Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/C0z6DdMKY0011CEMg0brREHft8I.roa
File:                     C0z6DdMKY0011CEMg0brREHft8I.roa (raw, json)
Hash identifier:          +dbFWwxBIyFnN27a31OlolUnKb6JKZSNaPcmvgDSLGs=
Subject key identifier:   0B:4C:FA:0D:D3:0A:63:4D:35:D4:21:0C:83:46:EB:44:41:DF:B7:C2
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       019427486730C0CFAF76B2776DCB79BFBCEA
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/C0z6DdMKY0011CEMg0brREHft8I.roa
Signing time:             Thu 02 Jan 2025 13:50:43 +0000
ROA not before:           Thu 02 Jan 2025 13:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        144.98.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:67:30:c0:cf:af:76:b2:77:6d:cb:79:bf:bc:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Jan  2 13:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b4cfa0dd30a634d35d4210c8346eb4441dfb7c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6f:95:3e:0c:74:b5:f3:e4:41:8d:6c:32:75:
                    72:72:d8:ca:28:d0:7f:62:c3:3f:2d:70:7c:be:57:
                    79:52:f1:57:eb:f0:b5:90:92:05:4a:99:02:a4:f4:
                    48:cf:ef:59:e4:0f:cd:ab:0d:64:a7:86:c2:05:0a:
                    fc:8e:b4:e6:54:ef:51:ba:91:d6:f1:97:ea:4c:11:
                    d9:be:2e:ec:d2:3a:f7:9b:b9:93:05:a1:59:49:be:
                    19:d5:2a:77:ff:5f:f8:99:e1:8f:60:f4:75:bc:8a:
                    94:1f:bf:4f:a4:70:c9:47:ac:28:1e:aa:3d:40:69:
                    09:00:5d:6b:78:5b:f8:fc:a3:33:17:e9:8b:18:2e:
                    68:fb:ed:0b:52:e4:d4:83:d3:99:77:8d:6d:c4:5c:
                    7e:7c:84:35:0a:e7:13:61:c3:a2:e4:7a:83:0a:63:
                    4b:30:a6:c3:bf:9d:2b:ee:f0:2a:06:45:e1:ec:bf:
                    c6:91:9f:1d:13:ee:6e:ef:66:91:20:99:d1:0a:2d:
                    96:7b:c1:b4:fe:cb:6d:ed:49:b6:7e:7c:f5:3a:7a:
                    89:a9:80:d9:75:f9:1a:97:c2:1a:53:be:63:89:b9:
                    f1:5a:a1:ac:fb:0e:97:d9:31:f2:3c:b0:84:83:c1:
                    45:cd:ae:d1:5a:33:52:78:56:d6:0b:21:72:21:81:
                    79:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4C:FA:0D:D3:0A:63:4D:35:D4:21:0C:83:46:EB:44:41:DF:B7:C2
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/C0z6DdMKY0011CEMg0brREHft8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.98.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:96:51:e7:a2:ca:9e:32:d7:80:23:2d:c1:cb:a5:4e:1b:d0:
         2f:b4:d9:31:16:3e:a7:e0:01:de:a8:fd:8d:98:2e:67:fa:19:
         e7:c4:67:8d:a4:90:18:48:37:b8:ce:cd:d4:fb:45:08:bc:a1:
         e1:d8:57:d8:3a:36:d2:ba:07:44:bd:5c:ae:a5:33:c9:c4:c1:
         3d:bc:79:c9:cd:b5:95:23:e5:0a:27:f0:de:56:4d:0d:31:30:
         41:de:64:e6:00:45:05:02:f8:96:e3:9a:4d:4a:c2:d9:84:41:
         5d:99:8a:9f:ad:85:56:2c:3f:fb:cc:ae:fd:2a:3d:8a:a6:42:
         05:67:9f:92:44:90:16:93:f3:58:df:81:e1:ac:21:46:dc:26:
         3d:01:18:fe:40:46:ed:e6:86:cc:ae:10:45:a7:57:f2:f3:e6:
         3a:33:55:4b:d6:93:de:9b:45:9b:58:b7:94:26:3a:71:4e:a3:
         6d:13:ed:71:c2:04:81:02:55:7c:72:e3:59:c5:ee:f5:aa:43:
         78:f4:27:e0:f8:01:52:83:51:43:99:c8:bd:4d:a2:0e:97:33:
         8c:c2:ca:d1:58:6a:db:87:78:d3:fc:44:fe:48:f5:70:40:bb:
         39:ac:5d:6b:d3:87:bc:96:94:d6:49:1d:08:d5:bd:52:c1:ab:
         0a:d6:b8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSGcwwM+vdrJ3bct5v7zqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjUwMTAyMTM1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRjZmEwZGQzMGE2MzRkMzVkNDIxMGM4MzQ2ZWI0NDQxZGZiN2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02+VPgx0tfPkQY1sMnVyctjKKNB/
YsM/LXB8vld5UvFX6/C1kJIFSpkCpPRIz+9Z5A/Nqw1kp4bCBQr8jrTmVO9RupHW
8ZfqTBHZvi7s0jr3m7mTBaFZSb4Z1Sp3/1/4meGPYPR1vIqUH79PpHDJR6woHqo9
QGkJAF1reFv4/KMzF+mLGC5o++0LUuTUg9OZd41txFx+fIQ1CucTYcOi5HqDCmNL
MKbDv50r7vAqBkXh7L/GkZ8dE+5u72aRIJnRCi2We8G0/stt7Um2fnz1OnqJqYDZ
dfkal8IaU75jibnxWqGs+w6X2THyPLCEg8FFza7RWjNSeFbWCyFyIYF5owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtM+g3TCmNNNdQhDING60RB37fCMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvQzB6NkRkTUtZMDAxMUNFTWcwYnJSRUhmdDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkGKQMA0G
CSqGSIb3DQEBCwUAA4IBAQBRllHnosqeMteAIy3By6VOG9AvtNkxFj6n4AHeqP2N
mC5n+hnnxGeNpJAYSDe4zs3U+0UIvKHh2FfYOjbSugdEvVyupTPJxME9vHnJzbWV
I+UKJ/DeVk0NMTBB3mTmAEUFAviW45pNSsLZhEFdmYqfrYVWLD/7zK79Kj2KpkIF
Z5+SRJAWk/NY34HhrCFG3CY9ARj+QEbt5obMrhBFp1fy8+Y6M1VL1pPem0WbWLeU
JjpxTqNtE+1xwgSBAlV8cuNZxe71qkN49Cfg+AFSg1FDmci9TaIOlzOMwsrRWGrb
h3jT/ET+SPVwQLs5rF1r04e8lpTWSR0I1b1SwasK1rjH
-----END CERTIFICATE-----