Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/8c5dc7-bf41-4008-9cff-2c69985359c0/1/98VxR7l_uFgsctd-yH-pkokqhj4.roa
File:                     98VxR7l_uFgsctd-yH-pkokqhj4.roa (raw, json)
Hash identifier:          Y8uNwptzlONUS+iSPthQNa944rzH/AfY/flExfdMBgc=
Subject key identifier:   F7:C5:71:47:B9:7F:B8:58:2C:72:D7:7E:C8:7F:A9:92:89:2A:86:3E
Certificate issuer:       /CN=45aed3d1a1a1e2830d416afa047b95220e814084
Certificate serial:       0190734E6F4A1991B248D5163D7C2DB4C6DD
Authority key identifier: 45:AE:D3:D1:A1:A1:E2:83:0D:41:6A:FA:04:7B:95:22:0E:81:40:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ra7T0aGh4oMNQWr6BHuVIg6BQIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/8c5dc7-bf41-4008-9cff-2c69985359c0/1/98VxR7l_uFgsctd-yH-pkokqhj4.roa
Signing time:             Tue 02 Jul 2024 11:57:18 +0000
ROA not before:           Tue 02 Jul 2024 11:57:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199699
IP address blocks:        193.24.106.0/24 maxlen: 24
                          2a13:8f80::/29 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/8c5dc7-bf41-4008-9cff-2c69985359c0/1/Ra7T0aGh4oMNQWr6BHuVIg6BQIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/8c5dc7-bf41-4008-9cff-2c69985359c0/1/Ra7T0aGh4oMNQWr6BHuVIg6BQIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ra7T0aGh4oMNQWr6BHuVIg6BQIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:4e:6f:4a:19:91:b2:48:d5:16:3d:7c:2d:b4:c6:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45aed3d1a1a1e2830d416afa047b95220e814084
        Validity
            Not Before: Jul  2 11:57:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7c57147b97fb8582c72d77ec87fa992892a863e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8e:de:40:9b:a5:40:90:d4:89:3c:fc:22:b5:
                    cc:b1:ee:d4:de:62:c1:c4:7c:50:91:b8:fe:1a:93:
                    b6:65:55:94:8c:9c:62:bc:c0:0f:06:03:6a:0c:19:
                    23:37:8b:97:9e:15:48:0f:83:68:5a:3e:a7:b8:42:
                    fb:c6:bf:ef:98:2d:94:32:d8:67:7d:ba:d8:25:f1:
                    a7:a5:99:f5:ce:5d:06:3c:63:20:8f:13:4c:b9:6e:
                    5e:b8:c6:d6:90:1a:14:50:98:5e:51:75:da:4c:9d:
                    ca:c8:a2:63:64:15:be:80:04:bb:75:b0:3c:e4:7d:
                    d5:13:50:11:44:8d:9d:42:52:36:b3:94:d3:01:9c:
                    85:94:70:89:23:64:c6:1d:92:e7:0f:96:9d:5e:0f:
                    13:08:ff:48:48:bf:44:65:c2:14:75:3a:92:fb:34:
                    20:a0:4c:b6:ed:49:39:53:5e:1f:12:fa:24:ad:0b:
                    10:78:19:3b:e5:b2:6e:9a:66:d9:58:73:19:16:23:
                    55:b2:c7:4f:73:99:58:cc:76:bf:a1:81:7b:a0:d5:
                    30:68:67:7c:83:06:c7:be:0f:1f:7a:31:71:39:c0:
                    49:66:13:c6:d0:8f:9b:a6:03:3d:ee:04:02:b1:3c:
                    7b:88:3f:48:b3:05:0f:c2:1f:63:8c:9d:1a:72:2b:
                    19:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:C5:71:47:B9:7F:B8:58:2C:72:D7:7E:C8:7F:A9:92:89:2A:86:3E
            X509v3 Authority Key Identifier:
                keyid:45:AE:D3:D1:A1:A1:E2:83:0D:41:6A:FA:04:7B:95:22:0E:81:40:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ra7T0aGh4oMNQWr6BHuVIg6BQIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8c5dc7-bf41-4008-9cff-2c69985359c0/1/98VxR7l_uFgsctd-yH-pkokqhj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8c5dc7-bf41-4008-9cff-2c69985359c0/1/Ra7T0aGh4oMNQWr6BHuVIg6BQIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.106.0/24
                IPv6:
                  2a13:8f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:03:26:fd:15:d1:21:60:d8:77:bd:10:f8:8d:bc:f0:4e:f7:
         a5:89:d0:15:07:cd:d8:f7:02:34:e2:d0:a4:d8:9d:49:4f:93:
         e1:56:7e:8f:ea:8f:fe:52:7d:b8:4b:80:b9:f9:a9:cc:3e:11:
         c6:dc:03:7e:6d:13:a9:6c:79:48:46:b8:8e:6e:22:5e:2f:67:
         db:2d:5f:40:b5:77:68:d0:c2:27:e3:a5:84:29:7d:96:9c:ae:
         20:47:5d:4c:e7:9f:1f:6e:b2:d4:1e:72:ef:fc:a8:aa:26:b0:
         43:fe:6e:a6:e3:80:53:79:b2:bb:b8:5b:aa:2c:16:0a:8a:f8:
         51:04:53:0c:11:2f:d6:b8:3e:8a:07:77:ac:cc:0b:b1:b2:06:
         76:0c:af:ef:a3:54:dc:af:55:49:d1:ec:a2:48:ff:7a:a0:ea:
         ce:8d:45:43:18:40:b5:fc:1b:6e:ee:ef:f7:6c:96:8b:d1:ef:
         62:c5:5d:c6:2e:6f:46:e5:f1:e4:5e:30:24:b6:8a:ef:b1:33:
         21:c5:b2:d1:29:22:14:3e:3d:5b:21:77:0d:3a:33:6c:da:a7:
         cc:37:1e:e7:eb:3d:a6:5c:1f:99:cd:c5:96:79:8c:f2:36:03:
         d8:92:c6:76:b4:e1:11:fc:12:38:50:12:a4:a9:9f:dc:9b:29:
         5a:9c:ae:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBzTm9KGZGySNUWPXwttMbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YWVkM2QxYTFhMWUyODMwZDQxNmFmYTA0N2I5NTIyMGU4
MTQwODQwHhcNMjQwNzAyMTE1NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2M1NzE0N2I5N2ZiODU4MmM3MmQ3N2VjODdmYTk5Mjg5MmE4NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAko7eQJulQJDUiTz8IrXMse7U3mLB
xHxQkbj+GpO2ZVWUjJxivMAPBgNqDBkjN4uXnhVID4NoWj6nuEL7xr/vmC2UMthn
fbrYJfGnpZn1zl0GPGMgjxNMuW5euMbWkBoUUJheUXXaTJ3KyKJjZBW+gAS7dbA8
5H3VE1ARRI2dQlI2s5TTAZyFlHCJI2TGHZLnD5adXg8TCP9ISL9EZcIUdTqS+zQg
oEy27Uk5U14fEvokrQsQeBk75bJummbZWHMZFiNVssdPc5lYzHa/oYF7oNUwaGd8
gwbHvg8fejFxOcBJZhPG0I+bpgM97gQCsTx7iD9IswUPwh9jjJ0acisZ7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPfFcUe5f7hYLHLXfsh/qZKJKoY+MB8GA1UdIwQY
MBaAFEWu09GhoeKDDUFq+gR7lSIOgUCEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmE3VDBhR2g0b01OUVdyNkJIdVZJZzZCUUlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84YzVkYzctYmY0MS00MDA4LTljZmYt
MmM2OTk4NTM1OWMwLzEvOThWeFI3bF91RmdzY3RkLXlILXBrb2txaGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84YzVkYzctYmY0MS00MDA4LTljZmYtMmM2OTk4NTM1OWMw
LzEvUmE3VDBhR2g0b01OUVdyNkJIdVZJZzZCUUlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRhqMA0E
AgACMAcDBQMqE4+AMA0GCSqGSIb3DQEBCwUAA4IBAQAwAyb9FdEhYNh3vRD4jbzw
TvelidAVB83Y9wI04tCk2J1JT5PhVn6P6o/+Un24S4C5+anMPhHG3AN+bROpbHlI
RriObiJeL2fbLV9AtXdo0MIn46WEKX2WnK4gR11M558fbrLUHnLv/KiqJrBD/m6m
44BTebK7uFuqLBYKivhRBFMMES/WuD6KB3eszAuxsgZ2DK/vo1Tcr1VJ0eyiSP96
oOrOjUVDGEC1/Btu7u/3bJaL0e9ixV3GLm9G5fHkXjAktorvsTMhxbLRKSIUPj1b
IXcNOjNs2qfMNx7n6z2mXB+ZzcWWeYzyNgPYksZ2tOER/BI4UBKkqZ/cmylanK6f
-----END CERTIFICATE-----