Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/SOYUPrd_MyZ0G56cn5j8gr9prWs.roa
File:                     SOYUPrd_MyZ0G56cn5j8gr9prWs.roa (raw, json)
Hash identifier:          9CJ9bZ/pmhxeME8BVw47FGsRIRm0kguXhUoioMfaD1s=
Subject key identifier:   48:E6:14:3E:B7:7F:33:26:74:1B:9E:9C:9F:98:FC:82:BF:69:AD:6B
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       018CC5DC8A1B918E160772E17DE9B77989B6
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/SOYUPrd_MyZ0G56cn5j8gr9prWs.roa
Signing time:             Mon 01 Jan 2024 16:30:13 +0000
ROA not before:           Mon 01 Jan 2024 16:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398779
IP address blocks:        147.189.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8a:1b:91:8e:16:07:72:e1:7d:e9:b7:79:89:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 16:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48e6143eb77f3326741b9e9c9f98fc82bf69ad6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:89:a8:1a:72:36:c8:08:97:c7:7c:bc:b8:7c:
                    75:b1:74:b8:62:a3:fe:f0:2f:30:32:89:55:e0:47:
                    dd:e1:72:bb:b5:3b:9c:38:03:70:03:fc:d5:ed:be:
                    f0:10:91:b3:4c:e6:79:be:d6:e4:bb:87:42:93:3f:
                    d6:cf:18:36:92:af:02:8b:f7:1f:f3:17:83:4a:28:
                    da:1c:eb:01:6b:fd:48:54:46:a4:86:ed:cf:b5:5b:
                    8e:85:91:c6:db:f8:f4:f8:f2:c9:e1:da:46:01:22:
                    4c:7a:b3:90:0c:fe:95:78:1b:d0:56:69:4e:60:21:
                    40:44:19:01:12:7a:da:e4:1c:2b:8c:fd:6f:d6:8a:
                    a1:35:9c:50:0e:8a:39:5a:a4:6b:2c:f5:1c:74:cd:
                    62:f8:dc:21:f1:9c:b0:b8:7e:f4:7f:f7:e6:9f:95:
                    33:d8:59:bb:3e:3e:02:e0:8a:d0:80:0f:96:4d:7c:
                    05:e0:0c:00:07:1d:fa:7b:76:57:88:d4:38:ea:55:
                    86:59:a0:a3:f5:d9:cb:c5:32:54:43:7a:85:23:03:
                    8e:83:72:d2:97:3c:cd:9b:c5:e7:a2:f5:41:c4:5b:
                    f6:fe:e8:2a:31:a5:ef:94:5a:52:17:b0:64:ea:1f:
                    91:81:b5:68:74:62:22:63:00:79:02:c1:47:d8:88:
                    d4:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:E6:14:3E:B7:7F:33:26:74:1B:9E:9C:9F:98:FC:82:BF:69:AD:6B
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/SOYUPrd_MyZ0G56cn5j8gr9prWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:84:67:2f:ec:0e:2c:f0:0f:a4:71:84:9c:66:4a:26:20:c3:
         fe:59:8d:cd:f2:81:f8:d3:df:2f:63:b2:01:7a:02:f5:4c:e1:
         05:bd:34:2c:33:aa:5e:c5:ab:03:a0:71:45:51:c9:67:b0:4e:
         7b:fd:d5:23:16:97:d4:af:8b:b2:d7:0b:6c:c2:2f:8d:3a:b3:
         92:27:37:ed:b3:b9:72:4d:b7:15:3e:96:31:a0:69:ca:ad:54:
         af:d5:96:43:01:4f:77:0a:8c:3b:24:7c:36:ea:4b:ac:b0:12:
         5f:ed:0d:e9:41:95:48:2b:ca:6e:06:08:ee:a5:da:43:cd:c8:
         98:0c:6a:b8:ac:05:1d:ce:a1:74:aa:08:85:1a:16:f2:91:90:
         97:67:4e:67:19:ad:5f:00:57:6c:d7:32:34:1c:6e:a1:ce:ed:
         de:a6:60:9e:f6:d9:5b:53:66:6c:f0:5c:3d:1c:6b:bd:66:f4:
         a7:d5:c3:27:0a:94:ad:6a:ee:69:08:e4:7c:75:5a:3c:4f:72:
         5e:a3:1d:ec:92:a4:ca:d4:7a:55:16:02:57:84:07:a9:67:21:
         b6:01:c0:16:2a:fe:1c:1a:cc:e3:17:05:42:5e:d0:ef:71:c7:
         7d:48:9b:5d:0b:b2:a2:ee:08:07:c5:7a:a5:8c:00:5a:54:31:
         56:d1:f3:c7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3IobkY4WB3Lhfem3eYm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5M2FjNmNkMjI0MDI0OWJiYTYwMTcxZjA4NmU5MTAxY2M4
N2NhMjQwHhcNMjQwMTAxMTYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGU2MTQzZWI3N2YzMzI2NzQxYjllOWM5Zjk4ZmM4MmJmNjlhZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoomoGnI2yAiXx3y8uHx1sXS4YqP+
8C8wMolV4Efd4XK7tTucOANwA/zV7b7wEJGzTOZ5vtbku4dCkz/Wzxg2kq8Ci/cf
8xeDSijaHOsBa/1IVEakhu3PtVuOhZHG2/j0+PLJ4dpGASJMerOQDP6VeBvQVmlO
YCFARBkBEnra5BwrjP1v1oqhNZxQDoo5WqRrLPUcdM1i+Nwh8ZywuH70f/fmn5Uz
2Fm7Pj4C4IrQgA+WTXwF4AwABx36e3ZXiNQ46lWGWaCj9dnLxTJUQ3qFIwOOg3LS
lzzNm8XnovVBxFv2/ugqMaXvlFpSF7Bk6h+RgbVodGIiYwB5AsFH2IjUcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEjmFD63fzMmdBuenJ+Y/IK/aa1rMB8GA1UdIwQY
MBaAFPk6xs0iQCSbumAXHwhukQHMh8okMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Uckd6U0pBSkp1NllCY2ZDRzZSQWN5SHlpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNl
LWY3NTJkODE2MDVmYi8xL1NPWVVQcmRfTXlaMEc1NmNuNWo4Z3I5cHJXcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNlLWY3NTJkODE2MDVm
Yi8xLzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTvYsw
DQYJKoZIhvcNAQELBQADggEBAHmEZy/sDizwD6RxhJxmSiYgw/5Zjc3ygfjT3y9j
sgF6AvVM4QW9NCwzql7FqwOgcUVRyWewTnv91SMWl9Svi7LXC2zCL406s5InN+2z
uXJNtxU+ljGgacqtVK/VlkMBT3cKjDskfDbqS6ywEl/tDelBlUgrym4GCO6l2kPN
yJgMarisBR3OoXSqCIUaFvKRkJdnTmcZrV8AV2zXMjQcbqHO7d6mYJ722VtTZmzw
XD0ca71m9KfVwycKlK1q7mkI5Hx1WjxPcl6jHeySpMrUelUWAleEB6lnIbYBwBYq
/hwazOMXBUJe0O9xx31Im10LsqLuCAfFeqWMAFpUMVbR88c=
-----END CERTIFICATE-----