjOAWxkqG
-----END CERTIFICATE-----