Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/icwjN3YjUTb6RbyEg6Q5L76HPS8.roa
File:                     icwjN3YjUTb6RbyEg6Q5L76HPS8.roa (raw, json)
Hash identifier:          OOpdgUb2ujBwXaLAk3AhxT8v18tvJHs9T2hbVtSHdfc=
Subject key identifier:   89:CC:23:37:76:23:51:36:FA:45:BC:84:83:A4:39:2F:BE:87:3D:2F
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       018CC500E59C8ABE36DC0506E6890D68D046
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/icwjN3YjUTb6RbyEg6Q5L76HPS8.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        144.98.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e5:9c:8a:be:36:dc:05:06:e6:89:0d:68:d0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89cc233776235136fa45bc8483a4392fbe873d2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6c:08:d6:d5:bb:9d:33:20:0a:58:06:94:19:
                    38:97:be:a8:5a:f5:f8:5e:6d:a7:84:e3:04:4b:eb:
                    7d:33:aa:7e:be:e1:f6:ad:99:f9:01:23:27:95:19:
                    8c:0e:9b:f1:a3:79:62:4c:d9:91:c3:c3:e1:eb:fe:
                    65:7a:85:40:5e:ab:47:2c:78:ae:8a:f4:4a:54:a3:
                    41:15:e1:46:b7:cb:ae:1b:01:c1:99:7e:10:76:14:
                    96:9e:33:95:c7:89:4f:d5:60:21:47:0e:9e:c8:26:
                    de:9b:e2:5d:60:b1:37:cb:81:88:79:e0:59:48:e0:
                    51:7e:be:b0:c5:58:66:59:57:92:e8:5c:9a:a2:b0:
                    71:58:27:b1:62:71:fd:66:b2:de:47:5c:75:e7:e2:
                    97:b1:41:26:62:45:16:1e:37:4f:2f:7e:07:90:37:
                    1e:0c:b3:77:28:7f:84:c4:59:8a:bd:d3:6b:a3:f9:
                    14:c4:e0:e0:84:a5:c6:c9:ec:9a:8a:e5:c3:61:57:
                    35:74:5a:9f:12:6c:91:cd:3d:16:d2:1a:5f:5f:31:
                    97:87:95:50:78:39:34:8c:0e:63:c2:36:94:54:b5:
                    97:cc:89:40:15:b5:43:d5:9b:1a:de:d9:25:81:22:
                    f5:05:0a:3f:73:4e:e6:c2:5d:c6:7d:65:48:34:99:
                    b0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CC:23:37:76:23:51:36:FA:45:BC:84:83:A4:39:2F:BE:87:3D:2F
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/icwjN3YjUTb6RbyEg6Q5L76HPS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.98.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:3c:a1:b8:59:32:7b:10:e9:01:9d:c2:4a:bb:90:19:05:17:
         40:8f:1a:65:1d:02:81:d8:31:e0:75:19:69:4a:29:5a:4b:81:
         20:ff:bd:a0:23:0b:a7:36:44:a5:da:1b:e1:d2:7b:fc:4d:7c:
         c8:b0:15:0f:27:74:6d:12:df:52:e3:64:90:d2:53:e7:69:c1:
         0a:15:69:75:4b:29:ae:0f:b7:b2:e1:67:07:10:ea:05:9b:fe:
         71:69:9e:c2:bd:de:58:d2:73:55:3a:f8:ac:04:39:db:00:a9:
         74:93:03:af:04:be:50:be:d4:77:e8:53:2c:26:49:a0:86:bd:
         a3:46:08:55:db:ac:31:ca:f0:94:b4:c9:fe:71:9f:9f:a8:b6:
         b3:e5:b7:62:a0:36:95:47:19:0c:57:26:bc:33:b9:fe:9c:59:
         7c:37:b7:d3:7c:9c:db:da:ed:99:7a:86:fd:31:1b:b9:ff:5f:
         42:c8:a1:1f:55:d4:57:ab:37:bb:76:0e:4c:16:27:55:f7:ae:
         bc:3c:21:54:c6:f9:9e:ad:7c:99:48:eb:73:7b:87:c5:18:ce:
         4e:4d:65:fa:47:56:06:f0:1e:37:6e:7e:4a:0a:b4:65:a2:af:
         9c:38:df:6f:fd:ec:23:ee:cb:71:86:8a:12:9d:f5:38:a5:bb:
         2f:d3:7a:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOWcir423AUG5okNaNBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWNjMjMzNzc2MjM1MTM2ZmE0NWJjODQ4M2E0MzkyZmJlODczZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGwI1tW7nTMgClgGlBk4l76oWvX4
Xm2nhOMES+t9M6p+vuH2rZn5ASMnlRmMDpvxo3liTNmRw8Ph6/5leoVAXqtHLHiu
ivRKVKNBFeFGt8uuGwHBmX4QdhSWnjOVx4lP1WAhRw6eyCbem+JdYLE3y4GIeeBZ
SOBRfr6wxVhmWVeS6FyaorBxWCexYnH9ZrLeR1x15+KXsUEmYkUWHjdPL34HkDce
DLN3KH+ExFmKvdNro/kUxODghKXGyeyaiuXDYVc1dFqfEmyRzT0W0hpfXzGXh5VQ
eDk0jA5jwjaUVLWXzIlAFbVD1Zsa3tklgSL1BQo/c07mwl3GfWVINJmw6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInMIzd2I1E2+kW8hIOkOS++hz0vMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvaWN3ak4zWWpVVGI2UmJ5RWc2UTVMNzZIUFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkGKQMA0G
CSqGSIb3DQEBCwUAA4IBAQAHPKG4WTJ7EOkBncJKu5AZBRdAjxplHQKB2DHgdRlp
SilaS4Eg/72gIwunNkSl2hvh0nv8TXzIsBUPJ3RtEt9S42SQ0lPnacEKFWl1Symu
D7ey4WcHEOoFm/5xaZ7Cvd5Y0nNVOvisBDnbAKl0kwOvBL5QvtR36FMsJkmghr2j
RghV26wxyvCUtMn+cZ+fqLaz5bdioDaVRxkMVya8M7n+nFl8N7fTfJzb2u2Zeob9
MRu5/19CyKEfVdRXqze7dg5MFidV9668PCFUxvmerXyZSOtze4fFGM5OTWX6R1YG
8B43bn5KCrRloq+cON9v/ewj7stxhooSnfU4pbsv03pN
-----END CERTIFICATE-----