Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/X9OzfqRiGOmHyDpuqpWMZVVJw7I.roa
File:                     X9OzfqRiGOmHyDpuqpWMZVVJw7I.roa (raw, json)
Hash identifier:          OhFeQ1Z2D8/EhgkinRGKlmJelTBT8ADi8azoz9TtOvY=
Subject key identifier:   5F:D3:B3:7E:A4:62:18:E9:87:C8:3A:6E:AA:95:8C:65:55:49:C3:B2
Certificate issuer:       /CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
Certificate serial:       018CC794CA88CC723491604B3CF486E56720
Authority key identifier: 84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/X9OzfqRiGOmHyDpuqpWMZVVJw7I.roa
Signing time:             Tue 02 Jan 2024 00:31:06 +0000
ROA not before:           Tue 02 Jan 2024 00:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.98.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ca:88:cc:72:34:91:60:4b:3c:f4:86:e5:67:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fd3b37ea46218e987c83a6eaa958c655549c3b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:bf:b4:a6:be:12:86:d6:81:ef:63:9a:e2:a1:
                    ab:06:9f:80:0b:8f:52:98:44:95:d7:d4:b3:dd:31:
                    f9:70:aa:ac:97:f7:46:6c:6d:45:bf:44:c8:e1:09:
                    f4:b2:a7:6d:b1:53:de:eb:6e:38:c7:01:de:16:1c:
                    fc:22:bc:00:9a:39:a3:33:7d:67:71:44:ce:05:94:
                    69:b9:28:d7:41:07:0c:a5:7f:25:e6:0c:a5:00:dc:
                    3f:81:30:42:da:17:80:78:4c:ba:3e:94:be:ad:0d:
                    8f:f2:fb:22:ce:a7:56:15:a3:13:21:0e:a2:b4:f3:
                    eb:66:b1:eb:d3:af:bc:c1:ef:be:6e:5c:d6:a7:69:
                    76:9b:14:67:b5:02:15:46:01:af:17:e3:5d:15:a0:
                    9b:81:75:79:e7:c9:15:5f:83:04:e4:6f:4c:62:0f:
                    54:24:b9:e1:fd:a1:41:2c:9b:40:01:c3:dd:ab:43:
                    40:eb:e5:8e:a8:5a:9b:fc:42:69:b5:00:e6:b6:18:
                    52:33:f5:d2:e3:65:b6:71:1e:a3:9f:7e:93:23:58:
                    78:e4:0d:86:85:8c:ad:92:06:c2:77:69:e3:cc:b2:
                    63:87:7f:54:1d:eb:e6:8b:56:b8:e9:08:0b:05:98:
                    73:0f:96:e4:31:16:1a:e0:ce:fa:83:13:38:9a:c6:
                    76:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D3:B3:7E:A4:62:18:E9:87:C8:3A:6E:AA:95:8C:65:55:49:C3:B2
            X509v3 Authority Key Identifier:
                keyid:84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/X9OzfqRiGOmHyDpuqpWMZVVJw7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:2b:81:2f:83:3c:ff:78:1a:02:a7:e2:8a:3b:05:21:51:a6:
         50:75:48:31:c8:0f:e3:84:f9:ee:81:5d:5a:eb:5e:3a:c0:70:
         fb:8d:07:df:44:7c:65:ad:79:69:c8:d7:5b:36:d5:c0:39:0a:
         14:8c:95:6b:fc:e2:a4:76:be:a8:e2:53:0b:c0:94:47:bd:f8:
         c8:55:cc:02:0d:84:c9:b5:57:79:79:c7:65:04:ff:fd:60:19:
         e5:b9:96:1c:5a:ec:2b:c3:ed:40:d9:95:92:4a:b9:29:a0:46:
         e3:5c:e2:9f:40:e9:2d:60:89:dc:ea:8b:b7:48:da:58:32:1f:
         63:1a:dc:ba:0c:00:46:39:6f:de:31:0b:1e:4c:5c:1e:c2:00:
         3e:6b:64:a6:c2:05:6a:00:52:7e:3a:c8:f8:db:74:52:53:d3:
         f4:a2:a0:06:e5:f6:a9:6f:d6:dc:33:2d:61:d9:d2:4e:44:1c:
         5c:63:79:5f:09:0f:b4:9c:79:c8:f7:62:98:f6:57:36:05:0c:
         d0:9e:78:93:2f:7c:29:03:12:2f:7d:52:86:41:07:3d:dc:88:
         5d:20:f8:19:f9:b3:ad:6f:66:c9:12:78:87:13:6c:70:48:15:
         ab:d0:57:32:1f:f9:ac:85:29:02:90:a5:57:b4:2f:a8:70:84:
         bd:34:80:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlMqIzHI0kWBLPPSG5WcgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZDYwZDJkYzZhZDgyYTI1NzBlMDAwMGZkZDk5Mzk0OGJj
NDU0ZDgwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQzYjM3ZWE0NjIxOGU5ODdjODNhNmVhYTk1OGM2NTU1NDljM2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAib+0pr4ShtaB72Oa4qGrBp+AC49S
mESV19Sz3TH5cKqsl/dGbG1Fv0TI4Qn0sqdtsVPe6244xwHeFhz8IrwAmjmjM31n
cUTOBZRpuSjXQQcMpX8l5gylANw/gTBC2heAeEy6PpS+rQ2P8vsizqdWFaMTIQ6i
tPPrZrHr06+8we++blzWp2l2mxRntQIVRgGvF+NdFaCbgXV558kVX4ME5G9MYg9U
JLnh/aFBLJtAAcPdq0NA6+WOqFqb/EJptQDmthhSM/XS42W2cR6jn36TI1h45A2G
hYytkgbCd2njzLJjh39UHevmi1a46QgLBZhzD5bkMRYa4M76gxM4msZ2QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/Ts36kYhjph8g6bqqVjGVVScOyMB8GA1UdIwQY
MBaAFITWDS3GrYKiVw4AAP3Zk5SLxFTYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAt
NTRmNmJjODVhYWMwLzEvWDlPemZxUmlHT21IeURwdXFwV01aVlZKdzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAtNTRmNmJjODVhYWMw
LzEvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWKfMA0G
CSqGSIb3DQEBCwUAA4IBAQCWK4Evgzz/eBoCp+KKOwUhUaZQdUgxyA/jhPnugV1a
6146wHD7jQffRHxlrXlpyNdbNtXAOQoUjJVr/OKkdr6o4lMLwJRHvfjIVcwCDYTJ
tVd5ecdlBP/9YBnluZYcWuwrw+1A2ZWSSrkpoEbjXOKfQOktYInc6ou3SNpYMh9j
Gty6DABGOW/eMQseTFwewgA+a2SmwgVqAFJ+Osj423RSU9P0oqAG5fapb9bcMy1h
2dJORBxcY3lfCQ+0nHnI92KY9lc2BQzQnniTL3wpAxIvfVKGQQc93IhdIPgZ+bOt
b2bJEniHE2xwSBWr0FcyH/mshSkCkKVXtC+ocIS9NIDx
-----END CERTIFICATE-----