Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/pUDo5Xdse1PXgUnaODg2gCpamv4.roa
File:                     pUDo5Xdse1PXgUnaODg2gCpamv4.roa (raw, json)
Hash identifier:          nYhA2TvJ3pWh5tbCP3FhoKaQVqbJbuk7g/ayP4DU7PY=
Subject key identifier:   A5:40:E8:E5:77:6C:7B:53:D7:81:49:DA:38:38:36:80:2A:5A:9A:FE
Certificate issuer:       /CN=7826b604f6f8c03fe9df6c98e61f39eaed7555a5
Certificate serial:       018E011A0D50899E0F4B3828BE014F269AD0
Authority key identifier: 78:26:B6:04:F6:F8:C0:3F:E9:DF:6C:98:E6:1F:39:EA:ED:75:55:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/pUDo5Xdse1PXgUnaODg2gCpamv4.roa
Signing time:             Sat 02 Mar 2024 21:37:48 +0000
ROA not before:           Sat 02 Mar 2024 21:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212088
IP address blocks:        185.89.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:01:1a:0d:50:89:9e:0f:4b:38:28:be:01:4f:26:9a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7826b604f6f8c03fe9df6c98e61f39eaed7555a5
        Validity
            Not Before: Mar  2 21:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a540e8e5776c7b53d78149da383836802a5a9afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:75:b0:b2:4f:d0:80:a3:fc:ad:0b:af:f4:a1:
                    ea:b1:3f:89:54:0c:cc:95:92:0c:ab:a2:27:62:08:
                    93:59:c9:ca:28:a9:2c:f9:28:3e:dd:11:ef:33:b1:
                    ec:be:07:09:77:dd:6a:8a:f1:6a:8a:f7:47:fc:f3:
                    25:a5:0e:19:f5:5f:e1:5e:4f:76:ec:75:86:ac:89:
                    3b:9b:a4:4c:53:76:ca:36:97:37:83:4e:ca:10:cc:
                    54:61:8f:87:70:d3:01:be:31:e3:52:e8:4f:e0:4c:
                    9a:56:55:fa:80:12:2b:e7:03:4e:55:76:0c:37:65:
                    70:cf:64:df:bb:3e:6f:79:73:d8:1d:1d:3a:23:d3:
                    1d:ea:21:2c:6c:b9:e3:66:20:be:46:af:6c:96:58:
                    90:d1:3e:46:99:ed:b0:1d:79:02:0a:96:a1:3f:4d:
                    24:b3:90:94:ec:e1:de:5d:42:1d:de:de:63:46:9f:
                    b8:ee:38:33:28:3f:c9:f6:f7:3c:a2:86:88:82:76:
                    c4:cc:49:01:72:8c:e6:cb:0e:02:3e:95:27:eb:80:
                    58:95:07:8d:94:a8:89:b6:89:64:04:7d:4a:f0:0c:
                    05:79:5f:87:25:d4:8c:a0:b5:d1:75:69:09:ef:b6:
                    06:38:c2:78:c9:23:cb:68:12:e5:37:55:df:43:4a:
                    6f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:40:E8:E5:77:6C:7B:53:D7:81:49:DA:38:38:36:80:2A:5A:9A:FE
            X509v3 Authority Key Identifier:
                keyid:78:26:B6:04:F6:F8:C0:3F:E9:DF:6C:98:E6:1F:39:EA:ED:75:55:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/pUDo5Xdse1PXgUnaODg2gCpamv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:07:6b:fa:30:36:65:57:28:3f:e4:9f:0b:9b:fe:24:d6:96:
         5e:77:d9:7b:8e:b5:50:85:53:af:c1:d0:8f:6e:4e:d2:9e:da:
         91:c8:74:28:69:42:48:fb:55:d5:1b:39:e1:14:f1:13:90:12:
         ae:0d:b4:43:97:f4:c7:7d:df:2a:05:85:3e:4b:3b:80:84:01:
         68:cd:52:4a:45:4e:1b:21:f3:87:ce:53:06:34:27:5e:26:3c:
         60:6a:77:27:74:5c:8a:29:fe:8d:66:48:dc:68:0d:7d:33:cc:
         1f:43:54:51:7f:2c:1c:92:4b:c3:71:bd:8e:19:2e:84:ba:b4:
         5b:7a:a4:21:48:27:25:7d:9e:63:16:4e:c6:8f:07:b3:60:4d:
         ef:3e:85:50:a5:33:a0:12:f4:bc:1f:29:44:8f:4f:19:08:b9:
         b1:79:8e:4e:ec:28:3f:5f:11:59:ee:a2:ee:b3:8b:67:e8:6b:
         d4:aa:a2:1f:6b:14:38:f5:35:31:38:09:d1:80:1a:b5:93:c2:
         d1:d2:32:d6:34:c9:57:a2:82:f2:10:16:d9:76:a4:e1:59:0e:
         2b:93:fe:5e:e9:84:00:b9:fa:50:2d:02:33:9b:05:a3:27:b1:
         ed:41:eb:2b:4e:30:e1:e5:89:98:73:ec:89:92:53:ff:ae:bf:
         a0:84:99:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4BGg1QiZ4PSzgovgFPJprQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MjZiNjA0ZjZmOGMwM2ZlOWRmNmM5OGU2MWYzOWVhZWQ3
NTU1YTUwHhcNMjQwMzAyMjEzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQwZThlNTc3NmM3YjUzZDc4MTQ5ZGEzODM4MzY4MDJhNWE5YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXWwsk/QgKP8rQuv9KHqsT+JVAzM
lZIMq6InYgiTWcnKKKks+Sg+3RHvM7HsvgcJd91qivFqivdH/PMlpQ4Z9V/hXk92
7HWGrIk7m6RMU3bKNpc3g07KEMxUYY+HcNMBvjHjUuhP4EyaVlX6gBIr5wNOVXYM
N2Vwz2Tfuz5veXPYHR06I9Md6iEsbLnjZiC+Rq9slliQ0T5Gme2wHXkCCpahP00k
s5CU7OHeXUId3t5jRp+47jgzKD/J9vc8ooaIgnbEzEkBcozmyw4CPpUn64BYlQeN
lKiJtolkBH1K8AwFeV+HJdSMoLXRdWkJ77YGOMJ4ySPLaBLlN1XfQ0pvLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVA6OV3bHtT14FJ2jg4NoAqWpr+MB8GA1UdIwQY
MBaAFHgmtgT2+MA/6d9smOYfOertdVWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUNhMkJQYjR3RF9wMzJ5WTVoODU2dTExVmFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jOTRjNjUtZWEwMi00MDVhLWJiYTct
Y2EwNDc0YWRmMzczLzEvcFVEbzVYZHNlMVBYZ1VuYU9EZzJnQ3BhbXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jOTRjNjUtZWEwMi00MDVhLWJiYTctY2EwNDc0YWRmMzcz
LzEvZUNhMkJQYjR3RF9wMzJ5WTVoODU2dTExVmFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVliMA0G
CSqGSIb3DQEBCwUAA4IBAQBxB2v6MDZlVyg/5J8Lm/4k1pZed9l7jrVQhVOvwdCP
bk7SntqRyHQoaUJI+1XVGznhFPETkBKuDbRDl/THfd8qBYU+SzuAhAFozVJKRU4b
IfOHzlMGNCdeJjxgancndFyKKf6NZkjcaA19M8wfQ1RRfywckkvDcb2OGS6EurRb
eqQhSCclfZ5jFk7GjwezYE3vPoVQpTOgEvS8HylEj08ZCLmxeY5O7Cg/XxFZ7qLu
s4tn6GvUqqIfaxQ49TUxOAnRgBq1k8LR0jLWNMlXooLyEBbZdqThWQ4rk/5e6YQA
ufpQLQIzmwWjJ7HtQesrTjDh5YmYc+yJklP/rr+ghJl8
-----END CERTIFICATE-----