Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/4678rxOgfjNEh30MqXRXYEkaQFU.roa
File:                     4678rxOgfjNEh30MqXRXYEkaQFU.roa (raw, json)
Hash identifier:          u3BPXQ0yKQKo7AaGAMkoPi6Bq40Vk+O3jffEMXwrqd0=
Subject key identifier:   E3:AE:FC:AF:13:A0:7E:33:44:87:7D:0C:A9:74:57:60:49:1A:40:55
Certificate issuer:       /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial:       018CC79369DB26229FEB238F2CA1B002E8ED
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/4678rxOgfjNEh30MqXRXYEkaQFU.roa
Signing time:             Tue 02 Jan 2024 00:29:35 +0000
ROA not before:           Tue 02 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203898
IP address blocks:        185.122.0.0/24 maxlen: 24
                          2a06:98c0:1000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:11:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:69:db:26:22:9f:eb:23:8f:2c:a1:b0:02:e8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
        Validity
            Not Before: Jan  2 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3aefcaf13a07e3344877d0ca9745760491a4055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5e:08:d0:c6:29:6e:95:5c:cf:47:2f:25:eb:
                    61:44:5e:dc:81:eb:78:76:f5:cd:42:d6:17:49:e6:
                    39:b0:4e:80:99:71:62:aa:eb:16:8f:57:11:86:fb:
                    dc:0c:94:eb:d6:51:b6:d8:12:d8:eb:36:ba:c6:d7:
                    a6:c5:64:12:41:58:62:b5:2b:c2:06:42:de:29:1d:
                    81:5a:46:11:ae:bc:96:65:4a:f1:01:f2:3b:42:55:
                    40:b0:07:c5:84:ed:f0:ac:60:75:de:9b:3b:a2:fb:
                    f1:1b:ac:aa:2c:2f:c8:4a:13:1f:ec:5a:34:85:7f:
                    9f:06:47:f7:a4:71:0c:a3:37:f6:43:53:ce:3e:cc:
                    e8:1f:09:1a:de:f6:e1:42:93:55:17:b1:ad:a8:75:
                    61:ec:44:f0:cf:73:e5:4a:75:89:46:bc:30:7e:fd:
                    d3:e3:36:72:ec:0c:9a:b3:81:9b:67:16:10:5f:69:
                    86:13:2f:95:be:58:c3:a2:ea:b3:bf:a8:13:e8:6d:
                    d6:2e:e2:59:89:b3:af:91:79:9d:90:cb:bc:41:00:
                    1b:ce:c0:ff:b1:b2:b5:ec:10:c2:4d:ab:6a:37:ca:
                    ea:56:28:07:b8:42:62:01:00:55:c8:19:f1:e6:41:
                    33:7f:d8:0c:bd:f8:0e:3b:18:7a:f7:7a:10:bc:c5:
                    3c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:AE:FC:AF:13:A0:7E:33:44:87:7D:0C:A9:74:57:60:49:1A:40:55
            X509v3 Authority Key Identifier:
                keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/4678rxOgfjNEh30MqXRXYEkaQFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.0.0/24
                IPv6:
                  2a06:98c0:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:25:f2:f3:25:68:5f:c0:70:14:c6:f9:b2:6e:f3:9d:97:ea:
         6b:bb:0f:a3:2e:ae:7b:cd:ee:bf:39:99:b6:03:57:be:76:31:
         0b:28:aa:74:a7:89:1c:71:b4:04:04:92:77:2c:c4:b4:45:e4:
         74:4d:de:23:8b:e2:0e:50:fc:87:12:c2:1c:bc:a8:50:c4:18:
         b9:40:fc:44:f0:ba:03:49:a1:08:1f:89:db:99:c2:04:c6:e5:
         c5:67:54:ce:1c:fb:ce:8a:1b:52:ed:e0:b4:60:ec:57:d2:e4:
         39:14:c4:1f:3e:46:21:74:2f:ce:21:56:8e:4c:a0:b9:5e:40:
         4b:12:1e:37:21:d2:b7:d7:98:d5:db:10:9b:4b:36:a9:17:88:
         97:91:9d:9c:f2:e5:32:76:0c:a7:c7:7f:1d:78:0f:c6:b9:1b:
         f3:12:3c:46:c1:41:21:d1:04:f4:5d:a5:4a:dd:f6:8b:72:8f:
         39:bc:89:a0:c8:3b:1e:6f:d0:63:c8:0c:fa:62:55:e2:4f:f8:
         21:0a:96:bf:56:b9:54:46:6c:f8:c8:19:91:74:38:15:b0:4e:
         e0:25:ad:0d:bf:93:10:6c:18:ae:43:e2:b6:19:ef:c4:6d:9e:
         04:e0:e8:3d:ed:7b:b7:f5:c4:a0:39:27:d1:21:47:b1:cb:52:
         56:be:2b:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHk2nbJiKf6yOPLKGwAujtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjQwMTAyMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2FlZmNhZjEzYTA3ZTMzNDQ4NzdkMGNhOTc0NTc2MDQ5MWE0MDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyV4I0MYpbpVcz0cvJethRF7cget4
dvXNQtYXSeY5sE6AmXFiqusWj1cRhvvcDJTr1lG22BLY6za6xtemxWQSQVhitSvC
BkLeKR2BWkYRrryWZUrxAfI7QlVAsAfFhO3wrGB13ps7ovvxG6yqLC/IShMf7Fo0
hX+fBkf3pHEMozf2Q1POPszoHwka3vbhQpNVF7GtqHVh7ETwz3PlSnWJRrwwfv3T
4zZy7Ayas4GbZxYQX2mGEy+VvljDouqzv6gT6G3WLuJZibOvkXmdkMu8QQAbzsD/
sbK17BDCTatqN8rqVigHuEJiAQBVyBnx5kEzf9gMvfgOOxh693oQvMU8gwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOOu/K8ToH4zRId9DKl0V2BJGkBVMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvNDY3OHJ4T2dmak5FaDMwTXFYUlhZRWthUUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXoAMA8E
AgACMAkDBwAqBpjAEAAwDQYJKoZIhvcNAQELBQADggEBAA8l8vMlaF/AcBTG+bJu
852X6mu7D6MurnvN7r85mbYDV752MQsoqnSniRxxtAQEkncsxLRF5HRN3iOL4g5Q
/IcSwhy8qFDEGLlA/ETwugNJoQgfiduZwgTG5cVnVM4c+86KG1Lt4LRg7FfS5DkU
xB8+RiF0L84hVo5MoLleQEsSHjch0rfXmNXbEJtLNqkXiJeRnZzy5TJ2DKfHfx14
D8a5G/MSPEbBQSHRBPRdpUrd9otyjzm8iaDIOx5v0GPIDPpiVeJP+CEKlr9WuVRG
bPjIGZF0OBWwTuAlrQ2/kxBsGK5D4rYZ78RtngTg6D3te7f1xKA5J9EhR7HLUla+
Ky0=
-----END CERTIFICATE-----