Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/mC4Bg9bYW70_pDIZqD7hQCML2xQ.roa
File:                     mC4Bg9bYW70_pDIZqD7hQCML2xQ.roa (raw, json)
Hash identifier:          6WPRXTMPC2ugrGkNrSD2ZD1OC4lCCAHBZtiuNkBLdbc=
Subject key identifier:   98:2E:01:83:D6:D8:5B:BD:3F:A4:32:19:A8:3E:E1:40:23:0B:DB:14
Certificate issuer:       /CN=509c63c6d756bb2acd3f1ad92ac415da857e6c98
Certificate serial:       018DC1798189BFDABF7B560B08DD750008CB
Authority key identifier: 50:9C:63:C6:D7:56:BB:2A:CD:3F:1A:D9:2A:C4:15:DA:85:7E:6C:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/mC4Bg9bYW70_pDIZqD7hQCML2xQ.roa
Signing time:             Mon 19 Feb 2024 13:06:22 +0000
ROA not before:           Mon 19 Feb 2024 13:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6724
IP address blocks:        185.122.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:79:81:89:bf:da:bf:7b:56:0b:08:dd:75:00:08:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509c63c6d756bb2acd3f1ad92ac415da857e6c98
        Validity
            Not Before: Feb 19 13:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=982e0183d6d85bbd3fa43219a83ee140230bdb14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:31:c6:50:d3:c7:33:fb:92:44:5b:8f:15:
                    14:4f:4a:f1:16:b4:51:11:44:52:2c:54:e7:3e:50:
                    59:48:90:e3:ac:8c:e1:70:47:8b:1b:a7:7f:e4:ab:
                    3f:98:7c:bc:6c:3f:da:4d:76:8b:dc:46:f7:60:9a:
                    89:a6:a7:e2:a6:37:3e:87:fc:fa:93:86:ab:74:9e:
                    1b:e1:1c:95:08:20:b0:4e:90:1b:65:ba:fd:cb:94:
                    b6:16:f0:d4:66:2e:a0:f0:a0:4d:e0:3f:84:f5:ce:
                    e1:12:ac:06:5e:5b:df:67:aa:05:1f:b1:ba:e5:4a:
                    28:59:74:a8:02:dc:24:03:d7:5a:9e:ca:f6:a8:84:
                    bf:41:39:4f:64:af:c9:0c:33:b5:42:84:fe:f7:d4:
                    a0:c9:bd:2c:3f:32:95:a6:4f:00:56:6d:d5:65:5d:
                    40:54:4e:1f:72:c6:df:26:a7:3e:9f:4b:c5:be:9e:
                    df:3f:34:91:63:90:50:c9:bc:6b:8f:ba:22:a1:29:
                    9b:ea:84:09:20:66:2f:76:e5:cf:1c:b2:ee:78:d3:
                    6a:e9:20:03:ba:eb:32:74:0b:ce:ea:be:ef:87:8e:
                    6a:93:b2:12:bf:8c:75:eb:95:db:bc:39:84:dd:da:
                    ae:ea:79:67:dd:b4:2c:d0:90:88:c6:38:44:96:f7:
                    04:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:2E:01:83:D6:D8:5B:BD:3F:A4:32:19:A8:3E:E1:40:23:0B:DB:14
            X509v3 Authority Key Identifier:
                keyid:50:9C:63:C6:D7:56:BB:2A:CD:3F:1A:D9:2A:C4:15:DA:85:7E:6C:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/mC4Bg9bYW70_pDIZqD7hQCML2xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:70:9d:09:df:63:bb:53:11:d4:42:d9:4c:99:ca:ff:0b:44:
         d4:19:4d:6b:b1:da:d4:c1:65:1e:f7:84:68:eb:f4:78:62:96:
         d4:e4:79:9b:86:5f:3f:f7:d3:d0:4f:91:b9:d2:d7:82:9c:3b:
         c7:3a:79:27:7d:1b:d7:7a:23:87:c1:c1:51:a1:3d:e5:69:f3:
         9b:46:52:03:f0:36:b3:ed:3c:90:e0:77:7b:4e:84:b0:0e:48:
         f4:e6:be:90:81:e3:9a:a5:87:74:42:8b:a9:94:f3:ef:a6:17:
         68:1f:fb:61:9f:71:77:c7:03:2f:59:0f:84:14:57:92:e5:1b:
         c7:8f:e5:65:e0:ff:bd:3f:eb:81:0d:00:a3:cc:58:65:0c:65:
         8e:f5:8e:01:67:90:48:a1:ed:39:f9:96:33:66:88:f2:58:ad:
         8d:12:dc:76:ce:62:40:8f:51:96:de:b8:4a:1e:9c:76:85:c0:
         3c:6b:52:c5:02:88:e7:0a:61:59:a8:57:24:c9:0d:b4:a2:f1:
         8c:1e:3d:b3:be:db:72:35:13:9a:7d:f9:84:80:aa:ce:e0:71:
         f8:88:95:9a:91:ed:7f:be:e8:b2:a3:12:74:94:fd:77:c9:dc:
         a5:13:e5:e2:79:54:3e:9f:95:27:d7:ab:6d:4f:a0:98:a3:35:
         b5:82:91:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BeYGJv9q/e1YLCN11AAjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWM2M2M2ZDc1NmJiMmFjZDNmMWFkOTJhYzQxNWRhODU3
ZTZjOTgwHhcNMjQwMjE5MTMwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODJlMDE4M2Q2ZDg1YmJkM2ZhNDMyMTlhODNlZTE0MDIzMGJkYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfcxxlDTxzP7kkRbjxUUT0rxFrRR
EURSLFTnPlBZSJDjrIzhcEeLG6d/5Ks/mHy8bD/aTXaL3Eb3YJqJpqfipjc+h/z6
k4ardJ4b4RyVCCCwTpAbZbr9y5S2FvDUZi6g8KBN4D+E9c7hEqwGXlvfZ6oFH7G6
5UooWXSoAtwkA9dansr2qIS/QTlPZK/JDDO1QoT+99Sgyb0sPzKVpk8AVm3VZV1A
VE4fcsbfJqc+n0vFvp7fPzSRY5BQybxrj7oioSmb6oQJIGYvduXPHLLueNNq6SAD
uusydAvO6r7vh45qk7ISv4x165XbvDmE3dqu6nln3bQs0JCIxjhElvcEVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJguAYPW2Fu9P6QyGag+4UAjC9sUMB8GA1UdIwQY
MBaAFFCcY8bXVrsqzT8a2SrEFdqFfmyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp4anh0ZFd1eXJOUHhyWktzUVYyb1YtYkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84NDU0OGQtM2YzYi00NmI5LTgzNmMt
MzhhMzkyNDc3NmU5LzEvbUM0Qmc5YllXNzBfcERJWnFEN2hRQ01MMnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84NDU0OGQtM2YzYi00NmI5LTgzNmMtMzhhMzkyNDc3NmU5
LzEvVUp4anh0ZFd1eXJOUHhyWktzUVYyb1YtYkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXq3MA0G
CSqGSIb3DQEBCwUAA4IBAQCDcJ0J32O7UxHUQtlMmcr/C0TUGU1rsdrUwWUe94Ro
6/R4YpbU5Hmbhl8/99PQT5G50teCnDvHOnknfRvXeiOHwcFRoT3lafObRlID8Daz
7TyQ4Hd7ToSwDkj05r6QgeOapYd0QouplPPvphdoH/thn3F3xwMvWQ+EFFeS5RvH
j+Vl4P+9P+uBDQCjzFhlDGWO9Y4BZ5BIoe05+ZYzZojyWK2NEtx2zmJAj1GW3rhK
Hpx2hcA8a1LFAojnCmFZqFckyQ20ovGMHj2zvttyNROaffmEgKrO4HH4iJWake1/
vuiyoxJ0lP13ydylE+XieVQ+n5Un16ttT6CYozW1gpFZ
-----END CERTIFICATE-----