Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/Il1h2myYViHvQZ0t_0I8JwNSeCM.roa
File:                     Il1h2myYViHvQZ0t_0I8JwNSeCM.roa (raw, json)
Hash identifier:          fwYInM7khphr8OchqNwTH0PuBVUGo/ryufAfWdqgADs=
Subject key identifier:   22:5D:61:DA:6C:98:56:21:EF:41:9D:2D:FF:42:3C:27:03:52:78:23
Certificate issuer:       /CN=98907806ddacb48430bdd0254898019e413a2bde
Certificate serial:       018CC6B9253EC7A58F67E67D7F6D3A149707
Authority key identifier: 98:90:78:06:DD:AC:B4:84:30:BD:D0:25:48:98:01:9E:41:3A:2B:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJB4Bt2stIQwvdAlSJgBnkE6K94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/Il1h2myYViHvQZ0t_0I8JwNSeCM.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.239.200.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/mJB4Bt2stIQwvdAlSJgBnkE6K94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/mJB4Bt2stIQwvdAlSJgBnkE6K94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJB4Bt2stIQwvdAlSJgBnkE6K94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:25:3e:c7:a5:8f:67:e6:7d:7f:6d:3a:14:97:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98907806ddacb48430bdd0254898019e413a2bde
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=225d61da6c985621ef419d2dff423c2703527823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e9:f6:de:b6:2d:7c:4f:e4:9f:66:de:e4:aa:
                    17:d3:42:8f:80:2d:1a:eb:28:45:f3:ea:49:c8:93:
                    0a:7b:72:5f:20:b1:f8:83:ce:9b:22:ca:a6:01:8c:
                    6c:6e:d2:e3:f5:53:73:eb:3c:31:8f:db:78:14:e2:
                    74:11:92:29:f4:2a:70:af:d3:c5:70:b4:90:a1:73:
                    b3:a8:c4:a5:f5:36:1b:f5:4c:81:8c:4c:11:75:37:
                    2b:58:67:5d:61:f2:21:4a:16:7e:c9:8d:2b:10:b2:
                    c2:03:5c:f8:ca:d9:fe:36:0f:e7:45:ad:35:50:0a:
                    4b:8d:60:34:fd:2d:4d:8a:c8:9d:f5:fc:b7:f2:16:
                    85:c0:86:cb:eb:45:71:45:10:78:71:8a:bf:0a:0a:
                    7d:b7:6a:91:df:ed:66:e0:1c:bd:0a:e2:e4:93:99:
                    77:b3:7b:cb:ac:9d:73:12:4c:a3:ae:d3:29:4d:c7:
                    0e:23:5d:19:04:40:0e:df:dd:28:a6:92:b7:64:76:
                    d1:96:ae:f1:03:7f:5e:f2:68:fd:6b:56:e0:66:a3:
                    76:d5:6a:19:20:43:fe:19:82:c2:bc:71:08:11:e4:
                    0b:e5:18:12:02:08:e6:0e:4f:61:81:70:0a:43:fe:
                    f1:26:cb:51:02:ee:b9:90:82:ce:5d:13:ae:96:27:
                    14:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:5D:61:DA:6C:98:56:21:EF:41:9D:2D:FF:42:3C:27:03:52:78:23
            X509v3 Authority Key Identifier:
                keyid:98:90:78:06:DD:AC:B4:84:30:BD:D0:25:48:98:01:9E:41:3A:2B:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJB4Bt2stIQwvdAlSJgBnkE6K94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/Il1h2myYViHvQZ0t_0I8JwNSeCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3e3b17-84c9-4472-bd33-12674e661e13/1/mJB4Bt2stIQwvdAlSJgBnkE6K94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:dc:79:89:7e:2b:e0:e8:f3:8e:b2:1f:d4:d5:6b:3e:9e:2f:
         5a:12:dc:f7:47:f8:07:e8:3b:e4:4f:2b:97:87:c1:e8:61:33:
         a0:2b:28:d5:7d:c5:0d:e1:f1:ea:ec:0f:96:4d:d9:c5:54:23:
         7a:b1:97:04:ee:ec:02:ca:1b:d1:84:86:e6:75:07:0a:8b:10:
         c4:04:37:6f:c5:11:91:d6:64:5f:6e:68:be:aa:e5:17:e7:0f:
         74:a9:be:f6:5d:d1:42:4a:89:06:95:9b:22:b8:ee:d9:04:05:
         07:89:b9:82:c8:15:84:6c:8c:c7:bf:c0:88:dd:aa:e5:46:f0:
         cd:dd:9b:7d:12:d6:e9:c8:2c:57:f3:63:5a:57:dc:97:5b:45:
         9a:ff:c8:76:8a:3d:6d:45:f0:69:73:72:95:6e:4f:c3:57:3e:
         29:4d:6f:70:96:7a:e1:bb:6c:b9:3f:09:2e:9c:64:83:64:58:
         0e:48:b5:a2:7e:e8:0f:91:72:4b:cd:09:be:2a:20:60:b3:75:
         4b:38:ec:88:56:12:20:f4:57:a3:56:a6:b7:de:12:2e:9e:eb:
         e4:af:ea:17:a9:38:41:2d:3b:c1:ba:0f:94:39:7b:7e:bd:22:
         f8:8b:68:91:6a:65:f0:ee:79:cc:25:dd:d6:32:16:4a:53:bf:
         0d:5e:e0:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSU+x6WPZ+Z9f206FJcHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTA3ODA2ZGRhY2I0ODQzMGJkZDAyNTQ4OTgwMTllNDEz
YTJiZGUwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjVkNjFkYTZjOTg1NjIxZWY0MTlkMmRmZjQyM2MyNzAzNTI3ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+n23rYtfE/kn2be5KoX00KPgC0a
6yhF8+pJyJMKe3JfILH4g86bIsqmAYxsbtLj9VNz6zwxj9t4FOJ0EZIp9Cpwr9PF
cLSQoXOzqMSl9TYb9UyBjEwRdTcrWGddYfIhShZ+yY0rELLCA1z4ytn+Ng/nRa01
UApLjWA0/S1Nisid9fy38haFwIbL60VxRRB4cYq/Cgp9t2qR3+1m4By9CuLkk5l3
s3vLrJ1zEkyjrtMpTccOI10ZBEAO390oppK3ZHbRlq7xA39e8mj9a1bgZqN21WoZ
IEP+GYLCvHEIEeQL5RgSAgjmDk9hgXAKQ/7xJstRAu65kILOXROulicUGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJdYdpsmFYh70GdLf9CPCcDUngjMB8GA1UdIwQY
MBaAFJiQeAbdrLSEML3QJUiYAZ5BOiveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpCNEJ0MnN0SVF3dmRBbFNKZ0Jua0U2Szk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zZTNiMTctODRjOS00NDcyLWJkMzMt
MTI2NzRlNjYxZTEzLzEvSWwxaDJteVlWaUh2UVowdF8wSThKd05TZUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zZTNiMTctODRjOS00NDcyLWJkMzMtMTI2NzRlNjYxZTEz
LzEvbUpCNEJ0MnN0SVF3dmRBbFNKZ0Jua0U2Szk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe/IMA0G
CSqGSIb3DQEBCwUAA4IBAQBU3HmJfivg6POOsh/U1Ws+ni9aEtz3R/gH6DvkTyuX
h8HoYTOgKyjVfcUN4fHq7A+WTdnFVCN6sZcE7uwCyhvRhIbmdQcKixDEBDdvxRGR
1mRfbmi+quUX5w90qb72XdFCSokGlZsiuO7ZBAUHibmCyBWEbIzHv8CI3arlRvDN
3Zt9EtbpyCxX82NaV9yXW0Wa/8h2ij1tRfBpc3KVbk/DVz4pTW9wlnrhu2y5Pwku
nGSDZFgOSLWifugPkXJLzQm+KiBgs3VLOOyIVhIg9FejVqa33hIunuvkr+oXqThB
LTvBug+UOXt+vSL4i2iRamXw7nnMJd3WMhZKU78NXuCK
-----END CERTIFICATE-----